a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe
Size

184KB
MD5

475432fdea33a85ba51c4f6ba601cd4a
SHA1

f72acde42e7fd4edef26cbacef3e8e9d167d990b
SHA256

a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18
SHA512

2988d1b908203a004e91afb30aafde02460a935d28a996c8a31f04ebfa210b54839167c5de361819f91dfbe4ebcfacc85a5b79d74c20911275001bd4c0aab52a
SSDEEP

3072:yZN7M6oy2JvFdWt3eGZLRXsytlnViFKr5:yZ3ovjWtvL9sytlnViFKr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-12072.exeUnicorn-54.exeUnicorn-40136.exeUnicorn-524.exeUnicorn-46196.exeUnicorn-22252.exeUnicorn-42118.exeUnicorn-13270.exeUnicorn-48465.exeUnicorn-26461.exeUnicorn-59594.exeUnicorn-1068.exeUnicorn-7653.exeUnicorn-27519.exeUnicorn-23093.exeUnicorn-1089.exeUnicorn-51743.exeUnicorn-7031.exeUnicorn-6839.exeUnicorn-19646.exeUnicorn-34798.exeUnicorn-30199.exeUnicorn-61248.exeUnicorn-2317.exeUnicorn-15472.exeUnicorn-45685.exeUnicorn-28663.exeUnicorn-33262.exeUnicorn-48529.exeUnicorn-53340.exeUnicorn-16453.exeUnicorn-3838.exeUnicorn-21820.exeUnicorn-21628.exeUnicorn-1762.exeUnicorn-38274.exeUnicorn-14476.exeUnicorn-25468.exeUnicorn-58908.exeUnicorn-39042.exeUnicorn-38850.exeUnicorn-47533.exeUnicorn-27667.exeUnicorn-32085.exeUnicorn-63065.exeUnicorn-17202.exeUnicorn-36501.exeUnicorn-15073.exeUnicorn-1944.exeUnicorn-2650.exeUnicorn-46018.exeUnicorn-51192.exeUnicorn-46594.exeUnicorn-20274.exeUnicorn-34171.exeUnicorn-42456.exeUnicorn-58491.exeUnicorn-38433.exeUnicorn-31657.exeUnicorn-11791.exeUnicorn-10743.exeUnicorn-26011.exeUnicorn-64713.exeUnicorn-44848.exe

pid	process
2420	Unicorn-12072.exe
2216	Unicorn-54.exe
2480	Unicorn-40136.exe
2708	Unicorn-524.exe
2756	Unicorn-46196.exe
2580	Unicorn-22252.exe
2992	Unicorn-42118.exe
2016	Unicorn-13270.exe
548	Unicorn-48465.exe
292	Unicorn-26461.exe
2816	Unicorn-59594.exe
2268	Unicorn-1068.exe
2116	Unicorn-7653.exe
1084	Unicorn-27519.exe
1484	Unicorn-23093.exe
1808	Unicorn-1089.exe
904	Unicorn-51743.exe
2472	Unicorn-7031.exe
820	Unicorn-6839.exe
1684	Unicorn-19646.exe
1628	Unicorn-34798.exe
1348	Unicorn-30199.exe
2144	Unicorn-61248.exe
2164	Unicorn-2317.exe
1704	Unicorn-15472.exe
2040	Unicorn-45685.exe
1728	Unicorn-28663.exe
1960	Unicorn-33262.exe
2068	Unicorn-48529.exe
2360	Unicorn-53340.exe
3060	Unicorn-16453.exe
3048	Unicorn-3838.exe
2648	Unicorn-21820.exe
2680	Unicorn-21628.exe
2980	Unicorn-1762.exe
2592	Unicorn-38274.exe
2960	Unicorn-14476.exe
2408	Unicorn-25468.exe
1060	Unicorn-58908.exe
1980	Unicorn-39042.exe
1768	Unicorn-38850.exe
1712	Unicorn-47533.exe
1440	Unicorn-27667.exe
356	Unicorn-32085.exe
2812	Unicorn-63065.exe
1080	Unicorn-17202.exe
1912	Unicorn-36501.exe
1540	Unicorn-15073.exe
892	Unicorn-1944.exe
2368	Unicorn-2650.exe
1500	Unicorn-46018.exe
2468	Unicorn-51192.exe
1056	Unicorn-46594.exe
1580	Unicorn-20274.exe
1584	Unicorn-34171.exe
1764	Unicorn-42456.exe
2796	Unicorn-58491.exe
2748	Unicorn-38433.exe
2552	Unicorn-31657.exe
2868	Unicorn-11791.exe
2544	Unicorn-10743.exe
2528	Unicorn-26011.exe
1984	Unicorn-64713.exe
2172	Unicorn-44848.exe

Loads dropped DLL 64 IoCs

Processes:

a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exeUnicorn-12072.exeUnicorn-40136.exeWerFault.exeWerFault.exeUnicorn-46196.exeWerFault.exeWerFault.exeUnicorn-22252.exeUnicorn-42118.exeWerFault.exeUnicorn-13270.exeUnicorn-26461.exeUnicorn-48465.exeWerFault.exeWerFault.exeUnicorn-59594.exe

pid	process
2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe
2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe
2420	Unicorn-12072.exe
2420	Unicorn-12072.exe
2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe
2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe
2420	Unicorn-12072.exe
2480	Unicorn-40136.exe
2480	Unicorn-40136.exe
2420	Unicorn-12072.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
2480	Unicorn-40136.exe
2480	Unicorn-40136.exe
2756	Unicorn-46196.exe
2756	Unicorn-46196.exe
1736	WerFault.exe
2432	WerFault.exe
2432	WerFault.exe
2432	WerFault.exe
2432	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2804	WerFault.exe
2432	WerFault.exe
2804	WerFault.exe
2580	Unicorn-22252.exe
2580	Unicorn-22252.exe
2992	Unicorn-42118.exe
2992	Unicorn-42118.exe
2756	Unicorn-46196.exe
2756	Unicorn-46196.exe
1572	WerFault.exe
1572	WerFault.exe
1572	WerFault.exe
1572	WerFault.exe
1572	WerFault.exe
2016	Unicorn-13270.exe
2016	Unicorn-13270.exe
292	Unicorn-26461.exe
292	Unicorn-26461.exe
2992	Unicorn-42118.exe
548	Unicorn-48465.exe
2992	Unicorn-42118.exe
548	Unicorn-48465.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
1076	WerFault.exe
1076	WerFault.exe
1076	WerFault.exe
1076	WerFault.exe
1076	WerFault.exe
2816	Unicorn-59594.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1300	2428	WerFault.exe	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe
2616	2420	WerFault.exe	Unicorn-12072.exe
1736	2708	WerFault.exe	Unicorn-524.exe
2432	2216	WerFault.exe	Unicorn-54.exe
2804	2480	WerFault.exe	Unicorn-40136.exe
1572	2756	WerFault.exe	Unicorn-46196.exe
956	2580	WerFault.exe	Unicorn-22252.exe
1076	2992	WerFault.exe	Unicorn-42118.exe
1600	2016	WerFault.exe	Unicorn-13270.exe
1848	292	WerFault.exe	Unicorn-26461.exe
1864	548	WerFault.exe	Unicorn-48465.exe
1732	2816	WerFault.exe	Unicorn-59594.exe
2436	2116	WerFault.exe	Unicorn-7653.exe
3028	1084	WerFault.exe	Unicorn-27519.exe
2836	1484	WerFault.exe	Unicorn-23093.exe
1192	1808	WerFault.exe	Unicorn-1089.exe
2556	904	WerFault.exe	Unicorn-51743.exe
2112	2472	WerFault.exe	Unicorn-7031.exe
536	820	WerFault.exe	Unicorn-6839.exe
484	1684	WerFault.exe	Unicorn-19646.exe
1532	1628	WerFault.exe	Unicorn-34798.exe
2752	1348	WerFault.exe	Unicorn-30199.exe
2376	2144	WerFault.exe	Unicorn-61248.exe
592	2164	WerFault.exe	Unicorn-2317.exe
1156	1728	WerFault.exe	Unicorn-28663.exe
1380	1960	WerFault.exe	Unicorn-33262.exe
1608	1704	WerFault.exe	Unicorn-15472.exe
3036	2068	WerFault.exe	Unicorn-48529.exe
936	2040	WerFault.exe	Unicorn-45685.exe
2672	2360	WerFault.exe	Unicorn-53340.exe
2764	3060	WerFault.exe	Unicorn-16453.exe
2228	3048	WerFault.exe	Unicorn-3838.exe
800	2680	WerFault.exe	Unicorn-21628.exe
2392	2648	WerFault.exe	Unicorn-21820.exe
2248	2592	WerFault.exe	Unicorn-38274.exe
1288	2980	WerFault.exe	Unicorn-1762.exe
1812	2960	WerFault.exe	Unicorn-14476.exe
1568	1060	WerFault.exe	Unicorn-58908.exe
1524	1440	WerFault.exe	Unicorn-27667.exe
1528	1980	WerFault.exe	Unicorn-39042.exe
1744	1712	WerFault.exe	Unicorn-47533.exe
1972	1768	WerFault.exe	Unicorn-38850.exe
1952	2408	WerFault.exe	Unicorn-25468.exe
3556	356	WerFault.exe	Unicorn-32085.exe
3560	2812	WerFault.exe	Unicorn-63065.exe
3540	1080	WerFault.exe	Unicorn-17202.exe
3628	1540	WerFault.exe	Unicorn-15073.exe
3704	1912	WerFault.exe	Unicorn-36501.exe
3752	892	WerFault.exe	Unicorn-1944.exe
3952	1500	WerFault.exe	Unicorn-46018.exe
3280	1764	WerFault.exe	Unicorn-42456.exe
3304	344	WerFault.exe	Unicorn-43800.exe
3448	2544	WerFault.exe	Unicorn-10743.exe
3496	2796	WerFault.exe	Unicorn-58491.exe
3672	2368	WerFault.exe	Unicorn-2650.exe
3116	2748	WerFault.exe	Unicorn-38433.exe
4056	692	WerFault.exe	Unicorn-9311.exe
3520	2172	WerFault.exe	Unicorn-44848.exe
4172	2504	WerFault.exe	Unicorn-23934.exe
4184	568	WerFault.exe	Unicorn-2269.exe
4196	1832	WerFault.exe	Unicorn-60261.exe
4240	1584	WerFault.exe	Unicorn-34171.exe
4248	2500	WerFault.exe	Unicorn-60069.exe
4276	1984	WerFault.exe	Unicorn-64713.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exeUnicorn-12072.exeUnicorn-54.exeUnicorn-40136.exeUnicorn-524.exeUnicorn-46196.exeUnicorn-22252.exeUnicorn-42118.exeUnicorn-13270.exeUnicorn-26461.exeUnicorn-48465.exeUnicorn-59594.exeUnicorn-7653.exeUnicorn-27519.exeUnicorn-23093.exeUnicorn-1089.exeUnicorn-51743.exeUnicorn-7031.exeUnicorn-6839.exeUnicorn-19646.exeUnicorn-34798.exeUnicorn-30199.exeUnicorn-61248.exeUnicorn-2317.exeUnicorn-15472.exeUnicorn-45685.exeUnicorn-33262.exeUnicorn-28663.exeUnicorn-48529.exeUnicorn-53340.exeUnicorn-16453.exeUnicorn-3838.exeUnicorn-21820.exeUnicorn-21628.exeUnicorn-38274.exeUnicorn-1762.exeUnicorn-14476.exeUnicorn-58908.exeUnicorn-25468.exeUnicorn-47533.exeUnicorn-39042.exeUnicorn-38850.exeUnicorn-27667.exeUnicorn-63065.exeUnicorn-32085.exeUnicorn-17202.exeUnicorn-36501.exeUnicorn-15073.exeUnicorn-1944.exeUnicorn-2650.exeUnicorn-46018.exeUnicorn-51192.exeUnicorn-46594.exeUnicorn-20274.exeUnicorn-34171.exeUnicorn-42456.exeUnicorn-58491.exeUnicorn-31657.exeUnicorn-38433.exeUnicorn-11791.exeUnicorn-10743.exeUnicorn-26011.exeUnicorn-64713.exeUnicorn-23934.exe

pid	process
2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe
2420	Unicorn-12072.exe
2216	Unicorn-54.exe
2480	Unicorn-40136.exe
2708	Unicorn-524.exe
2756	Unicorn-46196.exe
2580	Unicorn-22252.exe
2992	Unicorn-42118.exe
2016	Unicorn-13270.exe
292	Unicorn-26461.exe
548	Unicorn-48465.exe
2816	Unicorn-59594.exe
2116	Unicorn-7653.exe
1084	Unicorn-27519.exe
1484	Unicorn-23093.exe
1808	Unicorn-1089.exe
904	Unicorn-51743.exe
2472	Unicorn-7031.exe
820	Unicorn-6839.exe
1684	Unicorn-19646.exe
1628	Unicorn-34798.exe
1348	Unicorn-30199.exe
2144	Unicorn-61248.exe
2164	Unicorn-2317.exe
1704	Unicorn-15472.exe
2040	Unicorn-45685.exe
1960	Unicorn-33262.exe
1728	Unicorn-28663.exe
2068	Unicorn-48529.exe
2360	Unicorn-53340.exe
3060	Unicorn-16453.exe
3048	Unicorn-3838.exe
2648	Unicorn-21820.exe
2680	Unicorn-21628.exe
2592	Unicorn-38274.exe
2980	Unicorn-1762.exe
2960	Unicorn-14476.exe
1060	Unicorn-58908.exe
2408	Unicorn-25468.exe
1712	Unicorn-47533.exe
1980	Unicorn-39042.exe
1768	Unicorn-38850.exe
1440	Unicorn-27667.exe
2812	Unicorn-63065.exe
356	Unicorn-32085.exe
1080	Unicorn-17202.exe
1912	Unicorn-36501.exe
1540	Unicorn-15073.exe
892	Unicorn-1944.exe
2368	Unicorn-2650.exe
1500	Unicorn-46018.exe
2468	Unicorn-51192.exe
1056	Unicorn-46594.exe
1580	Unicorn-20274.exe
1584	Unicorn-34171.exe
1764	Unicorn-42456.exe
2796	Unicorn-58491.exe
2552	Unicorn-31657.exe
2748	Unicorn-38433.exe
2868	Unicorn-11791.exe
2544	Unicorn-10743.exe
2528	Unicorn-26011.exe
1984	Unicorn-64713.exe
2504	Unicorn-23934.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exeUnicorn-12072.exeUnicorn-40136.exeUnicorn-524.exeUnicorn-46196.exeUnicorn-54.exeUnicorn-22252.exeUnicorn-42118.exe

description	pid	process	target process
PID 2428 wrote to memory of 2420	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	Unicorn-12072.exe
PID 2428 wrote to memory of 2420	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	Unicorn-12072.exe
PID 2428 wrote to memory of 2420	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	Unicorn-12072.exe
PID 2428 wrote to memory of 2420	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	Unicorn-12072.exe
PID 2420 wrote to memory of 2216	2420	Unicorn-12072.exe	Unicorn-54.exe
PID 2420 wrote to memory of 2216	2420	Unicorn-12072.exe	Unicorn-54.exe
PID 2420 wrote to memory of 2216	2420	Unicorn-12072.exe	Unicorn-54.exe
PID 2420 wrote to memory of 2216	2420	Unicorn-12072.exe	Unicorn-54.exe
PID 2428 wrote to memory of 2480	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	Unicorn-40136.exe
PID 2428 wrote to memory of 2480	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	Unicorn-40136.exe
PID 2428 wrote to memory of 2480	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	Unicorn-40136.exe
PID 2428 wrote to memory of 2480	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	Unicorn-40136.exe
PID 2428 wrote to memory of 1300	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	WerFault.exe
PID 2428 wrote to memory of 1300	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	WerFault.exe
PID 2428 wrote to memory of 1300	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	WerFault.exe
PID 2428 wrote to memory of 1300	2428	a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe	WerFault.exe
PID 2480 wrote to memory of 2708	2480	Unicorn-40136.exe	Unicorn-524.exe
PID 2480 wrote to memory of 2708	2480	Unicorn-40136.exe	Unicorn-524.exe
PID 2480 wrote to memory of 2708	2480	Unicorn-40136.exe	Unicorn-524.exe
PID 2480 wrote to memory of 2708	2480	Unicorn-40136.exe	Unicorn-524.exe
PID 2420 wrote to memory of 2756	2420	Unicorn-12072.exe	Unicorn-46196.exe
PID 2420 wrote to memory of 2756	2420	Unicorn-12072.exe	Unicorn-46196.exe
PID 2420 wrote to memory of 2756	2420	Unicorn-12072.exe	Unicorn-46196.exe
PID 2420 wrote to memory of 2756	2420	Unicorn-12072.exe	Unicorn-46196.exe
PID 2420 wrote to memory of 2616	2420	Unicorn-12072.exe	WerFault.exe
PID 2420 wrote to memory of 2616	2420	Unicorn-12072.exe	WerFault.exe
PID 2420 wrote to memory of 2616	2420	Unicorn-12072.exe	WerFault.exe
PID 2420 wrote to memory of 2616	2420	Unicorn-12072.exe	WerFault.exe
PID 2708 wrote to memory of 1736	2708	Unicorn-524.exe	WerFault.exe
PID 2708 wrote to memory of 1736	2708	Unicorn-524.exe	WerFault.exe
PID 2708 wrote to memory of 1736	2708	Unicorn-524.exe	WerFault.exe
PID 2708 wrote to memory of 1736	2708	Unicorn-524.exe	WerFault.exe
PID 2480 wrote to memory of 2580	2480	Unicorn-40136.exe	Unicorn-22252.exe
PID 2480 wrote to memory of 2580	2480	Unicorn-40136.exe	Unicorn-22252.exe
PID 2480 wrote to memory of 2580	2480	Unicorn-40136.exe	Unicorn-22252.exe
PID 2480 wrote to memory of 2580	2480	Unicorn-40136.exe	Unicorn-22252.exe
PID 2756 wrote to memory of 2992	2756	Unicorn-46196.exe	Unicorn-42118.exe
PID 2756 wrote to memory of 2992	2756	Unicorn-46196.exe	Unicorn-42118.exe
PID 2756 wrote to memory of 2992	2756	Unicorn-46196.exe	Unicorn-42118.exe
PID 2756 wrote to memory of 2992	2756	Unicorn-46196.exe	Unicorn-42118.exe
PID 2216 wrote to memory of 2432	2216	Unicorn-54.exe	WerFault.exe
PID 2216 wrote to memory of 2432	2216	Unicorn-54.exe	WerFault.exe
PID 2216 wrote to memory of 2432	2216	Unicorn-54.exe	WerFault.exe
PID 2216 wrote to memory of 2432	2216	Unicorn-54.exe	WerFault.exe
PID 2480 wrote to memory of 2804	2480	Unicorn-40136.exe	WerFault.exe
PID 2480 wrote to memory of 2804	2480	Unicorn-40136.exe	WerFault.exe
PID 2480 wrote to memory of 2804	2480	Unicorn-40136.exe	WerFault.exe
PID 2480 wrote to memory of 2804	2480	Unicorn-40136.exe	WerFault.exe
PID 2580 wrote to memory of 2016	2580	Unicorn-22252.exe	Unicorn-13270.exe
PID 2580 wrote to memory of 2016	2580	Unicorn-22252.exe	Unicorn-13270.exe
PID 2580 wrote to memory of 2016	2580	Unicorn-22252.exe	Unicorn-13270.exe
PID 2580 wrote to memory of 2016	2580	Unicorn-22252.exe	Unicorn-13270.exe
PID 2992 wrote to memory of 548	2992	Unicorn-42118.exe	Unicorn-48465.exe
PID 2992 wrote to memory of 548	2992	Unicorn-42118.exe	Unicorn-48465.exe
PID 2992 wrote to memory of 548	2992	Unicorn-42118.exe	Unicorn-48465.exe
PID 2992 wrote to memory of 548	2992	Unicorn-42118.exe	Unicorn-48465.exe
PID 2756 wrote to memory of 292	2756	Unicorn-46196.exe	Unicorn-26461.exe
PID 2756 wrote to memory of 292	2756	Unicorn-46196.exe	Unicorn-26461.exe
PID 2756 wrote to memory of 292	2756	Unicorn-46196.exe	Unicorn-26461.exe
PID 2756 wrote to memory of 292	2756	Unicorn-46196.exe	Unicorn-26461.exe
PID 2756 wrote to memory of 1572	2756	Unicorn-46196.exe	WerFault.exe
PID 2756 wrote to memory of 1572	2756	Unicorn-46196.exe	WerFault.exe
PID 2756 wrote to memory of 1572	2756	Unicorn-46196.exe	WerFault.exe
PID 2756 wrote to memory of 1572	2756	Unicorn-46196.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe
"C:\Users\Admin\AppData\Local\Temp\a2678810cf60ce4a1d8e1a7b3f43b39593ac8f169978118b520724fd4e08ed18.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 320
4⤵
- Loads dropped DLL
- Program crash
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
11⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
12⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 220
13⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
12⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
11⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
12⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
13⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
14⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
15⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 220
15⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 220
14⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
13⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
12⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
11⤵
- Program crash
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-2845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2845.exe
10⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
11⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
12⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
13⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
14⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\Unicorn-10838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10838.exe
15⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 216
15⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
14⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
13⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
12⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
11⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
10⤵
- Program crash
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
9⤵
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
10⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
11⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-35562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35562.exe
12⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
13⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
14⤵
PID:9500

C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
15⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 236
15⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
14⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
13⤵
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
12⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 236
11⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
10⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
11⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
12⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
13⤵
PID:9340

C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
14⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
14⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
13⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
12⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
11⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 220
10⤵
- Program crash
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
9⤵
- Program crash
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
10⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
11⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-7622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7622.exe
12⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
13⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
14⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
15⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
15⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
14⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
13⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
12⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
11⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
10⤵
- Program crash
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe
9⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
10⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
11⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-4734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4734.exe
12⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
13⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-11399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11399.exe
14⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 220
14⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
13⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
12⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
11⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
10⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
9⤵
- Program crash
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
8⤵
- Program crash
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-42456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42456.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
10⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
11⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
12⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
13⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
14⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
15⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
15⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
14⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
13⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
12⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 216
11⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
10⤵
- Program crash
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
9⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
10⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
11⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
12⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
13⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
14⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 236
14⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 220
13⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
12⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
11⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
10⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
9⤵
- Program crash
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
9⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-49089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49089.exe
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
11⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
12⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
13⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 220
14⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
13⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
12⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
11⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
10⤵
- Program crash
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
9⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-52331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52331.exe
10⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe
11⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
12⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
13⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
13⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 236
12⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
11⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
10⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
9⤵
- Program crash
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
8⤵
- Program crash
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
7⤵
- Program crash
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-48529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48529.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
10⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
11⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
12⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
13⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
14⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
15⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
15⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
14⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
13⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
12⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
11⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
10⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
11⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe
12⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
13⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
14⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 216
14⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
13⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 220
12⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
11⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
10⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
9⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
10⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
11⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
12⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
13⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe
14⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
14⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 220
13⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
12⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
11⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
10⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
9⤵
- Program crash
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
8⤵
- Executes dropped EXE
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-5331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5331.exe
9⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
10⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
11⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
12⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
13⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
14⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
14⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
13⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 236
12⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
11⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
10⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
11⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
12⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
13⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
13⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
12⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 236
11⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 220
9⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
8⤵
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
8⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
9⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
10⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 240
11⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
10⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 216
9⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
8⤵
- Program crash
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
7⤵
- Program crash
PID:484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
6⤵
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
10⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
11⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
12⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
13⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
14⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-37703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37703.exe
15⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 236
15⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
14⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
13⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
12⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
11⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
10⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
9⤵
- Program crash
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-60069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60069.exe
9⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
10⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
11⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
12⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
13⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
14⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
14⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
13⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
12⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
11⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
10⤵
- Program crash
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
10⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
11⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
12⤵
PID:9552

C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
13⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 236
13⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 236
12⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 236
11⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
10⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
9⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
8⤵
- Program crash
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-31657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31657.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
9⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
10⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
11⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
12⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
13⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
14⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
14⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 236
12⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
11⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
11⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
12⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
13⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 204
13⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
12⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
11⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
9⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
8⤵
- Program crash
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
7⤵
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-13805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13805.exe
8⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-33929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33929.exe
10⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-5308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5308.exe
11⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
12⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-10930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10930.exe
13⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
14⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 236
14⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
13⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
12⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
11⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
10⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-53850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53850.exe
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
11⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-61252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61252.exe
12⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
13⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
13⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 236
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
11⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
9⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-34505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34505.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
10⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
11⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
12⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\Unicorn-1834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1834.exe
13⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 216
13⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
12⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
9⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
8⤵
- Program crash
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
7⤵
- Program crash
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
6⤵
- Program crash
PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
5⤵
- Executes dropped EXE
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
9⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
10⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
11⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-23816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23816.exe
12⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
13⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
14⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-25179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25179.exe
15⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
15⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
14⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
13⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
12⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
11⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-17493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17493.exe
10⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
11⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
12⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
13⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
14⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 220
14⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
13⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
12⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
11⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 220
10⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
10⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
11⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
12⤵
PID:9264

C:\Users\Admin\AppData\Local\Temp\Unicorn-18049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18049.exe
13⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 216
13⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
12⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 236
11⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
9⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-42455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42455.exe
8⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
10⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
11⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
12⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
13⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-13570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13570.exe
14⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
14⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
13⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
12⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
11⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
10⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
9⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 224
10⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
9⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
8⤵
- Program crash
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
8⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
9⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
10⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
11⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
12⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
13⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
14⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
14⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
12⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
11⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
10⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
11⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
12⤵
PID:10576

C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
13⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 236
13⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
12⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
11⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
11⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
12⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
13⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 216
13⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
12⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
11⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
10⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
9⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
8⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
7⤵
- Program crash
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
8⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-40746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40746.exe
10⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
11⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
12⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe
13⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
13⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
12⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
9⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-4734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4734.exe
10⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
11⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
12⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
12⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
11⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
10⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
8⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
7⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
10⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
11⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 216
12⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
11⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
10⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
8⤵
- Program crash
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
7⤵
- Program crash
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
6⤵
- Program crash
PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
5⤵
- Program crash
PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
10⤵
PID:468

C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
11⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
12⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
13⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
14⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
15⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
16⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
16⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
15⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 236
14⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
13⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
12⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
11⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
12⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
13⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
14⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
15⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
15⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
14⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
13⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
12⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 240
11⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
10⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
11⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
12⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
13⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
14⤵
PID:9624

C:\Users\Admin\AppData\Local\Temp\Unicorn-50048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50048.exe
15⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 236
15⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
14⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
13⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
12⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
11⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 220
10⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
9⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
10⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
11⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
12⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
13⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
14⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
15⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 216
15⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
14⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
13⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
12⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
11⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
10⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
11⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
12⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
13⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
14⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 216
14⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
13⤵
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
12⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
11⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 220
10⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
9⤵
- Program crash
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
9⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
10⤵
PID:660

C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
11⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
12⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
13⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
14⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
15⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
15⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
14⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
13⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
12⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 236
11⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
10⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
11⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
12⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
13⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
14⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 216
14⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 236
13⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 236
12⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
11⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
10⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
9⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
10⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
11⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
12⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
13⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
14⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
14⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
13⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
12⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
11⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
10⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
9⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
8⤵
- Program crash
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
9⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
10⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
11⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
12⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-17838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17838.exe
13⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
14⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
15⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
15⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 220
14⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
13⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
12⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
11⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
10⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
11⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-15893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15893.exe
12⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
13⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
14⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 216
14⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
13⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
12⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
11⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
10⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
11⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
12⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
13⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
13⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
14⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 240
13⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 236
12⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
11⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
10⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
9⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
8⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
10⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
11⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
12⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
13⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
13⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
12⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
11⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
10⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
11⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-18049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18049.exe
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 236
12⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
11⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
9⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
8⤵
- Program crash
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
7⤵
- Program crash
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-36501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36501.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
9⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
10⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
11⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
12⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
13⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
14⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
15⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 216
15⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
14⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
13⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
11⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
10⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
11⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
12⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
13⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-61562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61562.exe
14⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 216
14⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 236
13⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
12⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
11⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 220
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
9⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
9⤵
- Program crash
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
8⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
12⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
13⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
13⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
11⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
10⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
9⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
8⤵
- Program crash
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
8⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
10⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
11⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
12⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
13⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
14⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 216
14⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 236
13⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
12⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
11⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
10⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 220
11⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
9⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
9⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-26476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26476.exe
10⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
11⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-29339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29339.exe
12⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
13⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
12⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
10⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
9⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
8⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
7⤵
- Program crash
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
6⤵
- Program crash
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-21820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21820.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
9⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
10⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
11⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
12⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
13⤵
PID:9988

C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
14⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 220
14⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
13⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
12⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
11⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
10⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
11⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
12⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
13⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 236
13⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 236
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
11⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
10⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-35325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35325.exe
8⤵
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
- Program crash
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe
8⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
9⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
11⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
12⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
13⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 220
13⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 220
12⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
11⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
10⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
10⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
11⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
12⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
12⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
11⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
9⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
8⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
7⤵
- Program crash
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-34171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34171.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
8⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
10⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-32197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32197.exe
11⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
12⤵
PID:9940

C:\Users\Admin\AppData\Local\Temp\Unicorn-63205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63205.exe
13⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 216
13⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
12⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
11⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
10⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
10⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
11⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
12⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
11⤵
PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
10⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
9⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 220
8⤵
- Program crash
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
7⤵
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
7⤵
- Program crash
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
6⤵
- Program crash
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
5⤵
- Program crash
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
2⤵
- Program crash
PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe

Filesize
184KB

MD5
2ce916528bb2bae665ccdc9e578d85a8

SHA1
7aef3d28eef99ae2a55a2300aebf8c9eb149df76

SHA256
8c0e4d87dc45ac779a4404ce5774a62b0652ef62270c6fb41e0fe32f0a9574d6

SHA512
94496552e09db025b12dca0703e966769157bc2ef070ee6303f94b6671951b9eff444acc16faf4f84dba8bdd9cfc1b009ca5728e997035c61cd4586f40d63de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe

Filesize
184KB

MD5
66ba236b88e4d4701b35dc0d6055be6a

SHA1
50ca5a215a1e9594ea31276bf2edd204296317b1

SHA256
a3d8c1ae77a673c12dd2e32628664f88a2f3230b34fe9d527db98a157ed6ed40

SHA512
04bb37b9dd9f70d27567c58f78d78b8a12f923ecf2a8c33e7c9c80cb3033bff6a8dbdce7bc432cf6681be8b079f59e129c26be45e54e98078915e3efe789beb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe

Filesize
184KB

MD5
ff6b6a121278fb6205d954b6747713ac

SHA1
99615538a74a95f05052a7f8789f6508ac484b82

SHA256
9ccd06261345fb563b53314e39471268dece27cbe577f3fb9349d3a9a939ef7d

SHA512
9fd4f95d12ac6096692c878d81f340d09882a7dc1daf6016caa06849731fab3d2ede86241eb88373fce7f6f21d642fa48da8146881548c28403055f24d77f502

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe

Filesize
184KB

MD5
aeb286fa90329dc5318058660c4b0967

SHA1
b2769dbe8eaaec4481d7868cc5ca318413b35edb

SHA256
08dd84533457137d0ccb97484e8ef5eb4910e83ede0a0127e5f5d4ab53c6ff68

SHA512
0bfd5d625d661ee17c574c3c4f07e49c2dc4d7bd52ff45f213449331680522ae7297fa240872a835506d7744a12db935c10be149bab4d916ea18fab0069e8235

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe

Filesize
184KB

MD5
ca9c0d7a50b757d749ebb30efce62d98

SHA1
0c38114837e3d9fbae9d31bca45e7d5860842803

SHA256
0812a3dee6cdd3ed703c7f50ba25a095686af6f0f77ad99f5de9c68640e44159

SHA512
78fac4f5ed68ec2202ffb3b74fb7b5cbff5f147b24fbc7358a79b3be8a624dc0028febb98386c227ced5b89cce39743ba9eac11467662babfe3583215d7a3a12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe

Filesize
184KB

MD5
8038d21d006af0abc79c55a36d67a4a2

SHA1
004cf1d74af51a905d01de1880d02c9b853bf5e1

SHA256
c189f3cc67f88cab6df9279dde17156c478489aaeb4656092bbb90a4db6ee7ba

SHA512
56e608ae2a42d0c2ff62d905d52d21883d38073e2bdb7d429bbef6ae5bd6c83cb3277b719e7b620954bd76da28f57a585c301b2b585c301931f91788e4dca586

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe

Filesize
184KB

MD5
c314daa3f469a72ae3e4866cd028f60b

SHA1
c4b802da196572ee34cfcf0b63cd66431de4bec8

SHA256
4ba39cdf1904ebb47c96c6b2a212af7655e1e1f9bf637756593ba5a9950ec6f9

SHA512
899082b24ac8dc3d47609ead08c86eccc8dabbff5f97f2b5388197b9a07da8166172304ab4a8fbf988bd92b820aab90d8a0627320b6fb62d2288d13b8feb174b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe

Filesize
184KB

MD5
2e645c0c7d6e4acb3f91171b64b57155

SHA1
914b6a67c2e3364911dd40123068501c4f14dd29

SHA256
55472418a4cf826fa24d27f3f839c25203be8ce5a5b0edd13a44ff5b37cfa3ae

SHA512
b58c5b8e75a9dcea2026bfd4cb2c56c98648cca823e011cf15455dd205edaa0b01f461645c0354e03b930328ee3c4aa35f751365c555eef4004ae35cf8c2d02f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe

Filesize
184KB

MD5
2cf78c4979d1ead5f4bc1e6110fac7a9

SHA1
a974b15a9962e80d7ffc863ca050b3582736daa2

SHA256
7f8dd90877c5417a9c7c55524dae59d0d2b02bebc74873f87f6d2a8a114e1422

SHA512
d8d7ee874f470f8d005ff49336511b724022f0648efe8d4587466acce750c46bd107deea1c844a7c9b7d4e28c2aa49e15f99b49a3929a34fecca5f6b12d60303

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe

Filesize
184KB

MD5
b717093fc644e019ee706aba57587379

SHA1
d8b58ca32f1e42dc6b27b94069f1bef5be5d35c6

SHA256
acb639e8e3b6751e1b3941a14f34f41ac3bc8e143b92dfd989834a08c4f0deb7

SHA512
7218b186b4b2b4d50d656dd33544c8f8855b23a7a1809965c97ef2b99f695b11374beed1534b4111767167d96cd018ddc5d83b3227cc9fb92ea21040f1584ba8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe

Filesize
184KB

MD5
3930a13160989205cea0d2291f1624c9

SHA1
5737e62e6afe2df0809048be27bf86768e85ec64

SHA256
6c79409fe596ab7cb72eddefbf207afa919f7b332e0b3f84e31cabd6909bb375

SHA512
eacdbe420c85c8cf28984bf5d329687f03a6054e1e674bcc77b8c17bcdf9e1221306826d80767fd4306fc452485269c3e4c376f8ab6d7713eaa0e18b7571dd0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe

Filesize
184KB

MD5
34a18ba26a542195e1183f42e1c585a3

SHA1
e625f2adcfc1b4b064aa3ef0142f78050d5b70fe

SHA256
64757fe9cf8748cd3de67eebe9e4969b7cca36a5e13f200623341ff47b03bd3e

SHA512
dde94cf0e11034bfe22032be7336688ff1890ff92b504a149cc87eaee0242005f0795f66889b0e53050bd3bc750becaca6c16dcd4d606baeba1e8d36b96505c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe

Filesize
184KB

MD5
0cd867927e7713c82d1e386f4c1686e2

SHA1
7952d2a1af18af8659b0bac93006f80082e5830b

SHA256
b8fd23f3783991089a4547c5a45fe907db6e3bd40dcb521d8336b6dd6896c4bc

SHA512
dcfeb911765a57eb44b3ff173876b584054af75cfd8d73bfc03195a5a883ec7f54b0930f19abfb43cdef3076cfa1b5ad14abe9c359df4e75d3cc7aa2ff1c480a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe

Filesize
184KB

MD5
6576727e1d41190f13edb954b8692c03

SHA1
56a04467d029fbc5ecd682df63820ff5e33151d6

SHA256
4fc3e32d978ca725c4e2f505729e9d7c4be096131b795bf01b1804b1b7c8364f

SHA512
bde5337484a79feee48b7ee18b1cd185fb3383534245bf9bfc02491d4adba384aab993ea7227dcb8766f87d634df1be2f5b32b4e56520b16160a04cf9860c931

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-524.exe

Filesize
184KB

MD5
cb79cfea3e2f459b52f99ea600b2842a

SHA1
7b48df1be4b5b3e3bf4d0722c2dd11c88cd2ec63

SHA256
b82abb8acbd253147f486288352deb39c837e70270aa54a3a47f0647f5607616

SHA512
9dd9468532f2eab55edfa77b7d863811829b27d047e5c3995369b2da9ae629e5588270e082e9b68f74416e2efa66cd5e1b3a012366b0e64d0457fabf8d32a7f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54.exe

Filesize
184KB

MD5
533ecef5ea4e4c1da761e0da2aab7a29

SHA1
9f8eda1084f840a0bd1b5eab2cbebfeea333e375

SHA256
e40864d047cd530c07c78ce29630bdeeb288944908d5fa31b57bbc808430db8d

SHA512
0ceb4da005dbbacfda5ce8475169467c82a6275acb0dca9d9d2aa16fb8bb59393851fa3e7750af2a40c28929180464a81d1e18e6264bfd00b351f1e782d118ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe

Filesize
184KB

MD5
db9e423a5f7ff654c7e8dc4db9f19acf

SHA1
6128159fb5f0b3c23b7fe610b0e6ff847f73ae68

SHA256
2ac63d0c8e723ded28ee762d0055f7c87a52eda03f01eae6f6c40464471a22e4

SHA512
08b63e33179de5e3818f07ee3ee9a48b92309ddd8af6cfbc6cb54cf90dc48da99ca0dbeaf4e76cb50a10163b1571ffc4eff27cce6ee4ae1d11b51a3b5e363caa

Download Submit