8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe
Size

184KB
MD5

e2bd9ef04db116c52a956bad82815d09
SHA1

61f123dd5a2f889dcaefece1521e54d81c50e93e
SHA256

8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95
SHA512

9bd9a87cdf8dadd2b2530cb0d993cb6df572ca19ace617268af868783709721bc3fd80daab50fda5966a9b02c83200f9a722abff91f3ff2476ffa9dd993f092b
SSDEEP

1536:27SH6rZAG66xoex1t7OAlUwMCCIyvZclCmd8CsL82vzetuhl5hj5nizpvX:glF66xoa77OBdChWejsL8IsuhlnViFv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-27531.exeUnicorn-42941.exeUnicorn-61368.exeUnicorn-14321.exeUnicorn-48208.exeUnicorn-56833.exeUnicorn-46758.exeUnicorn-4511.exeUnicorn-1086.exeUnicorn-2586.exeUnicorn-48258.exeUnicorn-10160.exeUnicorn-35833.exeUnicorn-12729.exeUnicorn-420.exeUnicorn-46092.exeUnicorn-21159.exeUnicorn-3152.exeUnicorn-49644.exeUnicorn-45783.exeUnicorn-17490.exeUnicorn-35859.exeUnicorn-5822.exeUnicorn-35335.exeUnicorn-8801.exeTemp35356.exeUnicorn-31302.exeUnicorn-56264.exeUnicorn-60815.exeUnicorn-11282.exeUnicorn-46227.exeUnicorn-9309.exeUnicorn-51323.exeUnicorn-8757.exeUnicorn-13853.exeUnicorn-15944.exeUnicorn-18950.exeUnicorn-13329.exeUnicorn-64097.exeUnicorn-21405.exeUnicorn-14736.exeLocal37430.exeUnicorn-37430.exeTemp54788.exeUnicorn-55429.exeUnicorn-9757.exeUnicorn-27115.exeUnicorn-10255.exeUnicorn-30121.exeUnicorn-42103.exeUnicorn-61969.exeUnicorn-47681.exeUnicorn-33725.exeUnicorn-17051.exeUnicorn-9148.exeUnicorn-15838.exeUnicorn-15838.exeUnicorn-6164.exeUnicorn-62397.exeUnicorn-13741.exeUnicorn-40977.exeUnicorn-60843.exeUnicorn-29737.exeUnicorn-59795.exe

pid	process
2060	Unicorn-27531.exe
3028	Unicorn-42941.exe
2676	Unicorn-61368.exe
2700	Unicorn-14321.exe
2928	Unicorn-48208.exe
2440	Unicorn-56833.exe
1832	Unicorn-46758.exe
2104	Unicorn-4511.exe
2608	Unicorn-1086.exe
1592	Unicorn-2586.exe
1632	Unicorn-48258.exe
1508	Unicorn-10160.exe
2772	Unicorn-35833.exe
620	Unicorn-12729.exe
2184	Unicorn-420.exe
2208	Unicorn-46092.exe
2224	Unicorn-21159.exe
2204	Unicorn-3152.exe
2964	Unicorn-49644.exe
816	Unicorn-45783.exe
2132	Unicorn-17490.exe
1776	Unicorn-35859.exe
300	Unicorn-5822.exe
684	Unicorn-35335.exe
3036	Unicorn-8801.exe
2180	Temp35356.exe
2912	Unicorn-31302.exe
2976	Unicorn-56264.exe
1940	Unicorn-60815.exe
1952	Unicorn-11282.exe
2952	Unicorn-46227.exe
2560	Unicorn-9309.exe
2576	Unicorn-51323.exe
2424	Unicorn-8757.exe
2504	Unicorn-13853.exe
2328	Unicorn-15944.exe
1612	Unicorn-18950.exe
1472	Unicorn-13329.exe
2644	Unicorn-64097.exe
2684	Unicorn-21405.exe
1664	Unicorn-14736.exe
336	Local37430.exe
2092	Unicorn-37430.exe
752	Temp54788.exe
1196	Unicorn-55429.exe
1348	Unicorn-9757.exe
1128	Unicorn-27115.exe
2656	Unicorn-10255.exe
2760	Unicorn-30121.exe
2748	Unicorn-42103.exe
3068	Unicorn-61969.exe
2864	Unicorn-47681.exe
2856	Unicorn-33725.exe
884	Unicorn-17051.exe
2032	Unicorn-9148.exe
1520	Unicorn-15838.exe
3052	Unicorn-15838.exe
1944	Unicorn-6164.exe
2584	Unicorn-62397.exe
2456	Unicorn-13741.exe
2428	Unicorn-40977.exe
2968	Unicorn-60843.exe
1236	Unicorn-29737.exe
2652	Unicorn-59795.exe

Loads dropped DLL 64 IoCs

Processes:

8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exeUnicorn-27531.exeUnicorn-42941.exeUnicorn-61368.exeWerFault.exeUnicorn-14321.exeUnicorn-48208.exeUnicorn-56833.exeWerFault.exeWerFault.exeUnicorn-46758.exeUnicorn-48258.exeUnicorn-2586.exeUnicorn-4511.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe
2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe
2060	Unicorn-27531.exe
2060	Unicorn-27531.exe
2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe
2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe
3028	Unicorn-42941.exe
3028	Unicorn-42941.exe
2060	Unicorn-27531.exe
2060	Unicorn-27531.exe
2676	Unicorn-61368.exe
2676	Unicorn-61368.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2700	Unicorn-14321.exe
3028	Unicorn-42941.exe
2700	Unicorn-14321.exe
2928	Unicorn-48208.exe
3028	Unicorn-42941.exe
2928	Unicorn-48208.exe
2440	Unicorn-56833.exe
2676	Unicorn-61368.exe
2440	Unicorn-56833.exe
2676	Unicorn-61368.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
480	WerFault.exe
480	WerFault.exe
480	WerFault.exe
480	WerFault.exe
480	WerFault.exe
1832	Unicorn-46758.exe
1832	Unicorn-46758.exe
1632	Unicorn-48258.exe
1592	Unicorn-2586.exe
1632	Unicorn-48258.exe
1592	Unicorn-2586.exe
2104	Unicorn-4511.exe
2104	Unicorn-4511.exe
2440	Unicorn-56833.exe
2928	Unicorn-48208.exe
2440	Unicorn-56833.exe
2928	Unicorn-48208.exe
2700	Unicorn-14321.exe
2700	Unicorn-14321.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2632	2400	WerFault.exe	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe
2168	2060	WerFault.exe	Unicorn-27531.exe
1616	3028	WerFault.exe	Unicorn-42941.exe
480	2676	WerFault.exe	Unicorn-61368.exe
604	2700	WerFault.exe	Unicorn-14321.exe
2064	2928	WerFault.exe	Unicorn-48208.exe
2348	2440	WerFault.exe	Unicorn-56833.exe
2612	1832	WerFault.exe	Unicorn-46758.exe
2524	1632	WerFault.exe	Unicorn-48258.exe
1192	1592	WerFault.exe	Unicorn-2586.exe
2820	2608	WerFault.exe	Unicorn-1086.exe
2720	2104	WerFault.exe	Unicorn-4511.exe
2264	1508	WerFault.exe	Unicorn-10160.exe
2256	2772	WerFault.exe	Unicorn-35833.exe
1452	620	WerFault.exe	Unicorn-12729.exe
764	2184	WerFault.exe	Unicorn-420.exe
1900	2208	WerFault.exe	Unicorn-46092.exe
896	2204	WerFault.exe	Unicorn-3152.exe
2248	2224	WerFault.exe	Unicorn-21159.exe
1208	2964	WerFault.exe	Unicorn-49644.exe
292	816	WerFault.exe	Unicorn-45783.exe
2860	2132	WerFault.exe	Unicorn-17490.exe
1224	1776	WerFault.exe	Unicorn-35859.exe
2160	300	WerFault.exe	Unicorn-5822.exe
3056	684	WerFault.exe	Unicorn-35335.exe
2484	3036	WerFault.exe	Unicorn-8801.exe
1732	2912	WerFault.exe	Unicorn-31302.exe
340	1940	WerFault.exe	Unicorn-60815.exe
1568	2180	WerFault.exe	Temp35356.exe
1716	2976	WerFault.exe	Unicorn-56264.exe
1460	1952	WerFault.exe	Unicorn-11282.exe
2940	1476	WerFault.exe	Unicorn-6055.exe
3240	2952	WerFault.exe	Unicorn-46227.exe
3340	2560	WerFault.exe	Unicorn-9309.exe
3400	2576	WerFault.exe	Unicorn-51323.exe
3464	2504	WerFault.exe	Unicorn-13853.exe
3456	2328	WerFault.exe	Unicorn-15944.exe
3472	1612	WerFault.exe	Unicorn-18950.exe
3568	2684	WerFault.exe	Unicorn-21405.exe
3656	2760	WerFault.exe	Unicorn-30121.exe
3648	1664	WerFault.exe	Unicorn-14736.exe
3668	336	WerFault.exe	Local37430.exe
3676	1472	WerFault.exe	Unicorn-13329.exe
3684	1196	WerFault.exe	Unicorn-55429.exe
3800	1128	WerFault.exe	Unicorn-27115.exe
3144	2424	WerFault.exe	Unicorn-8757.exe
3704	2656	WerFault.exe	Unicorn-10255.exe
3972	752	WerFault.exe	Temp54788.exe
3284	2092	WerFault.exe	Unicorn-37430.exe
3944	1348	WerFault.exe	Unicorn-9757.exe
3132	3068	WerFault.exe	Unicorn-61969.exe
3212	1236	WerFault.exe	Unicorn-29737.exe
3228	1864	WerFault.exe	Unicorn-34767.exe
3248	2456	WerFault.exe	Unicorn-13741.exe
3324	2428	WerFault.exe	Unicorn-40977.exe
3620	2380	WerFault.exe	Unicorn-50055.exe
3640	2996	WerFault.exe	Unicorn-50055.exe
3904	2488	WerFault.exe	Unicorn-34767.exe
3180	2748	WerFault.exe	Unicorn-42103.exe
4136	1524	WerFault.exe	Unicorn-47361.exe
4164	1520	WerFault.exe	Unicorn-15838.exe
4264	2128	WerFault.exe	Unicorn-1689.exe
4284	2652	WerFault.exe	Unicorn-59795.exe
4412	884	WerFault.exe	Unicorn-17051.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exeUnicorn-27531.exeUnicorn-42941.exeUnicorn-61368.exeUnicorn-14321.exeUnicorn-48208.exeUnicorn-56833.exeUnicorn-46758.exeUnicorn-1086.exeUnicorn-2586.exeUnicorn-48258.exeUnicorn-4511.exeUnicorn-10160.exeUnicorn-35833.exeUnicorn-12729.exeUnicorn-420.exeUnicorn-46092.exeUnicorn-3152.exeUnicorn-21159.exeUnicorn-49644.exeUnicorn-45783.exeUnicorn-17490.exeUnicorn-35859.exeUnicorn-5822.exeUnicorn-35335.exeUnicorn-8801.exeTemp35356.exeUnicorn-31302.exeUnicorn-56264.exeUnicorn-60815.exeUnicorn-11282.exeUnicorn-46227.exeUnicorn-9309.exeUnicorn-51323.exeUnicorn-8757.exeUnicorn-13853.exeUnicorn-15944.exeUnicorn-18950.exeUnicorn-13329.exeUnicorn-64097.exeUnicorn-21405.exeLocal37430.exeUnicorn-14736.exeTemp54788.exeUnicorn-9757.exeUnicorn-37430.exeUnicorn-27115.exeUnicorn-55429.exeUnicorn-10255.exeUnicorn-30121.exeUnicorn-42103.exeUnicorn-61969.exeUnicorn-47681.exeUnicorn-33725.exeUnicorn-17051.exeUnicorn-9148.exeUnicorn-15838.exeUnicorn-15838.exeUnicorn-6164.exeUnicorn-62397.exeUnicorn-13741.exeUnicorn-40977.exeUnicorn-60843.exeUnicorn-29737.exe

pid	process
2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe
2060	Unicorn-27531.exe
3028	Unicorn-42941.exe
2676	Unicorn-61368.exe
2700	Unicorn-14321.exe
2928	Unicorn-48208.exe
2440	Unicorn-56833.exe
1832	Unicorn-46758.exe
2608	Unicorn-1086.exe
1592	Unicorn-2586.exe
1632	Unicorn-48258.exe
2104	Unicorn-4511.exe
1508	Unicorn-10160.exe
2772	Unicorn-35833.exe
620	Unicorn-12729.exe
2184	Unicorn-420.exe
2208	Unicorn-46092.exe
2204	Unicorn-3152.exe
2224	Unicorn-21159.exe
2964	Unicorn-49644.exe
816	Unicorn-45783.exe
2132	Unicorn-17490.exe
1776	Unicorn-35859.exe
300	Unicorn-5822.exe
684	Unicorn-35335.exe
3036	Unicorn-8801.exe
2180	Temp35356.exe
2912	Unicorn-31302.exe
2976	Unicorn-56264.exe
1940	Unicorn-60815.exe
1952	Unicorn-11282.exe
2952	Unicorn-46227.exe
2560	Unicorn-9309.exe
2576	Unicorn-51323.exe
2424	Unicorn-8757.exe
2504	Unicorn-13853.exe
2328	Unicorn-15944.exe
1612	Unicorn-18950.exe
1472	Unicorn-13329.exe
2644	Unicorn-64097.exe
2684	Unicorn-21405.exe
336	Local37430.exe
1664	Unicorn-14736.exe
752	Temp54788.exe
1348	Unicorn-9757.exe
2092	Unicorn-37430.exe
1128	Unicorn-27115.exe
1196	Unicorn-55429.exe
2656	Unicorn-10255.exe
2760	Unicorn-30121.exe
2748	Unicorn-42103.exe
3068	Unicorn-61969.exe
2864	Unicorn-47681.exe
2856	Unicorn-33725.exe
884	Unicorn-17051.exe
2032	Unicorn-9148.exe
1520	Unicorn-15838.exe
3052	Unicorn-15838.exe
1944	Unicorn-6164.exe
2584	Unicorn-62397.exe
2456	Unicorn-13741.exe
2428	Unicorn-40977.exe
2968	Unicorn-60843.exe
1236	Unicorn-29737.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exeUnicorn-27531.exeUnicorn-42941.exeUnicorn-61368.exeUnicorn-14321.exeUnicorn-48208.exeUnicorn-56833.exeUnicorn-46758.exe

description	pid	process	target process
PID 2400 wrote to memory of 2060	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	Unicorn-27531.exe
PID 2400 wrote to memory of 2060	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	Unicorn-27531.exe
PID 2400 wrote to memory of 2060	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	Unicorn-27531.exe
PID 2400 wrote to memory of 2060	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	Unicorn-27531.exe
PID 2060 wrote to memory of 3028	2060	Unicorn-27531.exe	Unicorn-42941.exe
PID 2060 wrote to memory of 3028	2060	Unicorn-27531.exe	Unicorn-42941.exe
PID 2060 wrote to memory of 3028	2060	Unicorn-27531.exe	Unicorn-42941.exe
PID 2060 wrote to memory of 3028	2060	Unicorn-27531.exe	Unicorn-42941.exe
PID 2400 wrote to memory of 2676	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	Unicorn-61368.exe
PID 2400 wrote to memory of 2676	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	Unicorn-61368.exe
PID 2400 wrote to memory of 2676	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	Unicorn-61368.exe
PID 2400 wrote to memory of 2676	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	Unicorn-61368.exe
PID 2400 wrote to memory of 2632	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	WerFault.exe
PID 2400 wrote to memory of 2632	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	WerFault.exe
PID 2400 wrote to memory of 2632	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	WerFault.exe
PID 2400 wrote to memory of 2632	2400	8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe	WerFault.exe
PID 3028 wrote to memory of 2700	3028	Unicorn-42941.exe	Unicorn-14321.exe
PID 3028 wrote to memory of 2700	3028	Unicorn-42941.exe	Unicorn-14321.exe
PID 3028 wrote to memory of 2700	3028	Unicorn-42941.exe	Unicorn-14321.exe
PID 3028 wrote to memory of 2700	3028	Unicorn-42941.exe	Unicorn-14321.exe
PID 2060 wrote to memory of 2928	2060	Unicorn-27531.exe	Unicorn-48208.exe
PID 2060 wrote to memory of 2928	2060	Unicorn-27531.exe	Unicorn-48208.exe
PID 2060 wrote to memory of 2928	2060	Unicorn-27531.exe	Unicorn-48208.exe
PID 2060 wrote to memory of 2928	2060	Unicorn-27531.exe	Unicorn-48208.exe
PID 2676 wrote to memory of 2440	2676	Unicorn-61368.exe	Unicorn-56833.exe
PID 2676 wrote to memory of 2440	2676	Unicorn-61368.exe	Unicorn-56833.exe
PID 2676 wrote to memory of 2440	2676	Unicorn-61368.exe	Unicorn-56833.exe
PID 2676 wrote to memory of 2440	2676	Unicorn-61368.exe	Unicorn-56833.exe
PID 2060 wrote to memory of 2168	2060	Unicorn-27531.exe	WerFault.exe
PID 2060 wrote to memory of 2168	2060	Unicorn-27531.exe	WerFault.exe
PID 2060 wrote to memory of 2168	2060	Unicorn-27531.exe	WerFault.exe
PID 2060 wrote to memory of 2168	2060	Unicorn-27531.exe	WerFault.exe
PID 2700 wrote to memory of 2104	2700	Unicorn-14321.exe	Unicorn-4511.exe
PID 2700 wrote to memory of 2104	2700	Unicorn-14321.exe	Unicorn-4511.exe
PID 2700 wrote to memory of 2104	2700	Unicorn-14321.exe	Unicorn-4511.exe
PID 2700 wrote to memory of 2104	2700	Unicorn-14321.exe	Unicorn-4511.exe
PID 3028 wrote to memory of 1832	3028	Unicorn-42941.exe	Unicorn-46758.exe
PID 3028 wrote to memory of 1832	3028	Unicorn-42941.exe	Unicorn-46758.exe
PID 3028 wrote to memory of 1832	3028	Unicorn-42941.exe	Unicorn-46758.exe
PID 3028 wrote to memory of 1832	3028	Unicorn-42941.exe	Unicorn-46758.exe
PID 2928 wrote to memory of 2608	2928	Unicorn-48208.exe	Unicorn-1086.exe
PID 2928 wrote to memory of 2608	2928	Unicorn-48208.exe	Unicorn-1086.exe
PID 2928 wrote to memory of 2608	2928	Unicorn-48208.exe	Unicorn-1086.exe
PID 2928 wrote to memory of 2608	2928	Unicorn-48208.exe	Unicorn-1086.exe
PID 2440 wrote to memory of 1592	2440	Unicorn-56833.exe	Unicorn-2586.exe
PID 2440 wrote to memory of 1592	2440	Unicorn-56833.exe	Unicorn-2586.exe
PID 2440 wrote to memory of 1592	2440	Unicorn-56833.exe	Unicorn-2586.exe
PID 2440 wrote to memory of 1592	2440	Unicorn-56833.exe	Unicorn-2586.exe
PID 2676 wrote to memory of 1632	2676	Unicorn-61368.exe	Unicorn-48258.exe
PID 2676 wrote to memory of 1632	2676	Unicorn-61368.exe	Unicorn-48258.exe
PID 2676 wrote to memory of 1632	2676	Unicorn-61368.exe	Unicorn-48258.exe
PID 2676 wrote to memory of 1632	2676	Unicorn-61368.exe	Unicorn-48258.exe
PID 3028 wrote to memory of 1616	3028	Unicorn-42941.exe	WerFault.exe
PID 3028 wrote to memory of 1616	3028	Unicorn-42941.exe	WerFault.exe
PID 3028 wrote to memory of 1616	3028	Unicorn-42941.exe	WerFault.exe
PID 3028 wrote to memory of 1616	3028	Unicorn-42941.exe	WerFault.exe
PID 2676 wrote to memory of 480	2676	Unicorn-61368.exe	WerFault.exe
PID 2676 wrote to memory of 480	2676	Unicorn-61368.exe	WerFault.exe
PID 2676 wrote to memory of 480	2676	Unicorn-61368.exe	WerFault.exe
PID 2676 wrote to memory of 480	2676	Unicorn-61368.exe	WerFault.exe
PID 1832 wrote to memory of 1508	1832	Unicorn-46758.exe	Unicorn-10160.exe
PID 1832 wrote to memory of 1508	1832	Unicorn-46758.exe	Unicorn-10160.exe
PID 1832 wrote to memory of 1508	1832	Unicorn-46758.exe	Unicorn-10160.exe
PID 1832 wrote to memory of 1508	1832	Unicorn-46758.exe	Unicorn-10160.exe

C:\Users\Admin\AppData\Local\Temp\8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe
"C:\Users\Admin\AppData\Local\Temp\8b37f096567950188ae56d952e98a5741631c308cc349d4bac376b3894a75e95.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-14321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14321.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp35356.exe
C:\Users\Admin\AppData\Local\Temp35356.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local37430.exe
C:\Users\Admin\AppData\Local37430.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:336

C:\Users\Admin\AppData48555.exe
C:\Users\Admin\AppData48555.exe
9⤵
PID:1868

C:\Users\Admin44416.exe
C:\Users\Admin44416.exe
10⤵
PID:1668

C:\Users52421.exe
C:\Users52421.exe
11⤵
PID:3140

C:\4712.exe
C:\4712.exe
12⤵
PID:4528

C:\1384.exe
C:\1384.exe
13⤵
PID:6896

C:\18365.exe
C:\18365.exe
14⤵
PID:9848

C:\18078.exe
C:\18078.exe
15⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
15⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
14⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
13⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
12⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
11⤵
PID:4780

C:\Users\Admin21315.exe
C:\Users\Admin21315.exe
10⤵
PID:3224

C:\Users51909.exe
C:\Users51909.exe
11⤵
PID:5764

C:\25137.exe
C:\25137.exe
12⤵
PID:7196

C:\45068.exe
C:\45068.exe
13⤵
PID:8832

C:\45396.exe
C:\45396.exe
14⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
14⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
13⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
12⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
11⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 220
10⤵
PID:4956

C:\Users\Admin\AppData63427.exe
C:\Users\Admin\AppData63427.exe
9⤵
PID:1968

C:\Users\Admin45181.exe
C:\Users\Admin45181.exe
10⤵
PID:3168

C:\Users40833.exe
C:\Users40833.exe
11⤵
PID:5468

C:\19988.exe
C:\19988.exe
12⤵
PID:7736

C:\1766.exe
C:\1766.exe
13⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 236
13⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
12⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
11⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
10⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 240
9⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local13853.exe
C:\Users\Admin\AppData\Local13853.exe
8⤵
PID:1908

C:\Users\Admin\AppData1871.exe
C:\Users\Admin\AppData1871.exe
9⤵
PID:748

C:\Users\Admin10957.exe
C:\Users\Admin10957.exe
10⤵
PID:4088

C:\Users12065.exe
C:\Users12065.exe
11⤵
PID:5532

C:\41591.exe
C:\41591.exe
12⤵
PID:6944

C:\27184.exe
C:\27184.exe
13⤵
PID:9564

C:\63397.exe
C:\63397.exe
14⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 236
14⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
13⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
12⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
11⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 236
10⤵
PID:4204

C:\Users\Admin\AppData49416.exe
C:\Users\Admin\AppData49416.exe
9⤵
PID:3096

C:\Users\Admin49478.exe
C:\Users\Admin49478.exe
10⤵
PID:5428

C:\Users37500.exe
C:\Users37500.exe
11⤵
PID:6688

C:\48425.exe
C:\48425.exe
12⤵
PID:9320

C:\57610.exe
C:\57610.exe
13⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 216
13⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 220
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
11⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
10⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
9⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
8⤵
- Program crash
PID:1568

C:\Users\Admin\AppData\Local\Temp54788.exe
C:\Users\Admin\AppData\Local\Temp54788.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local33719.exe
C:\Users\Admin\AppData\Local33719.exe
8⤵
PID:2120

C:\Users\Admin\AppData1871.exe
C:\Users\Admin\AppData1871.exe
9⤵
PID:2704

C:\Users\Admin51987.exe
C:\Users\Admin51987.exe
10⤵
PID:3808

C:\Users56691.exe
C:\Users56691.exe
11⤵
PID:5392

C:\10522.exe
C:\10522.exe
12⤵
PID:6892

C:\25620.exe
C:\25620.exe
13⤵
PID:10040

C:\44964.exe
C:\44964.exe
14⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
14⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 220
13⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
12⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
11⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
10⤵
PID:5032

C:\Users\Admin\AppData13066.exe
C:\Users\Admin\AppData13066.exe
9⤵
PID:3864

C:\Users\Admin3325.exe
C:\Users\Admin3325.exe
10⤵
PID:5720

C:\Users33179.exe
C:\Users33179.exe
11⤵
PID:7460

C:\9012.exe
C:\9012.exe
12⤵
PID:10144

C:\23779.exe
C:\23779.exe
13⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
13⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
12⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
11⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
10⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
9⤵
PID:4884

C:\Users\Admin\AppData\Local61331.exe
C:\Users\Admin\AppData\Local61331.exe
8⤵
PID:1556

C:\Users\Admin\AppData54501.exe
C:\Users\Admin\AppData54501.exe
9⤵
PID:3792

C:\Users\Admin10763.exe
C:\Users\Admin10763.exe
10⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 220
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
9⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
8⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
7⤵
- Program crash
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
8⤵
- Executes dropped EXE
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-9740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9740.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-46748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46748.exe
10⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
11⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
12⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
13⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
13⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
12⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
11⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
10⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
9⤵
- Program crash
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
11⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
12⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
13⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 204
13⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 220
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 220
11⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
10⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
9⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 220
8⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
7⤵
- Program crash
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
6⤵
- Program crash
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-11282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11282.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
8⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
9⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
10⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
11⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
12⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
13⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
12⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 236
11⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
10⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
9⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
8⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-50349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50349.exe
11⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 220
12⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 220
11⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
9⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
8⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
7⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
8⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
11⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
12⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
13⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 204
13⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
9⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
8⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
9⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
10⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
11⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
11⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
10⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
9⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
8⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
7⤵
- Program crash
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
7⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
8⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
10⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
11⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 216
12⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
11⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
10⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
9⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
8⤵
- Program crash
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
7⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
9⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
10⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-12691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12691.exe
11⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
11⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 236
10⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
9⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
8⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 220
7⤵
- Program crash
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
6⤵
- Program crash
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
9⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
10⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
11⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
12⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-46061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46061.exe
13⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
14⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
14⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
13⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
12⤵
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
11⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-48775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48775.exe
10⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-17631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17631.exe
11⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
12⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
13⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
13⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
12⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
11⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
10⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-40729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40729.exe
11⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
12⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
13⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
12⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
11⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
10⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
9⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
8⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
11⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
12⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
13⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
13⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
12⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
11⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
10⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
9⤵
- Program crash
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
8⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
8⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
10⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
11⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
12⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-52896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52896.exe
13⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
12⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
11⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
9⤵
- Program crash
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
10⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
11⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-46550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46550.exe
12⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
12⤵
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
11⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 236
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
9⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 220
8⤵
- Program crash
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
7⤵
- Program crash
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
8⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-12296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12296.exe
9⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
11⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
12⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-18554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18554.exe
13⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 204
13⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 220
12⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
11⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
10⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
10⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
11⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
12⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
12⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 220
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
10⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
8⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-65182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65182.exe
7⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
10⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-38712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38712.exe
11⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
12⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
12⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 236
11⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
10⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
9⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
8⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 220
7⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
6⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-51323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51323.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-31299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31299.exe
8⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
10⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
11⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
12⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
13⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 220
12⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
11⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe
10⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
11⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
12⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 220
11⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
10⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
8⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-19077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19077.exe
7⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
10⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-14581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14581.exe
11⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
12⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 204
12⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
11⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
10⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
8⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
7⤵
- Program crash
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-17051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17051.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-13318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13318.exe
7⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-35250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35250.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
10⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
11⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
12⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 204
12⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
11⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
10⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
7⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
8⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
9⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
10⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
11⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
10⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
9⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
8⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
7⤵
- Program crash
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
6⤵
- Program crash
PID:292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
5⤵
- Program crash
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
8⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
10⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
11⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
12⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
13⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
13⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
12⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
11⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
10⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
9⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
10⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
11⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 220
8⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
7⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
10⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
11⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
10⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
8⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
7⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
7⤵
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
8⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 216
7⤵
- Program crash
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 220
6⤵
- Program crash
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 216
5⤵
- Program crash
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-3152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3152.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
7⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
8⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
10⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
11⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
12⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
13⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
13⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 236
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
11⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
9⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-37350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37350.exe
10⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
11⤵
PID:10320

C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10320 -s 216
12⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
11⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
9⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 220
8⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
7⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-24052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24052.exe
9⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
10⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
11⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
11⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
10⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
9⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 216
8⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
7⤵
- Program crash
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
6⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
7⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
9⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe
10⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
11⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 216
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
10⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
8⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
7⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
8⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
9⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
10⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
10⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
9⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
8⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
7⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
6⤵
- Program crash
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
6⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
7⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
9⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
10⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
11⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
11⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
10⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
8⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
7⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
8⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
9⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
10⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 236
10⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
9⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
8⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 220
7⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
6⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
7⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-22258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22258.exe
8⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
9⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
10⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
11⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
11⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
10⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
9⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
8⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
7⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 220
6⤵
- Program crash
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
5⤵
- Program crash
PID:896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-9148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9148.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
9⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
10⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
11⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
12⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
13⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
14⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 216
14⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 220
13⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 220
12⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
11⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
10⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
11⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
12⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
12⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
11⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
8⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
10⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
11⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
12⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
13⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
13⤵
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 220
12⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
11⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
10⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
9⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 220
8⤵
- Program crash
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
7⤵
- Program crash
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-15944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15944.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
8⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
10⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
11⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
12⤵
PID:9496

C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
13⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 204
13⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 220
12⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 220
11⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
10⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
9⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-56893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56893.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
9⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
10⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
11⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
12⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
12⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 220
11⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
10⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
8⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
7⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
10⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
11⤵
PID:9284

C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
12⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 216
12⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
11⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
10⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
8⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 220
7⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
6⤵
- Program crash
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
8⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe
9⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
10⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
11⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
12⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
13⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 216
13⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 220
12⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
11⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
10⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 236
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
9⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
10⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-37499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37499.exe
11⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
12⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
12⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
11⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
10⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
8⤵
- Program crash
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
7⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-34750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34750.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
10⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
11⤵
PID:9532

C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
12⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
12⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 220
11⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
8⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
7⤵
- Program crash
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
7⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
9⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-48125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48125.exe
10⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
11⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
11⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
10⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
9⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
8⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
8⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-26832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26832.exe
9⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
10⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-14767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14767.exe
11⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 216
11⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 220
10⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 236
9⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
8⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
7⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
6⤵
- Program crash
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
5⤵
- Program crash
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-9757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9757.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
7⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
8⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
10⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
11⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-42956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42956.exe
12⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 236
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
11⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
10⤵
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
9⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
10⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
11⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
12⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 204
12⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
11⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
10⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
8⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
7⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
8⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
9⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
10⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
11⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
11⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 236
10⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 236
9⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
8⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 220
7⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
6⤵
- Program crash
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
6⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-32517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32517.exe
7⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
10⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
11⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 236
10⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
9⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
8⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
7⤵
- Program crash
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
6⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
8⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
9⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
10⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-52402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52402.exe
11⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 204
11⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
10⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 220
9⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
8⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
7⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
6⤵
- Program crash
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
5⤵
- Program crash
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
7⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
8⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
10⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
11⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
12⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
13⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
13⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
12⤵
PID:10376

C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
11⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
12⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 236
12⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 220
11⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
10⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 216
9⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
8⤵
- Program crash
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
7⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
8⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
9⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
10⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-49835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49835.exe
11⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
12⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
12⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
10⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
8⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 220
7⤵
- Program crash
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
6⤵
- Program crash
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-56893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56893.exe
7⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
8⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
9⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-9012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9012.exe
10⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
11⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
11⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
10⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
9⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
8⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
7⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
6⤵
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 188
7⤵
- Program crash
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
6⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
5⤵
- Program crash
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-13741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13741.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-2407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2407.exe
7⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
9⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
10⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
11⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
11⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 236
10⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
9⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
8⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
7⤵
- Program crash
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
6⤵
- Program crash
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
6⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
7⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
8⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
9⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
10⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
10⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
9⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
8⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
7⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
6⤵
- Program crash
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
5⤵
- Program crash
PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
4⤵
- Program crash
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
2⤵
- Program crash
PID:2632

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\18078.exe
Filesize
184KB

MD5
e0bff4d0b8e23e0d79e6a57863e4aa87

SHA1
8c7c4126fe6b34f817d4a140f130756427433009

SHA256
3f1ecc1cc7f51e7c6d7aaac090911e4af523e00283469b39f38fe394c51d76d0

SHA512
72bb3c0fa9f04a78c203248f710fd5352a254a3cca72d15a86b61fec3b01ae5a47a35d1aea1a7add41dfa21b779ca3e9c3a95db2fa3a3204257090bf9e1b51ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
Filesize
184KB

MD5
180ebb27723e6026b4d93bfa9ed24ebd

SHA1
1f86c241acfd54708a8d1892c2d10396f8ddc32f

SHA256
7153940d3ff92a150cc60c582b78b10aa53bb60fb543a978d66b8f0c573f559a

SHA512
cc38baf2ffaa3dc8ab66ef43616fc6d9f01445e91b63cd6ef5edfbf8fbcef66d8cb006a79467b68688799bcabeb2197544c806679c25b8bd9e5bf24a169bfbbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
Filesize
184KB

MD5
bcf3a04427baab465df14ca8c0817120

SHA1
770ddf653b8fef35a0d555c52abe6b09e915d983

SHA256
00e38ed44f7a295188acbc7450b23fb69300b9f8de1005488251041d048af633

SHA512
1e2ad787f701dfa76db94edc8e25162daeb7c40b485a44d930cfc5618c73f36948fc2fa1bd6f498bc87e5dd457c0b842d2417d90841567ef5ba00c7ad4c416a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
Filesize
184KB

MD5
ff76228923ef71b5bc4e984db93ec130

SHA1
04ad439f961be5d0920994d840d4f8d5fc22c7fd

SHA256
44da3efe93f57066833a406d9d750bc3076d4b4c468ef8e12dd88e411906f910

SHA512
e65c0414bf82c33ba987e2af8b97cfe8a8b97b60afdfdd8fd2b44313291d22f397635a2b49a104c0e84e41dab3e300f448c9530dd6d3e4b7376a0b0c324530bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
Filesize
184KB

MD5
bd2e83ae46c82e4b4cb473420ef1bdb7

SHA1
5745a04d991529fadf0700b8678b5a549d5bc4ef

SHA256
0947b1d5603ef4493484545f216b18ec8dd41e182cbebcaf186cf73698342ab1

SHA512
9e7f0cd3cd391c4382af8347c50e30fe8cafca830e3831faa391be711994c1df04d0dcf71b8dd264f2104520b1e2f7eed76bdf2731a6c34b94c44dbb9a89f677

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
Filesize
184KB

MD5
09eefb6f06813e87be9eddda501d39a9

SHA1
d5720e099816bedfa43b295d570d4b264acf861c

SHA256
c6866e5f0ec2ff4d88aea4d820072e305f25df11a401f099cc2790b5d563667e

SHA512
9080ea082bb24b533a260a00fb4c2841152bfcf08921de5bb895e9617c30390f765de31db96fe4b6525ab8cebc39262711a83c3aa9e97b618ec508cce95b677b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
Filesize
184KB

MD5
1d79cdc55f3e2253a29780e93fab022b

SHA1
927c7f46540011f5fca52bc5d66d4703c4fbb50d

SHA256
edcb317e3cd047e351d6d6062b29c833938dca7b3aa8e007a3df7e278a88960b

SHA512
d93caf15e76419a4ddf26c2a3b64a8b595bc74c24c8479df476e4e978fd2e75103cdcd078383f15876ac46a2c0c799836b6ec8be45f8c11c83f2f8a58bc724b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
Filesize
184KB

MD5
e7a08848164b4201cb105f36b9213deb

SHA1
79fd570e79a112adced23a0e98c45deb4e168346

SHA256
5bbbb99d83e0dd25eecf8b5e8102dd113a0e8c8df31adb659e775e3889ab48b2

SHA512
31511fdff1b1674e9b4e162ee4a423654782bb7126ca26798b0e614c32bbe19b6d9c3f9375071f22ed7a65ab6bd3ad41e7e45326c6a8c19620358731575214c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14321.exe
Filesize
184KB

MD5
4abb08ecf27a0ef62a69b0efc7da10b1

SHA1
a4d674c7cc18397f8fbaccd298540ba1c0775b1e

SHA256
e403b5a2ba294a9f96cd3155901a3b6059be25feed794c8eee4d4d44085a4322

SHA512
d457a24a9bb9aee8dfea105764fefa69b979fd15007ba87f5664f16def9ef020a4d52b2c78caedbaacce03f2890991d9d82734aef7e917b2085ba9b4631d8357

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
Filesize
184KB

MD5
35a5a0d2b0aa42d29575533c0d6b0731

SHA1
040c675af4f1dc6ccebec240128ac87d45aa0746

SHA256
6db53f6bd279fef9bcd40503afd39e7db68b64858101f62cb86875f361b01759

SHA512
c9de1620c7c1c36d18c71ad94b6d522286866b14bfac99a12886f2afd5d160be474508f93cd7e61e3d1edf5c9daf621e3bc16ce004eb3383a6069f78ef34e5c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
Filesize
184KB

MD5
7d78f3c3048750afcb49024fc4c70394

SHA1
a626f4a8f9097df830853072d6ebe588e9820fe7

SHA256
9a3df4adb158f415492ad7ce7b01b96dbca6f4c6b8d4cd8f716d9ab23910acb7

SHA512
ff3196fed0db8e7f3c3f9acdb91a6e1c96cde8d752192ae269429002a5f75b3cdf2b645099926ea1fd37a464449ee30f2a377f167588e0c5eab287d741e242f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
Filesize
184KB

MD5
b7b783a23e9a96aac8251f881144c957

SHA1
22fc4b7a987fa6d1e66953025cdeaa00489a157b

SHA256
55cdadc5cd4e72f36200d4a18450002cceb718cfa071e0362d14a5132ccbe8e3

SHA512
991234863316d3122ec3103b97334d3494e91534e5a4999d575109defb59cb0a3c94d25abb4a937397ef1f3d8c7705879af191b1b0f2dbf3f97302a2902d6ed1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
Filesize
184KB

MD5
ecf0156f41f92c26cf3096d720960a9e

SHA1
9d27dfe3fa0f07d81b72999ba19691d11f06d313

SHA256
cb3b99ae9b1e2d47e97a3b16126a9933236bb7ef93979d96a868299fa3d88d6b

SHA512
b8465418905ff1631410565a5f81b9baabadece0b4a2fc432678dac45776e7b52fb34f58fb2a3338119a5d2430bd43330623e4c81d53950c4019e72eff0c247e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
Filesize
184KB

MD5
a21c7cfdf962daf62e9db70dca2a2e44

SHA1
f8fde3c57ae493ccd8c7f29067a1015c89e83f62

SHA256
70356d889f282f9e15d8ae770b340154db89dba7cd1705546bc64eea06f0178c

SHA512
04343e88dff1abec13bff05a0064e06bb7f2fd1cf7b2100024342f606a6aa9fed77a54aa7973eb75508b0f0a1d4c1f80f916e3af2d9198316ee59e4cd9ac1d95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
Filesize
184KB

MD5
0f1d98ab141529f19d0f7126a1fbe222

SHA1
0ed6bcbecc129b5096b4f0baa79b7635dbc36b58

SHA256
4aec0e1b4d55fdbddf81a51ec44213084d3585da79e56b6f4654187f99a14cfa

SHA512
8feca7deeeab2729535f1a97b994cfb2b85e00a4d0490c308b927355e58f7fbc1ca0a8d35f5a26cc52b7ed2b616dc81a2d2b4e8162aa5534aa47dba0f0b590c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
Filesize
184KB

MD5
33784407197ddd05f91918d6168a2acc

SHA1
0ff3c60ff8613d265bcebc4a7c008c3fdc39c729

SHA256
f6a4a118b8c52c8aa61920e50919148f9f6c9adecef33752335ec694fa40731e

SHA512
51cfaebc1522b33795a9fc50ea72c7c8eff3e3f36880cae432b02e532fce802137cbe73075d0133f3fd19a4f376d5ca073102db846e138f3a2ebe02a26f68c2d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
Filesize
184KB

MD5
279cd8f96b298bd74ed2a0ef2ae23e97

SHA1
05e053dfb8e34f78d6c47f53d167c4264765d596

SHA256
8eaac94de771ea6cf5e8b004b680b55a61b306b94f60efe441414a0ccb0e1871

SHA512
68e92a8b41918ebae9f19993ecc79c24bb2ac6e3c8921d9eaa93661702bc4fea1c6b9073ab2c72eb5c6f891e9ec3a51a3623d58cee994c092182d0988dfc2cb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
Filesize
184KB

MD5
a9e2cb3cf6e56668b7de743557ff4553

SHA1
ce2c9e39f5cd67afd8036a1bb2c5b1e7eb0ed6eb

SHA256
1d556634c3354c49c0e1b5614c89817d704ba4a6b1f91dfc5d45b2e392e2ff6b

SHA512
b7f8a9578aa7291b0052ecaca5a50dec03fd8fd700a5785b77c17be6aa915479d12eef9dfbe172352e27c1d00ceb86f63da745ab4866082c2f0a15984b1d8df7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
Filesize
184KB

MD5
1bda08e50a23bb980f9ae8988eed6bcf

SHA1
c5edb8dac4e54eb06759fe4d1992806d71b10c4f

SHA256
9445cb910eb6cec1443a8cb40b4815dbdc2ec3263fed9af15a768633b014c2e5

SHA512
49ca1b6c24cb848c82ad15c8dbcb10ca61931159d19dc4d93055c441278120c466fed8e335b2575b8d08b9030fdc8e949e41889f4b797e817e10dffbd5b1a6f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads