8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe
Size

184KB
MD5

6ddec1bf121510634b9933ef6b6a333f
SHA1

c20542fc046f7ea7f9c7e232b195bd45e3fc6b17
SHA256

8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078
SHA512

490fd6ddb28f80f454c528208a427dae44e578873bb3cb3322f897459b0440f6c0c9bdf3838b8f9f28c9591e0d8cf17246574ac3fc0aca1cb78327aca51e24a4
SSDEEP

3072:xZe3E8ofMRhTdFKWe3wLfusJhlnViFFn3:xZyo8JFKmLWsJhlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-28229.exeUnicorn-62387.exeUnicorn-42521.exeUnicorn-49735.exeUnicorn-16932.exeUnicorn-1219.exeUnicorn-19648.exeUnicorn-10079.exeUnicorn-14635.exeUnicorn-4459.exeUnicorn-8039.exeUnicorn-64360.exeUnicorn-28782.exeUnicorn-2201.exeUnicorn-22067.exeUnicorn-45019.exeUnicorn-15800.exeUnicorn-24517.exeUnicorn-6744.exeUnicorn-43562.exeUnicorn-63428.exeUnicorn-29089.exeUnicorn-48955.exeUnicorn-23766.exeUnicorn-63132.exeUnicorn-439.exeUnicorn-46811.exeUnicorn-9924.exeUnicorn-15316.exeUnicorn-61676.exeUnicorn-28873.exeUnicorn-17245.exeUnicorn-6855.exeUnicorn-32730.exeUnicorn-57296.exeUnicorn-33969.exeUnicorn-20966.exeUnicorn-8028.exeUnicorn-43310.exeUnicorn-36730.exeUnicorn-42738.exeUnicorn-18277.exeUnicorn-52080.exeUnicorn-40975.exeUnicorn-1483.exeUnicorn-9480.exeUnicorn-19350.exeUnicorn-51956.exeUnicorn-52184.exeUnicorn-34935.exeUnicorn-47249.exeUnicorn-6834.exeUnicorn-21011.exeUnicorn-57898.exeUnicorn-24380.exeUnicorn-58422.exeUnicorn-24083.exeUnicorn-24083.exeUnicorn-5398.exeUnicorn-48439.exeUnicorn-39441.exeUnicorn-29113.exeUnicorn-29270.exeUnicorn-13872.exe

pid	process
2436	Unicorn-28229.exe
2652	Unicorn-62387.exe
2724	Unicorn-42521.exe
2672	Unicorn-49735.exe
2540	Unicorn-16932.exe
2516	Unicorn-1219.exe
1660	Unicorn-19648.exe
2840	Unicorn-10079.exe
2900	Unicorn-14635.exe
548	Unicorn-4459.exe
2788	Unicorn-8039.exe
1748	Unicorn-64360.exe
1760	Unicorn-28782.exe
1784	Unicorn-2201.exe
2084	Unicorn-22067.exe
324	Unicorn-45019.exe
1092	Unicorn-15800.exe
1744	Unicorn-24517.exe
1692	Unicorn-6744.exe
2460	Unicorn-43562.exe
2464	Unicorn-63428.exe
272	Unicorn-29089.exe
1380	Unicorn-48955.exe
944	Unicorn-23766.exe
940	Unicorn-63132.exe
2468	Unicorn-439.exe
1364	Unicorn-46811.exe
2596	Unicorn-9924.exe
1676	Unicorn-15316.exe
1436	Unicorn-61676.exe
1056	Unicorn-28873.exe
1628	Unicorn-17245.exe
2736	Unicorn-6855.exe
2740	Unicorn-32730.exe
2628	Unicorn-57296.exe
2684	Unicorn-33969.exe
2528	Unicorn-20966.exe
2584	Unicorn-8028.exe
2412	Unicorn-43310.exe
2912	Unicorn-36730.exe
2884	Unicorn-42738.exe
392	Unicorn-18277.exe
264	Unicorn-52080.exe
2240	Unicorn-40975.exe
1604	Unicorn-1483.exe
2060	Unicorn-9480.exe
2120	Unicorn-19350.exe
2144	Unicorn-51956.exe
1908	Unicorn-52184.exe
1588	Unicorn-34935.exe
1532	Unicorn-47249.exe
1852	Unicorn-6834.exe
3060	Unicorn-21011.exe
3044	Unicorn-57898.exe
2316	Unicorn-24380.exe
2244	Unicorn-58422.exe
2192	Unicorn-24083.exe
2932	Unicorn-24083.exe
2392	Unicorn-5398.exe
1032	Unicorn-48439.exe
2728	Unicorn-39441.exe
2944	Unicorn-29113.exe
2300	Unicorn-29270.exe
2888	Unicorn-13872.exe

Loads dropped DLL 64 IoCs

Processes:

8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exeUnicorn-28229.exeUnicorn-62387.exeUnicorn-42521.exeWerFault.exeUnicorn-49735.exeUnicorn-16932.exeWerFault.exeWerFault.exeUnicorn-19648.exeUnicorn-14635.exeUnicorn-10079.exeUnicorn-4459.exeWerFault.exeWerFault.exeUnicorn-8039.exeUnicorn-28782.exe

pid	process
2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe
2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe
2436	Unicorn-28229.exe
2436	Unicorn-28229.exe
2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe
2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe
2652	Unicorn-62387.exe
2652	Unicorn-62387.exe
2436	Unicorn-28229.exe
2436	Unicorn-28229.exe
2724	Unicorn-42521.exe
2724	Unicorn-42521.exe
2564	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
2724	Unicorn-42521.exe
2724	Unicorn-42521.exe
2672	Unicorn-49735.exe
2672	Unicorn-49735.exe
2652	Unicorn-62387.exe
2652	Unicorn-62387.exe
2540	Unicorn-16932.exe
2540	Unicorn-16932.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
1660	Unicorn-19648.exe
1660	Unicorn-19648.exe
2900	Unicorn-14635.exe
2900	Unicorn-14635.exe
2840	Unicorn-10079.exe
2672	Unicorn-49735.exe
2840	Unicorn-10079.exe
2672	Unicorn-49735.exe
548	Unicorn-4459.exe
2540	Unicorn-16932.exe
548	Unicorn-4459.exe
2540	Unicorn-16932.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
2788	Unicorn-8039.exe
2788	Unicorn-8039.exe
1660	Unicorn-19648.exe
1660	Unicorn-19648.exe
1760	Unicorn-28782.exe
1760	Unicorn-28782.exe
2840	Unicorn-10079.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2776	2208	WerFault.exe	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe
2564	2436	WerFault.exe	Unicorn-28229.exe
1668	2652	WerFault.exe	Unicorn-62387.exe
796	2724	WerFault.exe	Unicorn-42521.exe
2204	2672	WerFault.exe	Unicorn-49735.exe
2068	2540	WerFault.exe	Unicorn-16932.exe
3064	2900	WerFault.exe	Unicorn-14635.exe
624	2840	WerFault.exe	Unicorn-10079.exe
868	548	WerFault.exe	Unicorn-4459.exe
2312	2468	WerFault.exe	Unicorn-439.exe
2860	2788	WerFault.exe	Unicorn-8039.exe
1900	1760	WerFault.exe	Unicorn-28782.exe
1052	1748	WerFault.exe	Unicorn-64360.exe
2332	1784	WerFault.exe	Unicorn-2201.exe
288	2084	WerFault.exe	Unicorn-22067.exe
632	324	WerFault.exe	Unicorn-45019.exe
1576	1092	WerFault.exe	Unicorn-15800.exe
2160	1744	WerFault.exe	Unicorn-24517.exe
2612	1692	WerFault.exe	Unicorn-6744.exe
2508	940	WerFault.exe	Unicorn-63132.exe
2636	1380	WerFault.exe	Unicorn-48955.exe
2588	2464	WerFault.exe	Unicorn-63428.exe
2828	272	WerFault.exe	Unicorn-29089.exe
1656	2460	WerFault.exe	Unicorn-43562.exe
1264	944	WerFault.exe	Unicorn-23766.exe
692	1364	WerFault.exe	Unicorn-46811.exe
2988	2596	WerFault.exe	Unicorn-9924.exe
1544	1676	WerFault.exe	Unicorn-15316.exe
2748	1436	WerFault.exe	Unicorn-61676.exe
300	1056	WerFault.exe	Unicorn-28873.exe
1336	1628	WerFault.exe	Unicorn-17245.exe
1644	2736	WerFault.exe	Unicorn-6855.exe
2340	2740	WerFault.exe	Unicorn-32730.exe
892	2628	WerFault.exe	Unicorn-57296.exe
3056	2412	WerFault.exe	Unicorn-43310.exe
1824	2528	WerFault.exe	Unicorn-20966.exe
2280	2584	WerFault.exe	Unicorn-8028.exe
3672	2912	WerFault.exe	Unicorn-36730.exe
3684	2884	WerFault.exe	Unicorn-42738.exe
3784	392	WerFault.exe	Unicorn-18277.exe
3792	2060	WerFault.exe	Unicorn-9480.exe
3188	2192	WerFault.exe	Unicorn-24083.exe
3388	3044	WerFault.exe	Unicorn-57898.exe
3640	2144	WerFault.exe	Unicorn-51956.exe
3648	2240	WerFault.exe	Unicorn-40975.exe
3884	2932	WerFault.exe	Unicorn-24083.exe
3920	2316	WerFault.exe	Unicorn-24380.exe
3956	2244	WerFault.exe	Unicorn-58422.exe
3964	264	WerFault.exe	Unicorn-52080.exe
3988	2120	WerFault.exe	Unicorn-19350.exe
4004	1908	WerFault.exe	Unicorn-52184.exe
3092	1588	WerFault.exe	Unicorn-34935.exe
3096	1604	WerFault.exe	Unicorn-1483.exe
3160	1032	WerFault.exe	Unicorn-48439.exe
3176	3060	WerFault.exe	Unicorn-21011.exe
3208	1852	WerFault.exe	Unicorn-6834.exe
3468	2392	WerFault.exe	Unicorn-5398.exe
3756	1340	WerFault.exe	Unicorn-24609.exe
3076	1600	WerFault.exe	Unicorn-26041.exe
3268	800	WerFault.exe	Unicorn-11480.exe
3392	2888	WerFault.exe	Unicorn-13872.exe
4024	2064	WerFault.exe	Unicorn-5196.exe
3628	2492	WerFault.exe	Unicorn-36150.exe
3632	1132	WerFault.exe	Unicorn-62264.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exeUnicorn-28229.exeUnicorn-62387.exeUnicorn-42521.exeUnicorn-49735.exeUnicorn-16932.exeUnicorn-19648.exeUnicorn-14635.exeUnicorn-10079.exeUnicorn-4459.exeUnicorn-8039.exeUnicorn-64360.exeUnicorn-28782.exeUnicorn-2201.exeUnicorn-22067.exeUnicorn-45019.exeUnicorn-15800.exeUnicorn-24517.exeUnicorn-6744.exeUnicorn-63428.exeUnicorn-29089.exeUnicorn-23766.exeUnicorn-48955.exeUnicorn-63132.exeUnicorn-43562.exeUnicorn-439.exeUnicorn-46811.exeUnicorn-9924.exeUnicorn-15316.exeUnicorn-61676.exeUnicorn-28873.exeUnicorn-17245.exeUnicorn-6855.exeUnicorn-57296.exeUnicorn-32730.exeUnicorn-33969.exeUnicorn-20966.exeUnicorn-8028.exeUnicorn-43310.exeUnicorn-36730.exeUnicorn-42738.exeUnicorn-18277.exeUnicorn-52080.exeUnicorn-1483.exeUnicorn-40975.exeUnicorn-9480.exeUnicorn-19350.exeUnicorn-51956.exeUnicorn-52184.exeUnicorn-47249.exeUnicorn-34935.exeUnicorn-21011.exeUnicorn-6834.exeUnicorn-57898.exeUnicorn-24380.exeUnicorn-24083.exeUnicorn-58422.exeUnicorn-24083.exeUnicorn-5398.exeUnicorn-48439.exeUnicorn-39441.exeUnicorn-29113.exeUnicorn-29270.exeUnicorn-13872.exe

pid	process
2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe
2436	Unicorn-28229.exe
2652	Unicorn-62387.exe
2724	Unicorn-42521.exe
2672	Unicorn-49735.exe
2540	Unicorn-16932.exe
1660	Unicorn-19648.exe
2900	Unicorn-14635.exe
2840	Unicorn-10079.exe
548	Unicorn-4459.exe
2788	Unicorn-8039.exe
1748	Unicorn-64360.exe
1760	Unicorn-28782.exe
1784	Unicorn-2201.exe
2084	Unicorn-22067.exe
324	Unicorn-45019.exe
1092	Unicorn-15800.exe
1744	Unicorn-24517.exe
1692	Unicorn-6744.exe
2464	Unicorn-63428.exe
272	Unicorn-29089.exe
944	Unicorn-23766.exe
1380	Unicorn-48955.exe
940	Unicorn-63132.exe
2460	Unicorn-43562.exe
2468	Unicorn-439.exe
1364	Unicorn-46811.exe
2596	Unicorn-9924.exe
1676	Unicorn-15316.exe
1436	Unicorn-61676.exe
1056	Unicorn-28873.exe
1628	Unicorn-17245.exe
2736	Unicorn-6855.exe
2628	Unicorn-57296.exe
2740	Unicorn-32730.exe
2684	Unicorn-33969.exe
2528	Unicorn-20966.exe
2584	Unicorn-8028.exe
2412	Unicorn-43310.exe
2912	Unicorn-36730.exe
2884	Unicorn-42738.exe
392	Unicorn-18277.exe
264	Unicorn-52080.exe
1604	Unicorn-1483.exe
2240	Unicorn-40975.exe
2060	Unicorn-9480.exe
2120	Unicorn-19350.exe
2144	Unicorn-51956.exe
1908	Unicorn-52184.exe
1532	Unicorn-47249.exe
1588	Unicorn-34935.exe
3060	Unicorn-21011.exe
1852	Unicorn-6834.exe
3044	Unicorn-57898.exe
2316	Unicorn-24380.exe
2192	Unicorn-24083.exe
2244	Unicorn-58422.exe
2932	Unicorn-24083.exe
2392	Unicorn-5398.exe
1032	Unicorn-48439.exe
2728	Unicorn-39441.exe
2944	Unicorn-29113.exe
2300	Unicorn-29270.exe
2888	Unicorn-13872.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exeUnicorn-28229.exeUnicorn-62387.exeUnicorn-42521.exeUnicorn-49735.exeUnicorn-16932.exeUnicorn-19648.exeUnicorn-14635.exe

description	pid	process	target process
PID 2208 wrote to memory of 2436	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	Unicorn-28229.exe
PID 2208 wrote to memory of 2436	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	Unicorn-28229.exe
PID 2208 wrote to memory of 2436	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	Unicorn-28229.exe
PID 2208 wrote to memory of 2436	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	Unicorn-28229.exe
PID 2436 wrote to memory of 2652	2436	Unicorn-28229.exe	Unicorn-62387.exe
PID 2436 wrote to memory of 2652	2436	Unicorn-28229.exe	Unicorn-62387.exe
PID 2436 wrote to memory of 2652	2436	Unicorn-28229.exe	Unicorn-62387.exe
PID 2436 wrote to memory of 2652	2436	Unicorn-28229.exe	Unicorn-62387.exe
PID 2208 wrote to memory of 2724	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	Unicorn-42521.exe
PID 2208 wrote to memory of 2724	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	Unicorn-42521.exe
PID 2208 wrote to memory of 2724	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	Unicorn-42521.exe
PID 2208 wrote to memory of 2724	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	Unicorn-42521.exe
PID 2208 wrote to memory of 2776	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	WerFault.exe
PID 2208 wrote to memory of 2776	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	WerFault.exe
PID 2208 wrote to memory of 2776	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	WerFault.exe
PID 2208 wrote to memory of 2776	2208	8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe	WerFault.exe
PID 2652 wrote to memory of 2672	2652	Unicorn-62387.exe	Unicorn-49735.exe
PID 2652 wrote to memory of 2672	2652	Unicorn-62387.exe	Unicorn-49735.exe
PID 2652 wrote to memory of 2672	2652	Unicorn-62387.exe	Unicorn-49735.exe
PID 2652 wrote to memory of 2672	2652	Unicorn-62387.exe	Unicorn-49735.exe
PID 2436 wrote to memory of 2540	2436	Unicorn-28229.exe	Unicorn-16932.exe
PID 2436 wrote to memory of 2540	2436	Unicorn-28229.exe	Unicorn-16932.exe
PID 2436 wrote to memory of 2540	2436	Unicorn-28229.exe	Unicorn-16932.exe
PID 2436 wrote to memory of 2540	2436	Unicorn-28229.exe	Unicorn-16932.exe
PID 2724 wrote to memory of 2516	2724	Unicorn-42521.exe	Unicorn-1219.exe
PID 2724 wrote to memory of 2516	2724	Unicorn-42521.exe	Unicorn-1219.exe
PID 2724 wrote to memory of 2516	2724	Unicorn-42521.exe	Unicorn-1219.exe
PID 2724 wrote to memory of 2516	2724	Unicorn-42521.exe	Unicorn-1219.exe
PID 2436 wrote to memory of 2564	2436	Unicorn-28229.exe	WerFault.exe
PID 2436 wrote to memory of 2564	2436	Unicorn-28229.exe	WerFault.exe
PID 2436 wrote to memory of 2564	2436	Unicorn-28229.exe	WerFault.exe
PID 2436 wrote to memory of 2564	2436	Unicorn-28229.exe	WerFault.exe
PID 2724 wrote to memory of 1660	2724	Unicorn-42521.exe	Unicorn-19648.exe
PID 2724 wrote to memory of 1660	2724	Unicorn-42521.exe	Unicorn-19648.exe
PID 2724 wrote to memory of 1660	2724	Unicorn-42521.exe	Unicorn-19648.exe
PID 2724 wrote to memory of 1660	2724	Unicorn-42521.exe	Unicorn-19648.exe
PID 2672 wrote to memory of 2840	2672	Unicorn-49735.exe	Unicorn-10079.exe
PID 2672 wrote to memory of 2840	2672	Unicorn-49735.exe	Unicorn-10079.exe
PID 2672 wrote to memory of 2840	2672	Unicorn-49735.exe	Unicorn-10079.exe
PID 2672 wrote to memory of 2840	2672	Unicorn-49735.exe	Unicorn-10079.exe
PID 2652 wrote to memory of 2900	2652	Unicorn-62387.exe	Unicorn-14635.exe
PID 2652 wrote to memory of 2900	2652	Unicorn-62387.exe	Unicorn-14635.exe
PID 2652 wrote to memory of 2900	2652	Unicorn-62387.exe	Unicorn-14635.exe
PID 2652 wrote to memory of 2900	2652	Unicorn-62387.exe	Unicorn-14635.exe
PID 2540 wrote to memory of 548	2540	Unicorn-16932.exe	Unicorn-4459.exe
PID 2540 wrote to memory of 548	2540	Unicorn-16932.exe	Unicorn-4459.exe
PID 2540 wrote to memory of 548	2540	Unicorn-16932.exe	Unicorn-4459.exe
PID 2540 wrote to memory of 548	2540	Unicorn-16932.exe	Unicorn-4459.exe
PID 2652 wrote to memory of 1668	2652	Unicorn-62387.exe	WerFault.exe
PID 2652 wrote to memory of 1668	2652	Unicorn-62387.exe	WerFault.exe
PID 2652 wrote to memory of 1668	2652	Unicorn-62387.exe	WerFault.exe
PID 2652 wrote to memory of 1668	2652	Unicorn-62387.exe	WerFault.exe
PID 2724 wrote to memory of 796	2724	Unicorn-42521.exe	WerFault.exe
PID 2724 wrote to memory of 796	2724	Unicorn-42521.exe	WerFault.exe
PID 2724 wrote to memory of 796	2724	Unicorn-42521.exe	WerFault.exe
PID 2724 wrote to memory of 796	2724	Unicorn-42521.exe	WerFault.exe
PID 1660 wrote to memory of 2788	1660	Unicorn-19648.exe	Unicorn-8039.exe
PID 1660 wrote to memory of 2788	1660	Unicorn-19648.exe	Unicorn-8039.exe
PID 1660 wrote to memory of 2788	1660	Unicorn-19648.exe	Unicorn-8039.exe
PID 1660 wrote to memory of 2788	1660	Unicorn-19648.exe	Unicorn-8039.exe
PID 2900 wrote to memory of 1748	2900	Unicorn-14635.exe	Unicorn-64360.exe
PID 2900 wrote to memory of 1748	2900	Unicorn-14635.exe	Unicorn-64360.exe
PID 2900 wrote to memory of 1748	2900	Unicorn-14635.exe	Unicorn-64360.exe
PID 2900 wrote to memory of 1748	2900	Unicorn-14635.exe	Unicorn-64360.exe

C:\Users\Admin\AppData\Local\Temp\8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe
"C:\Users\Admin\AppData\Local\Temp\8ffdefeaf3503c997521e4b04f01d78485b25c9d0fcd4f2d6648c2f1e33da078.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-49735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49735.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
10⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe
11⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
12⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
13⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
14⤵
PID:10664

C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
15⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10664 -s 236
15⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
14⤵
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
13⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
12⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 216
11⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
10⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-55247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55247.exe
11⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
12⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
13⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
14⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
15⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 236
15⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
14⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
13⤵
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
12⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
11⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
10⤵
- Program crash
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
9⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
10⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
11⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
12⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
13⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
14⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
15⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
14⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
13⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
12⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 216
11⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
10⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
9⤵
- Program crash
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-1483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1483.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
9⤵
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-59394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59394.exe
10⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
11⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-33436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33436.exe
12⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
13⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
14⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10460 -s 216
14⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
13⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 236
12⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
11⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
11⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
12⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
13⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
13⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
12⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
11⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
10⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
9⤵
- Program crash
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
8⤵
- Program crash
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
9⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
10⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
11⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
12⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-24443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24443.exe
13⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
14⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
14⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
13⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
12⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
11⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
10⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
9⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
8⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
9⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
10⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
11⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe
12⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
13⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
14⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
12⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
11⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 216
10⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
9⤵
- Program crash
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
8⤵
- Program crash
PID:300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
7⤵
- Program crash
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
9⤵
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-15232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15232.exe
10⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
11⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
12⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
13⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
14⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 236
14⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
13⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 236
12⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
11⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
10⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-57980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57980.exe
10⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
11⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
12⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
13⤵
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
13⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
12⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
11⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
9⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-37671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37671.exe
8⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-18097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18097.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
11⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
12⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
13⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 220
13⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
12⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 220
11⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
10⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
9⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
8⤵
- Program crash
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
8⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
10⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
11⤵
PID:8428

C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
12⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
13⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 216
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
11⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 240
10⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
9⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
10⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-19299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19299.exe
11⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
12⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 236
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
11⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 220
10⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
9⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
8⤵
- Program crash
PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
7⤵
- Program crash
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
6⤵
- Program crash
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
9⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
10⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
11⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
12⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
13⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
14⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-62023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62023.exe
15⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 236
14⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
13⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
12⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
11⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
10⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
11⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
12⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-10566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10566.exe
13⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
14⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
13⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
12⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
11⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
10⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-47138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47138.exe
11⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
12⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
13⤵
PID:10504

C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
14⤵
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 236
13⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
12⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
11⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
10⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
9⤵
- Program crash
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
8⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
10⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
11⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
12⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
13⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-29683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29683.exe
14⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 220
14⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
13⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
12⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
11⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
10⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
9⤵
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-47249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47249.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
8⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
9⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-58677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58677.exe
10⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
11⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
12⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
13⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 208
14⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 236
13⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
12⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
11⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
10⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
11⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
12⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
11⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 220
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
8⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
9⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
7⤵
- Program crash
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
8⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
9⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
10⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
11⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
12⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
13⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
14⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 216
14⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
13⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
12⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
11⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
10⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
11⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
12⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
13⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 236
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
11⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
9⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
8⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
7⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
11⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
12⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
13⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 236
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
10⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 216
8⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
7⤵
- Program crash
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
6⤵
- Program crash
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
8⤵
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
9⤵
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
10⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
12⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
13⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
14⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 216
14⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 216
13⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
12⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
11⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 216
10⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 216
9⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
10⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
11⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
12⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
13⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 236
13⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 236
12⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
11⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
10⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
9⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
8⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
7⤵
- Program crash
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
6⤵
- Program crash
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:272

C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
8⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
9⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
11⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
12⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
13⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16677.exe
14⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
13⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
12⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
11⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
10⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
9⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
10⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
11⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
12⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
12⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 236
11⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
8⤵
- Program crash
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
7⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-19378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19378.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-22190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22190.exe
10⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
11⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
12⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
13⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 204
13⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 236
12⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
11⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
10⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
9⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
8⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
9⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-20919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20919.exe
10⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
11⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
12⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
10⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
9⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 220
8⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
7⤵
- Program crash
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
7⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-47867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47867.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
10⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
11⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-40178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40178.exe
12⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
13⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
11⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
9⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
8⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe
8⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
9⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
10⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 224
11⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
9⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
8⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
7⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
6⤵
- Program crash
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
5⤵
- Program crash
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-4459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4459.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
8⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
10⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
11⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-18775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18775.exe
12⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 200
13⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
11⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
10⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
9⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
8⤵
- Program crash
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
8⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-32234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32234.exe
10⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
11⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
12⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-25534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25534.exe
13⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10396 -s 216
13⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
12⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
11⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
9⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
8⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
7⤵
- Program crash
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
8⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
10⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
11⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
12⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-16258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16258.exe
13⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
14⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
13⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
12⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 220
11⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
9⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
11⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
12⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
13⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
10⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
9⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
8⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-18595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18595.exe
7⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
10⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
11⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
12⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
13⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 236
13⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 236
12⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
11⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
8⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
7⤵
- Program crash
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
6⤵
- Program crash
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
8⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
9⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
10⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
11⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
12⤵
PID:8696

C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
13⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
14⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
13⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
12⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
11⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
10⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
9⤵
- Program crash
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
8⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
9⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
10⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
11⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
12⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 220
11⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
10⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
8⤵
- Program crash
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
7⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
8⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
9⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
10⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-18648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18648.exe
11⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
12⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
13⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
13⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 236
12⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 236
11⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
10⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
9⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
8⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
7⤵
- Program crash
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
7⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
8⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
10⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
11⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
12⤵
PID:10732

C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 216
13⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
12⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
9⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
10⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
11⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
12⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
12⤵
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 236
11⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 236
10⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
9⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
8⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
7⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
10⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
11⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
12⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 216
11⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
10⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
8⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
7⤵
- Program crash
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
6⤵
- Program crash
PID:2508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
5⤵
- Program crash
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
6⤵
- Program crash
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
5⤵
- Program crash
PID:632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
3⤵
- Executes dropped EXE
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-19648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19648.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
9⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
10⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
11⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
12⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
13⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
14⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
15⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 236
14⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
13⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 236
12⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
11⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 236
10⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
9⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
10⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
11⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
12⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
13⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
13⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
12⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 220
11⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
10⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
9⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
8⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe
11⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
12⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
13⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 216
13⤵
PID:3856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
12⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
11⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
9⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
8⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
8⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
9⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 300
10⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 216
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
10⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
11⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
12⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
13⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 216
13⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
12⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
11⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
8⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
7⤵
- Program crash
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
8⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
9⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
10⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
11⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
12⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe
13⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
14⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
12⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
11⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
10⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
10⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
11⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
12⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
11⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
10⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
7⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
10⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
11⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
12⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 220
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
11⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
9⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
8⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
7⤵
- Program crash
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
6⤵
- Program crash
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
8⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
11⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-49590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49590.exe
12⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
13⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 216
13⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 236
12⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
11⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
10⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
9⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-38772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38772.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
10⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-47613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47613.exe
11⤵
PID:10632

C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
12⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 216
12⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 236
11⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 236
10⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-424.exe
7⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-37091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37091.exe
10⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
11⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
12⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 216
12⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
11⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 236
10⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
8⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 240
7⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-55583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55583.exe
7⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
8⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
9⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
10⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
11⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
12⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
11⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
10⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
9⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
8⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
7⤵
- Program crash
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
6⤵
- Program crash
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
5⤵
- Program crash
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-15316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15316.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
7⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
10⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
11⤵
PID:8892

C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
12⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
13⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 236
13⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 220
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 220
11⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 236
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
7⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
8⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
9⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-27397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27397.exe
10⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
11⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 220
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
10⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
9⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
8⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
7⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
6⤵
- Program crash
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
6⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
7⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
8⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
9⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
10⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
11⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 220
11⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
10⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
9⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
8⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
7⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
6⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-2474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2474.exe
7⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
8⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
9⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
10⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
10⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
9⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
8⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 216
7⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 240
6⤵
- Program crash
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
5⤵
- Program crash
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
2⤵
- Program crash
PID:2776

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
Filesize
184KB

MD5
d541f960b75fa2d7973593cc486a4406

SHA1
94c43a4b57d80a5a0c8988f5411f6935f244169e

SHA256
750a66ded1798e52a2a4b0c826c291ce4c5928d80373c48eab250b1febc5869c

SHA512
ce54a190721324c4b62e6bdd97af4c6404a4eed129c76b5d052dbca04db20f1ee7a30d27f05c831f9dff69f64e42866f6a18f683815291c2ec553575051d56ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
Filesize
184KB

MD5
e3e4b82a507693bdfb1347351a58e328

SHA1
3349ae2156452efc653331ea34942a4dd7fee160

SHA256
5968058df29962a42d2d72bff15877d809adfdd2832dd741909eae545433da70

SHA512
140c99431741b92c76ebeca2381177d8d8e4d6ab6298a3acb2660489c33d8ae01569c7a9e87373e40e596e9115c9bbc10292bcd893f54120f50fd48a743b3478

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
Filesize
184KB

MD5
7b9cb107849c1becdec2a8e9700b8018

SHA1
e01e606660d24f9fab6d10b481e8288022308b0c

SHA256
4852fb150056caceb93924fa6c0f0ba4ce6e859bc8dad638838cb7dd8a97acf4

SHA512
011047fcfc946ff584edf444a29a5e255ddeb99638ac93358b077e71e641f185e9c5e399564db1dfbb63a2d1c79f535987fe43ad972cc47e99338ccb38d5e312

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
Filesize
184KB

MD5
344f6c818deef571c947a13bf402d848

SHA1
db2f9db9c3087f99468ff5f191aad5625fa194a8

SHA256
d0631978e2f84260406da71fe444ec29b1521955afc466b006999300f9a8e3f1

SHA512
b9f36413fc8489a9bd35f5b8741bf0e6968eeb19f737fb256649803c1e833f388be0a53d82bf82000bf5b24e36e34f9c624913a93982e58768637bac35564b82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
Filesize
184KB

MD5
03efb567d472285487f8067ad3a15f6a

SHA1
fdf3f1a6ca212b54de8649d5d4a240b60d94c183

SHA256
1df610b27b5a07fddc0003b9288d3e18d946592572563f83c782d059204e5f4f

SHA512
162983517eb051af60da6fec496f35f44e55fede29431cc61822aec3ebbe4d1b9aee54b838113d27d1becd3668038579f642b87994ecb42feb4def73c49ebfbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
Filesize
184KB

MD5
8caa0c8c624c887204f7b773492e8a44

SHA1
0a506ef980a82fb84db09e90a97af4af4ff61310

SHA256
60eb6b8e07cd28ab772710c12be50485723c35d8b28562e6d98a2ffd9426afed

SHA512
94a17121b4de58625b7bb6eda438737fc398e219fbf55bbae982f9ed688db3a6c54438a885d687d957f6dcaae72836a997a70164d3441b4e90f38f495cc96436

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4459.exe
Filesize
184KB

MD5
76b7a39f609c92966bace14bc60a8d33

SHA1
95c20453522e897e419bed73df0e644db9ded5ad

SHA256
cdc9df4c1736897180ea960aa1b8fa16ce0ef608193dd5323572f9e4f088f411

SHA512
895084ebcd4c659411ac0bded793eb02aab541920fa7a611c589000458fea249aa1134b0f0f28cf86de13c397cde6d3e549a30371383662217607a5d981b5f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49735.exe
Filesize
184KB

MD5
afd8de5e654c9b13c9a9b9228312702a

SHA1
80c88e51674aa053357468348388288da7741c06

SHA256
da79ca735541a870fdaed433cb9ebc058644aa294a3e77b9149fea7ca431b2d8

SHA512
bb9a838daef99a71aee5083815d972bf749df9bde499566dc4df8a02d4c2ea120579bb39cdccee99c9a768ed40c3816a43933cd2f8f585e44a265a8b2efba4e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
Filesize
184KB

MD5
9e9bf29dac6d63e7729cb6197e91f0f9

SHA1
d5f8204289ae221f7849ace721f51225091f449a

SHA256
e6894867eeb895f2b1f83558930e17b0c0d6f39006edef8d386f9dac840e8905

SHA512
eb0d3b6b3f076ab8cd6b439e252d17f5c8cdbaa4b74bdceb49f8efe216d9cb437947511ab970ef07492db3e48569d71790e222200ef80f985f7c0fa51f6e7f0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
Filesize
184KB

MD5
a080fdda051817ff194ceb931a18aa65

SHA1
8f0e97f3edfc816a34c544f5287ac1de6440d8be

SHA256
2380be9a2dfae162e56d181755a632778edb65e43d2ddc3c85dc355ce0353d7e

SHA512
0b7ce5b46c8ce872f96a29927feef8eea34860754832b580a36f26f4d5ba8604ebb039f5609a6d5f20a76a934409e9a2d31404319af311e378942b3be0c94e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
Filesize
184KB

MD5
9050bf5fd0d8bee7324edc259951d828

SHA1
2066bfa3ca009c311a49befb40fdba02b76311c4

SHA256
ba1cf6b67e336c69f3ed83ee8cf6958083154c87648362b6cce20e0523206378

SHA512
0cc10a24a514d05dfb3319952488047230486d2c6b65d470386e00f8eec9fd4eb21956fee26cf6dda3facaeef8c73bc6f6f5339351daa027bd046258eaef8f47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
Filesize
184KB

MD5
a5d3f15912c39b57277b4fd600a3b8af

SHA1
b36c2991a2abfbf68f1ac690c5f014b6a325efae

SHA256
2fb7d782874cfdc31f0b4c7e3d1c088f15fb3ca4450fd79511fdf15948a5da39

SHA512
94f3657e59aa73d5d669388fa33efc6594e877113c50f7b6564e2ed5d523774ed9fd03db35e7b66f21c3cdd13c52f5e7ac61666168e79182fba8bd802206fe5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
Filesize
184KB

MD5
2781c6eb2df4ba8bfbbc634f434fb9fd

SHA1
9a4a96b24730274d42c67f5eedc8b15ad6853822

SHA256
814b6819c58067cbc11401df5a4c254eb879589f1fca4758c50b6e60108e0571

SHA512
a61b577c0aaef3c9991f44053e32b5dd3a82b5aabc72a50324a407f7b0723b4257aae61a2f7c824e29afdd081a08ceed3ab32d7ab22ec3f995ed355dbde5b222

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
Filesize
184KB

MD5
d62031e54130f9e72e0eceb656064109

SHA1
f967a365c1255f931a3b285ee4fe7819ad7f2764

SHA256
7c1ffb6289d52a484902049b48e6c4a40d8ca97079447a75b420582dbe778e1d

SHA512
404afb95b917463a8e6adc35be4a43e158ce40065c265058a099373ca3d4192f36bf9d27d75217fa09f7fec2c65d51f19227bf66dbc81a6d930d02e5a4b39a06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
Filesize
184KB

MD5
98ec3ddfeab6c54636dd41705d291087

SHA1
5d099a8d167052e371b6fa0e6a05629627201383

SHA256
e8a4ad237c3129f84030881db8fad60d042fcb87681c04013777f0577e69eb66

SHA512
b47dbf026fd6bc662ba9d990f1d7f7216aa66d073a3cd753cec1f132947d6290b8404edcf562ea8d06d56169871870e6c92869436fced90e9e6a9081572959ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
Filesize
184KB

MD5
83079b1685ba4833a42ad5495176e5f5

SHA1
5507ce69d65396b400c95f53911c197f8dddbc45

SHA256
65a247ae0f132a588b88dc14148891a250fd51056247a335d0c4e4b4c3d8a058

SHA512
edd5da912fc2538b7d320876d361b54539ee4750ff2536545bdf3943fda56849fb054e4a42161b58f6d644329cb71c8c475db2a4de230c3164635bf4c8e93574

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
Filesize
184KB

MD5
dd41ed466244ebc62259d1997020c08b

SHA1
1f2f7d9e79e80e1c656fd4c71cc75579ff21709b

SHA256
e97b5fdedb3a8469fbd25ebcfc7e297766d65e5a6458203b5e0e7222ce1a3c69

SHA512
b372fcf525e615b8d358f381bbe507dd160d245533d7dfbde5a89847ca44b65b0ff7a6f28e0e6e494967b7f6af493c3dc2df4e45dd884f88b0896b3cfbdff11b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19648.exe
Filesize
184KB

MD5
8adb482be2cd55c882eb0b1773fda788

SHA1
3cea79b603362e6ea47d2aaeb4a7e03b9370120d

SHA256
3dc2368e8106b72cd7d16bd546a672489fb0e8d417c299d84876f6e224e543ef

SHA512
aa79b1126f6240fa78d9a826c9674e57fc48ca5ef305742fba1078b250080450b101a09d9a8459bd247d88cfbc06fcf2c8c7bf4240e7bfcd7e1186d7a2d90c2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
Filesize
184KB

MD5
27e32f8e6bea6a93efd3f8e1878b71ed

SHA1
74a4411c9d6ed5ea19e92e6ced1f049ba1404b12

SHA256
728c31576ccba2eaacb14283d9ae4dba7bb2bbab01f4ff19bb29ec805bd7364c

SHA512
b9e9d6ff925bdd7cfd8d08df4c62e9ec774fff007bcbb427a41c99868bbc18a604f288365562dd97bda7759b7840d540beeb2d9625e56807df4878e78cc96116

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
Filesize
184KB

MD5
30e4b9e0b69b20171f55f2be2e94b0df

SHA1
10cf8b388f8fa01137117cff68852f8546b61901

SHA256
f37bd741ea8e2618e3227250564473fb9c26e29421851c085b914f37006e44fa

SHA512
45463ba4ab78568f849ce7c2c58937dd6a6c9a557e8bbe0046185d7add08fb89b17cb9f8d9e11ce7a3b97f0d83be6b525637d00adb3973716605a7a3d9f6f5ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
Filesize
184KB

MD5
46480ddda8664fd148c018fddd54ff70

SHA1
0de89e644618f5b71106e1615946ef2891a2b48e

SHA256
8dfabe31b7dbc28eefece7bc885da6347296a7af2b6a568fc5a703b24bf9f225

SHA512
f7a1d9177fda9ca41c99a6601792661b327447ba0815c72ea09ed547dcb1919192d2248530bc41cc0b10950898c6c16e90b5844e6c12159d8dbe4d06f8d11ee1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
Filesize
184KB

MD5
8ac1980a48276b26339f5d5f4fd2ef91

SHA1
1b4ff27438feed904dda04944dfb1b418f18eaa3

SHA256
20ae9166fbc620939e3b371027e2d1df013153e3fe0b3f0bf9ad21a5288468e1

SHA512
c2cf43c19f3e893dbfef73c9e6ec50a3967f843861f99385ae5c6ab4fc9c1f2d50831c1c481feff558dc9e27ae7a796084b1c9f8cd8fe1e6c2bca3e2e5c88c80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
Filesize
184KB

MD5
d43ebd18095792e3f6ed91949562eee1

SHA1
16fffba66b0eb1bf64f32d174d8103fac48bc747

SHA256
1bbe3e3c87e6388267a225c0ee05e69b4c31b06d4785d5832b8892676a08e86d

SHA512
f5fb021df50919b1f88a300c3ebfa0a6d05f39cd70089628ba996384b57d5cc7bb70722b8e94dffa43cc35de5f85afb1095909687fbdca66255a48bb98e9744b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads