98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe
Size

184KB
MD5

5ecdc860eccfec5feb183b397693befe
SHA1

8c4bde3f758dc9c41e4a081df622510900435b65
SHA256

98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670
SHA512

4670063f3c1a06dbfde3c63c79feada49e541f98924658f3c8409d29eef69727cd87d7fd1305b4ae796d3b6d9a2c9dbafd49cd771492248791e550aba8ea08f7
SSDEEP

3072:W0EyPxo9743cjGhWeAgLNWsdhlnViF7nJ:W0joSGGhvLIsdhlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-56711.exeUnicorn-48840.exeUnicorn-35087.exeUnicorn-29695.exeUnicorn-3244.exeUnicorn-48916.exeUnicorn-23492.exeUnicorn-3626.exeUnicorn-41281.exeUnicorn-58878.exeUnicorn-39012.exeUnicorn-8321.exeUnicorn-21259.exeUnicorn-10734.exeUnicorn-13578.exeUnicorn-29064.exeUnicorn-16463.exeUnicorn-16463.exeUnicorn-30204.exeUnicorn-59814.exeUnicorn-45917.exeUnicorn-11646.exeUnicorn-30867.exeUnicorn-16255.exeUnicorn-35475.exeUnicorn-6825.exeUnicorn-55917.exeUnicorn-36051.exeUnicorn-49338.exeUnicorn-32871.exeUnicorn-27744.exeUnicorn-60547.exeUnicorn-65347.exeUnicorn-65155.exeUnicorn-63847.exeUnicorn-7485.exeUnicorn-63811.exeUnicorn-34599.exeUnicorn-11206.exeUnicorn-63614.exeUnicorn-53287.exeUnicorn-11014.exeUnicorn-26919.exeUnicorn-49492.exeUnicorn-20986.exeUnicorn-14401.exeUnicorn-14977.exeUnicorn-28142.exeUnicorn-48008.exeUnicorn-32911.exeUnicorn-18050.exeUnicorn-11121.exeUnicorn-15938.exeUnicorn-52201.exeUnicorn-38792.exeUnicorn-38792.exeUnicorn-23695.exeUnicorn-21195.exeUnicorn-1329.exeUnicorn-1329.exeUnicorn-39752.exeUnicorn-9518.exeUnicorn-24655.exeUnicorn-27519.exe

pid	process
2200	Unicorn-56711.exe
2128	Unicorn-48840.exe
2284	Unicorn-35087.exe
2764	Unicorn-29695.exe
2204	Unicorn-3244.exe
2696	Unicorn-48916.exe
2824	Unicorn-23492.exe
1572	Unicorn-3626.exe
3048	Unicorn-41281.exe
1976	Unicorn-58878.exe
1932	Unicorn-39012.exe
3044	Unicorn-8321.exe
2112	Unicorn-21259.exe
1728	Unicorn-10734.exe
2940	Unicorn-13578.exe
2072	Unicorn-29064.exe
684	Unicorn-16463.exe
320	Unicorn-16463.exe
1144	Unicorn-30204.exe
1000	Unicorn-59814.exe
1820	Unicorn-45917.exe
1788	Unicorn-11646.exe
2040	Unicorn-30867.exe
1748	Unicorn-16255.exe
1996	Unicorn-35475.exe
924	Unicorn-6825.exe
1664	Unicorn-55917.exe
2296	Unicorn-36051.exe
1736	Unicorn-49338.exe
2140	Unicorn-32871.exe
1328	Unicorn-27744.exe
2352	Unicorn-60547.exe
2756	Unicorn-65347.exe
2724	Unicorn-65155.exe
2704	Unicorn-63847.exe
1980	Unicorn-7485.exe
2576	Unicorn-63811.exe
2472	Unicorn-34599.exe
2864	Unicorn-11206.exe
2992	Unicorn-63614.exe
3000	Unicorn-53287.exe
3020	Unicorn-11014.exe
1952	Unicorn-26919.exe
2088	Unicorn-49492.exe
2116	Unicorn-20986.exe
536	Unicorn-14401.exe
1492	Unicorn-14977.exe
2152	Unicorn-28142.exe
1140	Unicorn-48008.exe
2028	Unicorn-32911.exe
2000	Unicorn-18050.exe
2004	Unicorn-11121.exe
1724	Unicorn-15938.exe
1652	Unicorn-52201.exe
2716	Unicorn-38792.exe
1616	Unicorn-38792.exe
1672	Unicorn-23695.exe
1796	Unicorn-21195.exe
1956	Unicorn-1329.exe
2680	Unicorn-1329.exe
1776	Unicorn-39752.exe
2684	Unicorn-9518.exe
2876	Unicorn-24655.exe
2108	Unicorn-27519.exe

Loads dropped DLL 64 IoCs

Processes:

98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exeUnicorn-56711.exeUnicorn-48840.exeUnicorn-35087.exeWerFault.exeUnicorn-29695.exeUnicorn-3244.exeUnicorn-48916.exeWerFault.exeWerFault.exeUnicorn-3626.exeUnicorn-23492.exeUnicorn-41281.exeUnicorn-39012.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe
2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe
2200	Unicorn-56711.exe
2200	Unicorn-56711.exe
2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe
2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe
2128	Unicorn-48840.exe
2200	Unicorn-56711.exe
2128	Unicorn-48840.exe
2200	Unicorn-56711.exe
2284	Unicorn-35087.exe
2284	Unicorn-35087.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
2128	Unicorn-48840.exe
2764	Unicorn-29695.exe
2764	Unicorn-29695.exe
2128	Unicorn-48840.exe
2204	Unicorn-3244.exe
2204	Unicorn-3244.exe
2696	Unicorn-48916.exe
2696	Unicorn-48916.exe
2284	Unicorn-35087.exe
2284	Unicorn-35087.exe
1036	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
1036	WerFault.exe
2604	WerFault.exe
1572	Unicorn-3626.exe
1572	Unicorn-3626.exe
2824	Unicorn-23492.exe
2824	Unicorn-23492.exe
2764	Unicorn-29695.exe
2764	Unicorn-29695.exe
3048	Unicorn-41281.exe
3048	Unicorn-41281.exe
1932	Unicorn-39012.exe
1932	Unicorn-39012.exe
2204	Unicorn-3244.exe
2696	Unicorn-48916.exe
2204	Unicorn-3244.exe
2696	Unicorn-48916.exe
1508	WerFault.exe
1508	WerFault.exe
1508	WerFault.exe
1508	WerFault.exe
1508	WerFault.exe
556	WerFault.exe
556	WerFault.exe
556	WerFault.exe
556	WerFault.exe
556	WerFault.exe
852	WerFault.exe
852	WerFault.exe
852	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2916	2972	WerFault.exe	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe
3016	2200	WerFault.exe	Unicorn-56711.exe
1036	2128	WerFault.exe	Unicorn-48840.exe
2604	2284	WerFault.exe	Unicorn-35087.exe
1508	2764	WerFault.exe	Unicorn-29695.exe
556	2204	WerFault.exe	Unicorn-3244.exe
852	2696	WerFault.exe	Unicorn-48916.exe
2844	1572	WerFault.exe	Unicorn-3626.exe
284	2824	WerFault.exe	Unicorn-23492.exe
1696	1976	WerFault.exe	Unicorn-58878.exe
2044	3048	WerFault.exe	Unicorn-41281.exe
2196	1932	WerFault.exe	Unicorn-39012.exe
1316	3044	WerFault.exe	Unicorn-8321.exe
1792	1728	WerFault.exe	Unicorn-10734.exe
1836	2112	WerFault.exe	Unicorn-21259.exe
1304	2940	WerFault.exe	Unicorn-13578.exe
2292	2072	WerFault.exe	Unicorn-29064.exe
2168	684	WerFault.exe	Unicorn-16463.exe
2632	320	WerFault.exe	Unicorn-16463.exe
1004	2756	WerFault.exe	Unicorn-65347.exe
2216	2472	WerFault.exe	Unicorn-34599.exe
2332	1144	WerFault.exe	Unicorn-30204.exe
2712	1000	WerFault.exe	Unicorn-59814.exe
2020	1820	WerFault.exe	Unicorn-45917.exe
1040	1788	WerFault.exe	Unicorn-11646.exe
1712	2040	WerFault.exe	Unicorn-30867.exe
1680	1748	WerFault.exe	Unicorn-16255.exe
1052	1664	WerFault.exe	Unicorn-55917.exe
1832	2296	WerFault.exe	Unicorn-36051.exe
1268	924	WerFault.exe	Unicorn-6825.exe
876	2352	WerFault.exe	Unicorn-60547.exe
2304	1328	WerFault.exe	Unicorn-27744.exe
896	2140	WerFault.exe	Unicorn-32871.exe
1536	1736	WerFault.exe	Unicorn-49338.exe
2784	2724	WerFault.exe	Unicorn-65155.exe
2700	2704	WerFault.exe	Unicorn-63847.exe
1516	2576	WerFault.exe	Unicorn-63811.exe
1704	1980	WerFault.exe	Unicorn-7485.exe
2832	2864	WerFault.exe	Unicorn-11206.exe
2244	2992	WerFault.exe	Unicorn-63614.exe
2320	3000	WerFault.exe	Unicorn-53287.exe
2060	1952	WerFault.exe	Unicorn-26919.exe
2736	3020	WerFault.exe	Unicorn-11014.exe
3620	536	WerFault.exe	Unicorn-14401.exe
3668	2088	WerFault.exe	Unicorn-49492.exe
3672	2116	WerFault.exe	Unicorn-20986.exe
3748	1140	WerFault.exe	Unicorn-48008.exe
3832	1492	WerFault.exe	Unicorn-14977.exe
3860	1672	WerFault.exe	Unicorn-23695.exe
3884	2716	WerFault.exe	Unicorn-38792.exe
3896	1776	WerFault.exe	Unicorn-39752.exe
3272	2680	WerFault.exe	Unicorn-1329.exe
3424	1956	WerFault.exe	Unicorn-1329.exe
3544	2876	WerFault.exe	Unicorn-24655.exe
3552	1616	WerFault.exe	Unicorn-38792.exe
3640	1652	WerFault.exe	Unicorn-52201.exe
3772	2028	WerFault.exe	Unicorn-32911.exe
3372	2000	WerFault.exe	Unicorn-18050.exe
3384	2108	WerFault.exe	Unicorn-27519.exe
3528	2684	WerFault.exe	Unicorn-9518.exe
3616	1764	WerFault.exe	Unicorn-25983.exe
3648	1568	WerFault.exe	Unicorn-43004.exe
4040	1724	WerFault.exe	Unicorn-15938.exe
3268	2004	WerFault.exe	Unicorn-11121.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exeUnicorn-56711.exeUnicorn-48840.exeUnicorn-35087.exeUnicorn-29695.exeUnicorn-48916.exeUnicorn-3244.exeUnicorn-23492.exeUnicorn-3626.exeUnicorn-41281.exeUnicorn-39012.exeUnicorn-58878.exeUnicorn-8321.exeUnicorn-21259.exeUnicorn-10734.exeUnicorn-13578.exeUnicorn-29064.exeUnicorn-16463.exeUnicorn-16463.exeUnicorn-30204.exeUnicorn-59814.exeUnicorn-45917.exeUnicorn-11646.exeUnicorn-30867.exeUnicorn-16255.exeUnicorn-55917.exeUnicorn-36051.exeUnicorn-6825.exeUnicorn-49338.exeUnicorn-32871.exeUnicorn-27744.exeUnicorn-60547.exeUnicorn-65347.exeUnicorn-65155.exeUnicorn-63847.exeUnicorn-7485.exeUnicorn-63811.exeUnicorn-34599.exeUnicorn-11206.exeUnicorn-63614.exeUnicorn-53287.exeUnicorn-11014.exeUnicorn-26919.exeUnicorn-49492.exeUnicorn-20986.exeUnicorn-14401.exeUnicorn-14977.exeUnicorn-48008.exeUnicorn-28142.exeUnicorn-32911.exeUnicorn-18050.exeUnicorn-11121.exeUnicorn-15938.exeUnicorn-52201.exeUnicorn-38792.exeUnicorn-23695.exeUnicorn-38792.exeUnicorn-1329.exeUnicorn-21195.exeUnicorn-1329.exeUnicorn-9518.exeUnicorn-39752.exeUnicorn-24655.exeUnicorn-27519.exe

pid	process
2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe
2200	Unicorn-56711.exe
2128	Unicorn-48840.exe
2284	Unicorn-35087.exe
2764	Unicorn-29695.exe
2696	Unicorn-48916.exe
2204	Unicorn-3244.exe
2824	Unicorn-23492.exe
1572	Unicorn-3626.exe
3048	Unicorn-41281.exe
1932	Unicorn-39012.exe
1976	Unicorn-58878.exe
3044	Unicorn-8321.exe
2112	Unicorn-21259.exe
1728	Unicorn-10734.exe
2940	Unicorn-13578.exe
2072	Unicorn-29064.exe
320	Unicorn-16463.exe
684	Unicorn-16463.exe
1144	Unicorn-30204.exe
1000	Unicorn-59814.exe
1820	Unicorn-45917.exe
1788	Unicorn-11646.exe
2040	Unicorn-30867.exe
1748	Unicorn-16255.exe
1664	Unicorn-55917.exe
2296	Unicorn-36051.exe
924	Unicorn-6825.exe
1736	Unicorn-49338.exe
2140	Unicorn-32871.exe
1328	Unicorn-27744.exe
2352	Unicorn-60547.exe
2756	Unicorn-65347.exe
2724	Unicorn-65155.exe
2704	Unicorn-63847.exe
1980	Unicorn-7485.exe
2576	Unicorn-63811.exe
2472	Unicorn-34599.exe
2864	Unicorn-11206.exe
2992	Unicorn-63614.exe
3000	Unicorn-53287.exe
3020	Unicorn-11014.exe
1952	Unicorn-26919.exe
2088	Unicorn-49492.exe
2116	Unicorn-20986.exe
536	Unicorn-14401.exe
1492	Unicorn-14977.exe
1140	Unicorn-48008.exe
2152	Unicorn-28142.exe
2028	Unicorn-32911.exe
2000	Unicorn-18050.exe
2004	Unicorn-11121.exe
1724	Unicorn-15938.exe
1652	Unicorn-52201.exe
2716	Unicorn-38792.exe
1672	Unicorn-23695.exe
1616	Unicorn-38792.exe
1956	Unicorn-1329.exe
1796	Unicorn-21195.exe
2680	Unicorn-1329.exe
2684	Unicorn-9518.exe
1776	Unicorn-39752.exe
2876	Unicorn-24655.exe
2108	Unicorn-27519.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exeUnicorn-56711.exeUnicorn-48840.exeUnicorn-35087.exeUnicorn-29695.exeUnicorn-3244.exeUnicorn-48916.exeUnicorn-3626.exe

description	pid	process	target process
PID 2972 wrote to memory of 2200	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	Unicorn-56711.exe
PID 2972 wrote to memory of 2200	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	Unicorn-56711.exe
PID 2972 wrote to memory of 2200	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	Unicorn-56711.exe
PID 2972 wrote to memory of 2200	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	Unicorn-56711.exe
PID 2200 wrote to memory of 2128	2200	Unicorn-56711.exe	Unicorn-48840.exe
PID 2200 wrote to memory of 2128	2200	Unicorn-56711.exe	Unicorn-48840.exe
PID 2200 wrote to memory of 2128	2200	Unicorn-56711.exe	Unicorn-48840.exe
PID 2200 wrote to memory of 2128	2200	Unicorn-56711.exe	Unicorn-48840.exe
PID 2972 wrote to memory of 2284	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	Unicorn-35087.exe
PID 2972 wrote to memory of 2284	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	Unicorn-35087.exe
PID 2972 wrote to memory of 2284	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	Unicorn-35087.exe
PID 2972 wrote to memory of 2284	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	Unicorn-35087.exe
PID 2972 wrote to memory of 2916	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	WerFault.exe
PID 2972 wrote to memory of 2916	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	WerFault.exe
PID 2972 wrote to memory of 2916	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	WerFault.exe
PID 2972 wrote to memory of 2916	2972	98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe	WerFault.exe
PID 2128 wrote to memory of 2764	2128	Unicorn-48840.exe	Unicorn-29695.exe
PID 2128 wrote to memory of 2764	2128	Unicorn-48840.exe	Unicorn-29695.exe
PID 2128 wrote to memory of 2764	2128	Unicorn-48840.exe	Unicorn-29695.exe
PID 2128 wrote to memory of 2764	2128	Unicorn-48840.exe	Unicorn-29695.exe
PID 2200 wrote to memory of 2696	2200	Unicorn-56711.exe	Unicorn-48916.exe
PID 2200 wrote to memory of 2696	2200	Unicorn-56711.exe	Unicorn-48916.exe
PID 2200 wrote to memory of 2696	2200	Unicorn-56711.exe	Unicorn-48916.exe
PID 2200 wrote to memory of 2696	2200	Unicorn-56711.exe	Unicorn-48916.exe
PID 2284 wrote to memory of 2204	2284	Unicorn-35087.exe	Unicorn-3244.exe
PID 2284 wrote to memory of 2204	2284	Unicorn-35087.exe	Unicorn-3244.exe
PID 2284 wrote to memory of 2204	2284	Unicorn-35087.exe	Unicorn-3244.exe
PID 2284 wrote to memory of 2204	2284	Unicorn-35087.exe	Unicorn-3244.exe
PID 2200 wrote to memory of 3016	2200	Unicorn-56711.exe	WerFault.exe
PID 2200 wrote to memory of 3016	2200	Unicorn-56711.exe	WerFault.exe
PID 2200 wrote to memory of 3016	2200	Unicorn-56711.exe	WerFault.exe
PID 2200 wrote to memory of 3016	2200	Unicorn-56711.exe	WerFault.exe
PID 2764 wrote to memory of 2824	2764	Unicorn-29695.exe	Unicorn-23492.exe
PID 2764 wrote to memory of 2824	2764	Unicorn-29695.exe	Unicorn-23492.exe
PID 2764 wrote to memory of 2824	2764	Unicorn-29695.exe	Unicorn-23492.exe
PID 2764 wrote to memory of 2824	2764	Unicorn-29695.exe	Unicorn-23492.exe
PID 2128 wrote to memory of 1572	2128	Unicorn-48840.exe	Unicorn-3626.exe
PID 2128 wrote to memory of 1572	2128	Unicorn-48840.exe	Unicorn-3626.exe
PID 2128 wrote to memory of 1572	2128	Unicorn-48840.exe	Unicorn-3626.exe
PID 2128 wrote to memory of 1572	2128	Unicorn-48840.exe	Unicorn-3626.exe
PID 2204 wrote to memory of 3048	2204	Unicorn-3244.exe	Unicorn-41281.exe
PID 2204 wrote to memory of 3048	2204	Unicorn-3244.exe	Unicorn-41281.exe
PID 2204 wrote to memory of 3048	2204	Unicorn-3244.exe	Unicorn-41281.exe
PID 2204 wrote to memory of 3048	2204	Unicorn-3244.exe	Unicorn-41281.exe
PID 2696 wrote to memory of 1976	2696	Unicorn-48916.exe	Unicorn-58878.exe
PID 2696 wrote to memory of 1976	2696	Unicorn-48916.exe	Unicorn-58878.exe
PID 2696 wrote to memory of 1976	2696	Unicorn-48916.exe	Unicorn-58878.exe
PID 2696 wrote to memory of 1976	2696	Unicorn-48916.exe	Unicorn-58878.exe
PID 2284 wrote to memory of 1932	2284	Unicorn-35087.exe	Unicorn-39012.exe
PID 2284 wrote to memory of 1932	2284	Unicorn-35087.exe	Unicorn-39012.exe
PID 2284 wrote to memory of 1932	2284	Unicorn-35087.exe	Unicorn-39012.exe
PID 2284 wrote to memory of 1932	2284	Unicorn-35087.exe	Unicorn-39012.exe
PID 2128 wrote to memory of 1036	2128	Unicorn-48840.exe	WerFault.exe
PID 2128 wrote to memory of 1036	2128	Unicorn-48840.exe	WerFault.exe
PID 2128 wrote to memory of 1036	2128	Unicorn-48840.exe	WerFault.exe
PID 2128 wrote to memory of 1036	2128	Unicorn-48840.exe	WerFault.exe
PID 2284 wrote to memory of 2604	2284	Unicorn-35087.exe	WerFault.exe
PID 2284 wrote to memory of 2604	2284	Unicorn-35087.exe	WerFault.exe
PID 2284 wrote to memory of 2604	2284	Unicorn-35087.exe	WerFault.exe
PID 2284 wrote to memory of 2604	2284	Unicorn-35087.exe	WerFault.exe
PID 1572 wrote to memory of 3044	1572	Unicorn-3626.exe	Unicorn-8321.exe
PID 1572 wrote to memory of 3044	1572	Unicorn-3626.exe	Unicorn-8321.exe
PID 1572 wrote to memory of 3044	1572	Unicorn-3626.exe	Unicorn-8321.exe
PID 1572 wrote to memory of 3044	1572	Unicorn-3626.exe	Unicorn-8321.exe

C:\Users\Admin\AppData\Local\Temp\98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe
"C:\Users\Admin\AppData\Local\Temp\98dc77a365ce8fb0dbf9c57243d03bd5ea32fe50d2a308973faed2609b43e670.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
10⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
11⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
12⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
13⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
14⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-15923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15923.exe
15⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
15⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
14⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
13⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
12⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
11⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
11⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
12⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
13⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
14⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 220
14⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
13⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
12⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
11⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
10⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
9⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
10⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
11⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
12⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
13⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
14⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 216
14⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 236
13⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
12⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
11⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
10⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
9⤵
- Program crash
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
9⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
10⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
11⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
12⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
13⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-35037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35037.exe
14⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
14⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
13⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
12⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
11⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
11⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
12⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
13⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 236
13⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
9⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
8⤵
- Program crash
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
9⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
10⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
11⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
12⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
13⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-7686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7686.exe
14⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 236
14⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 236
13⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
12⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
11⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
10⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
11⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
12⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
13⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
13⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
12⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
11⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
10⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
11⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
12⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
13⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
13⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
12⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
11⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
10⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
9⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
8⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
10⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
11⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
12⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
13⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
13⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
12⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 236
11⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
10⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
9⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
8⤵
- Program crash
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
7⤵
- Program crash
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
9⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
10⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
11⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
12⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
13⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-5291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5291.exe
14⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
14⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
13⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
12⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
11⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
11⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
12⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
13⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
13⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
12⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
11⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-48192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48192.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
10⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
11⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
12⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
13⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
13⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
12⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
11⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
10⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 220
9⤵
- Program crash
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
8⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-24394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24394.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
10⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
11⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
12⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
13⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
13⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
12⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
11⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
11⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
12⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
12⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 220
11⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
9⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 220
8⤵
- Program crash
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
8⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
11⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
12⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
13⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
13⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 220
12⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
11⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
10⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
10⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
11⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
12⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
12⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
11⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 220
10⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
11⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
12⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
11⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
10⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
9⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
8⤵
- Program crash
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
7⤵
- Program crash
PID:1712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
6⤵
- Program crash
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-27744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27744.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
8⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
9⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
10⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
11⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
12⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
13⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
13⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
12⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
11⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
10⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
9⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
10⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
11⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
12⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 236
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
11⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
10⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
9⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
8⤵
- Program crash
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
7⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
8⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
10⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 220
11⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
10⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-33540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33540.exe
10⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
11⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 236
11⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 220
10⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
8⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
7⤵
- Program crash
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
6⤵
- Program crash
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
9⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
10⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
11⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
12⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
13⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
14⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
13⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
12⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
11⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
10⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
10⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
11⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
12⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
13⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 236
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
12⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
11⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
10⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 240
9⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
10⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
11⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
12⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
13⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
12⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
11⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
9⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
11⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
12⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
12⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
11⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
10⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
8⤵
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
8⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
10⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
11⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
12⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
13⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
13⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 220
12⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
11⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
10⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
9⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-51284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51284.exe
10⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
11⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
12⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
12⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
11⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
10⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
8⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
7⤵
- Program crash
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
8⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
9⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
11⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
12⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 220
13⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
12⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
11⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
10⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
11⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 208
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
10⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
9⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
11⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 220
12⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
11⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
9⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
8⤵
- Program crash
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
7⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-25566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25566.exe
10⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
11⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
12⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
11⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
10⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
10⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
11⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
11⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 240
11⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
10⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
8⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
7⤵
- Program crash
PID:896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
6⤵
- Program crash
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-59814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59814.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
9⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
10⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
11⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
12⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-12955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12955.exe
13⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
13⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
12⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
11⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
10⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
9⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
8⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
10⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
11⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
12⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
13⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
12⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
11⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
9⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
8⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
7⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-58695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58695.exe
8⤵
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
10⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
11⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
12⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
11⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
10⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 236
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
10⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
11⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
11⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
10⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
8⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
7⤵
- Program crash
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-20986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20986.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
7⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
11⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
12⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
12⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
11⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
9⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
8⤵
- Program crash
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
7⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
8⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
9⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
10⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
11⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
11⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
10⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
9⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
8⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
7⤵
- Program crash
PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
6⤵
- Program crash
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
5⤵
- Program crash
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
7⤵
- Program crash
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
7⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
10⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
11⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
12⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 236
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
11⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
10⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
8⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
7⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
8⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
9⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
10⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
11⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 236
11⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
10⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
9⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
8⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
7⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
6⤵
- Program crash
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
5⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-12272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12272.exe
8⤵
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
10⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-63946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63946.exe
11⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
12⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
13⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 236
13⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
12⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 216
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
10⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
11⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
12⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
12⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
11⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 240
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
8⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
7⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
10⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-51804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51804.exe
11⤵
PID:9320

C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
12⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 216
12⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
11⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
9⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
8⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 220
7⤵
- Program crash
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
7⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
8⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
9⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
10⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
11⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
10⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
9⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
8⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
7⤵
- Program crash
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
6⤵
- Program crash
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
7⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
9⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-9685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9685.exe
10⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
11⤵
PID:8304

C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
12⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
12⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
11⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
10⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
8⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
7⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
8⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
9⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
10⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
11⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
10⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 236
9⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
8⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
7⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
6⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-24394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24394.exe
7⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
8⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
9⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
10⤵
PID:10280

C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
11⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10280 -s 216
11⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 236
10⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
9⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
8⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
7⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
6⤵
- Program crash
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
5⤵
- Program crash
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
9⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
10⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
11⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
12⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
13⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-54462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54462.exe
14⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
13⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 236
12⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 216
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
11⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
12⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
13⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 220
13⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 220
12⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
11⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
10⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 220
9⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
8⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-20733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20733.exe
10⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
11⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
12⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
13⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 236
13⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
12⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
11⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
10⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
9⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
8⤵
- Program crash
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
7⤵
- Program crash
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
7⤵
- Program crash
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
6⤵
- Program crash
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
5⤵
- Executes dropped EXE
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 220
5⤵
- Program crash
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
5⤵
- Program crash
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
8⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-48348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48348.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
10⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
11⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
11⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
12⤵
PID:8788

C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 220
13⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
12⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 220
11⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
10⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
10⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
11⤵
PID:8920

C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
12⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
12⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
11⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
10⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 220
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
11⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
12⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
10⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 220
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
7⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
10⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-53227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53227.exe
11⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
10⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
8⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
7⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
7⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-10374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10374.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
10⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 220
11⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
10⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-25270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25270.exe
7⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
9⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
10⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
11⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 220
11⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
10⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
9⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
8⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
7⤵
- Program crash
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 240
6⤵
- Program crash
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
7⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
8⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
9⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
10⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
11⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 220
11⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 236
10⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
9⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
8⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
7⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
6⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
7⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
9⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
10⤵
PID:10360

C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
11⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 216
11⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
10⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
9⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
8⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
7⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
6⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
5⤵
- Program crash
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
6⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
7⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
9⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
10⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
11⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
12⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
11⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
10⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
9⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
8⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
8⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
9⤵
PID:8316

C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
10⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 216
10⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
9⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
8⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
7⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
6⤵
- Program crash
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-25262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25262.exe
6⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
7⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
8⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
9⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
10⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
11⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
11⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
10⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
9⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
8⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
7⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
6⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
7⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
8⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
9⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-45779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45779.exe
10⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
10⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
9⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
8⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
7⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 220
6⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
5⤵
- Program crash
PID:1832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
4⤵
- Program crash
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
2⤵
- Program crash
PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe

Filesize
184KB

MD5
51e6fbc4fe3a7c520928b98a9ab10f09

SHA1
a1e03511af82aa4e20babbe00b2dddb4acc0601e

SHA256
b2376b730725448f410a90de2eb4b576fcfb50d5877a87561853c31a1d6fe54d

SHA512
24e4e3746c1322b673d7b670673cddf20891af8be087bc227ddc01348ed441f4aad4d508cc8d0b06dc1ed939937ea25623aedc21b1eb9a15d82a22a1de091c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe

Filesize
184KB

MD5
498f883b15eb236317153b3e4ed3f205

SHA1
bb5e0edc6ce383d4a483f7a51c719b024790d59e

SHA256
15973aee4906b2badb87e1a4db5a314d35dce8a6613ac0b0517b9fd1dfad2917

SHA512
71aafedd449ea2ddc3d212ee9db6959f2aecb650b78f79f20d4faf259fdc806986aacf45270bf559b71d74d25aaacca686e2b1a178843434cbe7c5f3ae10d445

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe

Filesize
184KB

MD5
abec86de658b8e89fd837a8119bdb51f

SHA1
9fa4fe2f84169fc753532cb8848f45017da3f2b1

SHA256
f4ada9a0318599ed2853c17354404c1bfe3fa4475b23a78b9cc9487d4b1eaf63

SHA512
f6168ff4723bdbf412d1cd93815509c43dff0c115624d3886d027ddec9dc1fe60fca9971eed9ca29dc4cde0cf9e483ecbee59f0e0da2774a4d3db2666938dbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe

Filesize
184KB

MD5
f77769b7a755a98ee7eebfc3545e80ec

SHA1
dadbd960d9c5d8624fc562a48f5c447460e56ba1

SHA256
5181c5cd6b6e555657f8d50cdadab0f1592525f8e5cd2a3f0d5b5e4f497b2b3f

SHA512
84c365f76709349b09ca4a96407ea73c89e9467304b63a8514d1edbc0bc0a6f98c6388dd7e35f253486e06a6628da6546dd8f68fd1222aed697a3ae8cf4269aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe

Filesize
184KB

MD5
dfc6dfe383f51fe21d090d106549d486

SHA1
8b94b8c0dd05e51abf6fda69a6ebb3058feae4d6

SHA256
bbf6a036e84c1ed9511de1caa92aeb804cf492206195b1a9b6851cc8ba6988c8

SHA512
7a04ac8f8644e9a9fec79a92fde490f16df9053b5cfe7381a1a81d8a26b7d8bc844ebe69ff12a8c3a0754430cd0dcf9cc82d7cf47a0b1744826928f128c43bac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe

Filesize
184KB

MD5
91bec0e2cdcbd688be9126c5fe7d77b1

SHA1
32db18cb814f173de994cda81f3df39b49116025

SHA256
3bcc74bfb33925fcafd4a3bd02df9791173b54b4cf904799e3fbab45ef701e23

SHA512
51e165e59c627745ed55a8b380411fb7358e73a54ff934fccbcaa23835845dbfd87ba8c060f377849d4f41ee56ed09253799de0b0361c203805e061029f95536

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe

Filesize
184KB

MD5
ec7b9286af3acc84ce9fbd91dc6c2343

SHA1
f0ee976fa19d6ed16d9448a9cbe4c851810e54f5

SHA256
3034eee22ea02076eecc9c84c7b62922e784e29d1953878e88c276870e7c84a9

SHA512
317bde69f34f106797532576d9e156bd03843d698946291784550ff9dadf26270c71c652a0daf7b99f914983ef960fe1d3f3a5427a8440b196edb4883d642029

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe

Filesize
184KB

MD5
01d60e138cea100bba3cec5c58d22f04

SHA1
e4bbb89fe54ef1bbaa8d955c3b2e028faaeaccd1

SHA256
32a9a6ecec284076556d82c5d5d14c5d0797bab30b787ecc50ce295d851d158b

SHA512
aa7f304498033be435652c6977e9965fedca24c080dd0ef3463a90fabec58d1e381c4b2253f27351446cc14d521c78544b1dc8e4deb51b86a57f70164de2b529

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe

Filesize
184KB

MD5
2756470550f924668cb8a7a73ff3ec81

SHA1
3a95052bfcc01e08c085d1dfd06597eb6d917f88

SHA256
81b05b39eb7576c4575be890fdfd970c276fd74710a7780c9670ceaf8d68e53e

SHA512
a742ced20db23ac8d682252de7227547adee1d0ae8a6fff32e6fdc6ef4be65d4d041ab1c7275d16fdbd7882cba069b4bdfd305261d692de190e96ecbfad9ca17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe

Filesize
184KB

MD5
eafd48c2fd7040f1dd2faf2fdddf9c7e

SHA1
d59250babaffc6a605bdbcc8b714a3525b74f022

SHA256
c7aca5565db59434880ab8f7fe629ae310c2815e064c8bd35e7021d9740bb3b6

SHA512
7ffc810e38501a6d6fa6865b9e575977766539d543439e13e8942582d01fbc8d0ed1e9e443b4263ea0205a5bd31c3f3a9c0cc443bb29778d22bc50df52f6e7ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe

Filesize
184KB

MD5
f496bc2b1d9c9e4d70fe0ba2249c2186

SHA1
6cae6078a3df923dcf6a88e192ece787b4312ad3

SHA256
f08cf9f685ed6a5ef252317161341f29959aa73ae556469e2044a197366a5f61

SHA512
db7a838a7934d3309461267788b7a1931aad926de3f2db4f252a7e346c5befe4567f82109a4d20e0a001efcdd0e985cbdd80043c1ab5beb01962488432d3d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe

Filesize
184KB

MD5
12622cf9f841e0d7f0da1d65735f2947

SHA1
d710cd695c5591738b95dc2e8e2e8a2621781661

SHA256
d7bd46529b72ac642800723243729b408ea829177155b014e4d15bdd7e083e29

SHA512
c059bee8377252567aa3b0773227b60d4e7e19ddb7f1131a18108215912ed9db825e6120ded46e305eab8146916e707b1623b760af32545f2d2b11ffd5143f54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe

Filesize
184KB

MD5
d17a486f8a4077750cd9d770618ebe42

SHA1
06b01077c1f3f1136b0c3572e1c90ba75fa72525

SHA256
749754eca0955a74091fa58dd092e0946e0c1ad6a5f2a1a970cee7368021426b

SHA512
4186fc276ec9ed30a0c90de6192c33b8e6fdf55dedd1dc87925eba42ec75916270a2dea155760158161e6dc60dec7f7e18593f4c0610f0139df0ea78d5390213

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe

Filesize
184KB

MD5
015e076359b803f49c95017e3da3ad2b

SHA1
6e38b2fa06d6db31a8ecd79ee7505a6b0d034ef9

SHA256
71039bce5883bed5734e87223a7f075e0fa7f4320ab0a6d3416a28bac71b22d7

SHA512
33b7afc40891e9f65d0f78c9d9a31b64660bf8a9432589d894502abc3d71c66794e2dc90e46f85297ab3930ad965d758358d009ccff0fa95941e32fc55b46b30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe

Filesize
184KB

MD5
89975e1feb8a720210ed03fb119fe3eb

SHA1
b0ade32e4f0191c53d5aad2393f6624148f283fc

SHA256
a73de295db7ee56be8449e70e57f717bc4f61811b9d8f3f7d0e5c07702c4ee46

SHA512
6df37919d2bc1b15e955668994a9a4c179ba0ccd647f15d14dc5d20ad29cc48b0d2d6ecd6923a0873ca3929086c7a6b4f10b19595dc1758c2e291ccc20b7f0c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe

Filesize
184KB

MD5
74fc7723d1f64cfc505a6df497e7d964

SHA1
fc4dcad94f67d3761368c67e9f7cd2f918e179bc

SHA256
1b896601fb185a1d755030e1439e21c770f5250a4db85360a8a2e86c08650af9

SHA512
759f3d3c747242b87dd7361f196009cb0825f3a4781df10bf808a53c27e593d73f57a507922f6e579c05261b1689a9c800a6e7c731fc70f2d47332b59c236d85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe

Filesize
184KB

MD5
87e7437dbbd884c6586fdc91c00e5772

SHA1
66ebed42ebd2b96d8ce86c3f9f3faf6323a43bb4

SHA256
6b81d974cc73b8761cdfee85472b84d6cea96a39709700fd8b7749b10eee6522

SHA512
3ca796aa7ed345640b6ba6229d1dc143ee5b4a8b5623a0eefeed034112142f2565d9a68816c2d44058fdb451b9edd4d97731c9f449e2e6f51e3cb13a98a6a593

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe

Filesize
184KB

MD5
b806609a565ef01e781648823ca6d781

SHA1
ec310ae684d7ff6b0b9af6d4d77841072e46d31b

SHA256
5cd2157ff30e0fa889f6042b9aacca167b4f56f68979d21b1105578fc0809106

SHA512
25c74adc256a80c38a2bea42c7e89acf9662022b105d8935168a722e7a033430c96f9cb61c109f25e21984c9d4dc0fef0d3eeeb8b2ddde732963e3eeca2b26e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe

Filesize
184KB

MD5
c497180853eab5ee7102dea1936d2089

SHA1
da69c5472c3b829799d55866fdb42f57166f7127

SHA256
b416f6969babc2c33791fa9494d9aba85bc3b7862e444707861da7461e030af9

SHA512
ffe5e4b40602ada1d32315a356eca9d86ff8cf2281ea01b4b2af113e15726c3289cd28b6af59762b81546c69ac73d23ebfbcce02eec56b6e9fd7d58dbc3a0781

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe

Filesize
184KB

MD5
c7071c39d78cb7e29a7a01883e030b05

SHA1
d2ece9c63f08499467679e84d047c2cabd709e3b

SHA256
7ee8e8f099949b7349ec2830af31518ebef7ce7672a89b102f7e9be66641ee82

SHA512
bbcc53e4d6913e113bfe2ec109fe43e0eeed564c69d54baa44f407ebe2c05adee90358ff142a48045b2b07086a9d8c1740026858aee30e87c43712d6b6001e2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe

Filesize
184KB

MD5
bd32d7c17cd6e75f90d5cbb408ea0792

SHA1
880412a4708721eec23ae05fe1c7c323f105a60c

SHA256
a08a915eeb3fc2ccfd8008762dde01194f7cb0b03e1912ab0387ca72e8c3cfdc

SHA512
9cc0f1e144dafeb5494e5819d2459585b77cd3d9b1b56ce9d4d877b2fffccda3569aabd67f5e1f126261fea7119396196aeb882a6a42d6cfe1839344046c8dd6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe

Filesize
184KB

MD5
aeae17abac388050efa89c6b02cc756a

SHA1
9051a8a6a40b70daca283221837e61a2ffb9cfc4

SHA256
4d102e63b214ab836e59f4782b49aab40b34e0d240243674e0c48e2315934dc9

SHA512
972719bacce5315e67c9e07222f8f0e35b3940a7dfb5b9fc13d44dcd838b1b5c8f419e259ac4149e672f8280eb8dcd5eb501a4a0bd99b51e88def447da179cf1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe

Filesize
184KB

MD5
729ddd3c9fe94893e2087255182a0683

SHA1
977ff5b3097bc9e2e7d03a3d15aaf789fec5c28a

SHA256
fc6ea17c8d42a438f1e22e49408621fb065e07e67db43db624bc680093b4df94

SHA512
d42b40e422445433b2b54982fb212e7b07c26340833855621711c8dda247a3bf7ecf025100648dfcf42aaca0e23efeb422eb0fdffab37bc1f373e52986519e7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe

Filesize
184KB

MD5
5b8493f7f1ae19ad2a8a69b2be922ebc

SHA1
c248096f8d7588f84e63923733691c35d7768856

SHA256
fba47ae9c19a3c01a8fd6a7a60517678b0c96176e70513761064b3b4ec87a395

SHA512
6385529912bd50f499fc65bd5bde1390938304c8deeb97e061541cf769b6d2cce65b68fc5a528ec3b65802493f2cae36413a17b299f143fafaa9a969d921b21a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe

Filesize
184KB

MD5
55ee4aaa22536b1c3c8722f8b6068d38

SHA1
6592a85a267ab7c8962e9482d3eee3f0ead15594

SHA256
5208d17b6cd3847d36a98f39b9a1d21f53471690b3276436f30681cb606401cf

SHA512
76d0e6b8d19894d4b99a2a814132013a928a3fdb7c1a6194dbcbc8bea84af7b2ad6729d9b44d910d44f6abf02ffd45b29286b2beaee1c8e5b1219c99008f416f

Download Submit