c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe
Size

184KB
MD5

4c49f009d92cd75b2c6e55d77e3102bd
SHA1

15f9e42da61394b77cb1a8a06e5a3fae442cf5f3
SHA256

c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2
SHA512

035885b12a4a24e75f7fdadd9786a478e9e082674047dbdc722f94980b505d6f2343f1d213239c9df53f9629daab5909edd723c89a65455ec4be88eddc4792fb
SSDEEP

1536:RpSm6jZFu3jxo7xVtAOAlawSGi9yvZc89mddVF2DOszVtXhl5hj5nizpv3:LC63jxolbAOTjG8WeRF2DvrXhlnViF/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-16542.exeUnicorn-52037.exeUnicorn-33240.exeUnicorn-24233.exeUnicorn-19634.exeUnicorn-39308.exeUnicorn-6578.exeUnicorn-19385.exeUnicorn-39059.exeUnicorn-2665.exeUnicorn-22531.exeUnicorn-34882.exeUnicorn-64217.exeUnicorn-18354.exeUnicorn-13563.exeUnicorn-17970.exeUnicorn-19781.exeUnicorn-65452.exeUnicorn-1672.exeUnicorn-18009.exeUnicorn-5071.exeUnicorn-54272.exeUnicorn-8216.exeUnicorn-56156.exeUnicorn-20831.exeUnicorn-20831.exeUnicorn-7832.exeUnicorn-38336.exeUnicorn-2134.exeUnicorn-40339.exeUnicorn-5014.exeUnicorn-8159.exeUnicorn-39955.exeUnicorn-3369.exeUnicorn-3369.exeUnicorn-3369.exeUnicorn-23235.exeUnicorn-39571.exeUnicorn-52378.exeUnicorn-22659.exeUnicorn-6322.exeUnicorn-38995.exeUnicorn-2601.exeUnicorn-37506.exeUnicorn-17448.exeUnicorn-52389.exeUnicorn-19525.exeUnicorn-20594.exeUnicorn-49737.exeUnicorn-35477.exeUnicorn-2612.exeUnicorn-15419.exeUnicorn-15419.exeUnicorn-1963.exeUnicorn-22898.exeUnicorn-54501.exeUnicorn-54501.exeUnicorn-38165.exeUnicorn-50972.exeUnicorn-34443.exeUnicorn-37973.exeUnicorn-37973.exeUnicorn-5108.exeUnicorn-54117.exe

pid	process
2172	Unicorn-16542.exe
2792	Unicorn-52037.exe
2632	Unicorn-33240.exe
2760	Unicorn-24233.exe
2720	Unicorn-19634.exe
2616	Unicorn-39308.exe
348	Unicorn-6578.exe
2800	Unicorn-19385.exe
2940	Unicorn-39059.exe
1944	Unicorn-2665.exe
2416	Unicorn-22531.exe
1512	Unicorn-34882.exe
840	Unicorn-64217.exe
2820	Unicorn-18354.exe
2908	Unicorn-13563.exe
2072	Unicorn-17970.exe
904	Unicorn-19781.exe
1144	Unicorn-65452.exe
2472	Unicorn-1672.exe
2152	Unicorn-18009.exe
2108	Unicorn-5071.exe
1788	Unicorn-54272.exe
1816	Unicorn-8216.exe
844	Unicorn-56156.exe
2872	Unicorn-20831.exe
1936	Unicorn-20831.exe
2008	Unicorn-7832.exe
2988	Unicorn-38336.exe
2428	Unicorn-2134.exe
2868	Unicorn-40339.exe
1744	Unicorn-5014.exe
3060	Unicorn-8159.exe
2892	Unicorn-39955.exe
2728	Unicorn-3369.exe
2524	Unicorn-3369.exe
2776	Unicorn-3369.exe
2668	Unicorn-23235.exe
2520	Unicorn-39571.exe
2552	Unicorn-52378.exe
2560	Unicorn-22659.exe
2804	Unicorn-6322.exe
2848	Unicorn-38995.exe
392	Unicorn-2601.exe
2228	Unicorn-37506.exe
1612	Unicorn-17448.exe
2232	Unicorn-52389.exe
1228	Unicorn-19525.exe
576	Unicorn-20594.exe
836	Unicorn-49737.exe
304	Unicorn-35477.exe
1980	Unicorn-2612.exe
1088	Unicorn-15419.exe
1368	Unicorn-15419.exe
1040	Unicorn-1963.exe
944	Unicorn-22898.exe
2312	Unicorn-54501.exe
2092	Unicorn-54501.exe
2924	Unicorn-38165.exe
2200	Unicorn-50972.exe
2992	Unicorn-34443.exe
2424	Unicorn-37973.exe
2000	Unicorn-37973.exe
2088	Unicorn-5108.exe
2156	Unicorn-54117.exe

Loads dropped DLL 64 IoCs

Processes:

c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exeUnicorn-16542.exeUnicorn-52037.exeUnicorn-33240.exeWerFault.exeUnicorn-24233.exeUnicorn-39308.exeUnicorn-19634.exeWerFault.exeWerFault.exeUnicorn-6578.exeUnicorn-39059.exeUnicorn-19385.exeUnicorn-2665.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe
1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe
2172	Unicorn-16542.exe
2172	Unicorn-16542.exe
1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe
1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe
2792	Unicorn-52037.exe
2792	Unicorn-52037.exe
2172	Unicorn-16542.exe
2172	Unicorn-16542.exe
2632	Unicorn-33240.exe
2632	Unicorn-33240.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2760	Unicorn-24233.exe
2760	Unicorn-24233.exe
2792	Unicorn-52037.exe
2792	Unicorn-52037.exe
2616	Unicorn-39308.exe
2616	Unicorn-39308.exe
2632	Unicorn-33240.exe
2632	Unicorn-33240.exe
2720	Unicorn-19634.exe
2720	Unicorn-19634.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
2488	WerFault.exe
2488	WerFault.exe
2488	WerFault.exe
2488	WerFault.exe
2488	WerFault.exe
348	Unicorn-6578.exe
348	Unicorn-6578.exe
2760	Unicorn-24233.exe
2760	Unicorn-24233.exe
2940	Unicorn-39059.exe
2940	Unicorn-39059.exe
2616	Unicorn-39308.exe
2616	Unicorn-39308.exe
2800	Unicorn-19385.exe
2800	Unicorn-19385.exe
2720	Unicorn-19634.exe
1944	Unicorn-2665.exe
2720	Unicorn-19634.exe
1944	Unicorn-2665.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
856	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2660	1776	WerFault.exe	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe
2968	2172	WerFault.exe	Unicorn-16542.exe
1632	2792	WerFault.exe	Unicorn-52037.exe
2488	2632	WerFault.exe	Unicorn-33240.exe
2972	2760	WerFault.exe	Unicorn-24233.exe
1072	2616	WerFault.exe	Unicorn-39308.exe
856	2720	WerFault.exe	Unicorn-19634.exe
2876	348	WerFault.exe	Unicorn-6578.exe
604	2940	WerFault.exe	Unicorn-39059.exe
1736	2800	WerFault.exe	Unicorn-19385.exe
1916	1944	WerFault.exe	Unicorn-2665.exe
2012	2416	WerFault.exe	Unicorn-22531.exe
1952	840	WerFault.exe	Unicorn-64217.exe
1964	1512	WerFault.exe	Unicorn-34882.exe
2936	2908	WerFault.exe	Unicorn-13563.exe
1540	2820	WerFault.exe	Unicorn-18354.exe
624	904	WerFault.exe	Unicorn-19781.exe
1924	2072	WerFault.exe	Unicorn-17970.exe
2308	1144	WerFault.exe	Unicorn-65452.exe
2828	2472	WerFault.exe	Unicorn-1672.exe
1280	2152	WerFault.exe	Unicorn-18009.exe
1708	1788	WerFault.exe	Unicorn-54272.exe
1932	2108	WerFault.exe	Unicorn-5071.exe
804	1816	WerFault.exe	Unicorn-8216.exe
1508	844	WerFault.exe	Unicorn-56156.exe
820	2872	WerFault.exe	Unicorn-20831.exe
2896	1936	WerFault.exe	Unicorn-20831.exe
2296	2008	WerFault.exe	Unicorn-7832.exe
2852	2988	WerFault.exe	Unicorn-38336.exe
2368	2992	WerFault.exe	Unicorn-34443.exe
2268	2868	WerFault.exe	Unicorn-40339.exe
2448	1744	WerFault.exe	Unicorn-5014.exe
1528	2428	WerFault.exe	Unicorn-2134.exe
996	2892	WerFault.exe	Unicorn-39955.exe
2964	2520	WerFault.exe	Unicorn-39571.exe
2712	2668	WerFault.exe	Unicorn-23235.exe
2824	392	WerFault.exe	Unicorn-2601.exe
1044	3060	WerFault.exe	Unicorn-8159.exe
2744	2776	WerFault.exe	Unicorn-3369.exe
1532	2552	WerFault.exe	Unicorn-52378.exe
2664	2524	WerFault.exe	Unicorn-3369.exe
2560	2728	WerFault.exe	Unicorn-3369.exe
3116	2848	WerFault.exe	Unicorn-38995.exe
3160	2804	WerFault.exe	Unicorn-6322.exe
3724	2228	WerFault.exe	Unicorn-37506.exe
3156	1228	WerFault.exe	Unicorn-19525.exe
3228	2232	WerFault.exe	Unicorn-52389.exe
3640	2092	WerFault.exe	Unicorn-54501.exe
3224	576	WerFault.exe	Unicorn-20594.exe
3472	2424	WerFault.exe	Unicorn-37973.exe
3500	836	WerFault.exe	Unicorn-49737.exe
3564	956	WerFault.exe	Unicorn-3131.exe
3556	2340	WerFault.exe	Unicorn-53593.exe
3720	3004	WerFault.exe	Unicorn-49296.exe
1612	688	WerFault.exe	Unicorn-479.exe
3788	2212	WerFault.exe	Unicorn-2747.exe
3832	1588	WerFault.exe	Unicorn-18892.exe
3976	2836	WerFault.exe	Unicorn-1387.exe
4020	2260	WerFault.exe	Unicorn-60028.exe
3092	2156	WerFault.exe	Unicorn-54117.exe
3316	2788	WerFault.exe	Unicorn-26095.exe
3344	2748	WerFault.exe	Unicorn-17915.exe
4144	1368	WerFault.exe	Unicorn-15419.exe
4192	1808	WerFault.exe	Unicorn-23909.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exeUnicorn-16542.exeUnicorn-52037.exeUnicorn-33240.exeUnicorn-24233.exeUnicorn-19634.exeUnicorn-39308.exeUnicorn-6578.exeUnicorn-19385.exeUnicorn-39059.exeUnicorn-22531.exeUnicorn-2665.exeUnicorn-34882.exeUnicorn-64217.exeUnicorn-18354.exeUnicorn-13563.exeUnicorn-17970.exeUnicorn-19781.exeUnicorn-65452.exeUnicorn-1672.exeUnicorn-18009.exeUnicorn-5071.exeUnicorn-54272.exeUnicorn-8216.exeUnicorn-56156.exeUnicorn-20831.exeUnicorn-20831.exeUnicorn-7832.exeUnicorn-38336.exeUnicorn-2134.exeUnicorn-40339.exeUnicorn-5014.exeUnicorn-8159.exeUnicorn-39955.exeUnicorn-3369.exeUnicorn-3369.exeUnicorn-3369.exeUnicorn-23235.exeUnicorn-39571.exeUnicorn-52378.exeUnicorn-22659.exeUnicorn-6322.exeUnicorn-38995.exeUnicorn-2601.exeUnicorn-37506.exeUnicorn-17448.exeUnicorn-52389.exeUnicorn-19525.exeUnicorn-49737.exeUnicorn-20594.exeUnicorn-35477.exeUnicorn-15419.exeUnicorn-2612.exeUnicorn-1963.exeUnicorn-15419.exeUnicorn-22898.exeUnicorn-54501.exeUnicorn-54501.exeUnicorn-38165.exeUnicorn-34443.exeUnicorn-50972.exeUnicorn-37973.exeUnicorn-37973.exeUnicorn-5108.exe

pid	process
1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe
2172	Unicorn-16542.exe
2792	Unicorn-52037.exe
2632	Unicorn-33240.exe
2760	Unicorn-24233.exe
2720	Unicorn-19634.exe
2616	Unicorn-39308.exe
348	Unicorn-6578.exe
2800	Unicorn-19385.exe
2940	Unicorn-39059.exe
2416	Unicorn-22531.exe
1944	Unicorn-2665.exe
1512	Unicorn-34882.exe
840	Unicorn-64217.exe
2820	Unicorn-18354.exe
2908	Unicorn-13563.exe
2072	Unicorn-17970.exe
904	Unicorn-19781.exe
1144	Unicorn-65452.exe
2472	Unicorn-1672.exe
2152	Unicorn-18009.exe
2108	Unicorn-5071.exe
1788	Unicorn-54272.exe
1816	Unicorn-8216.exe
844	Unicorn-56156.exe
1936	Unicorn-20831.exe
2872	Unicorn-20831.exe
2008	Unicorn-7832.exe
2988	Unicorn-38336.exe
2428	Unicorn-2134.exe
2868	Unicorn-40339.exe
1744	Unicorn-5014.exe
3060	Unicorn-8159.exe
2892	Unicorn-39955.exe
2728	Unicorn-3369.exe
2524	Unicorn-3369.exe
2776	Unicorn-3369.exe
2668	Unicorn-23235.exe
2520	Unicorn-39571.exe
2552	Unicorn-52378.exe
2560	Unicorn-22659.exe
2804	Unicorn-6322.exe
2848	Unicorn-38995.exe
392	Unicorn-2601.exe
2228	Unicorn-37506.exe
1612	Unicorn-17448.exe
2232	Unicorn-52389.exe
1228	Unicorn-19525.exe
836	Unicorn-49737.exe
576	Unicorn-20594.exe
304	Unicorn-35477.exe
1368	Unicorn-15419.exe
1980	Unicorn-2612.exe
1040	Unicorn-1963.exe
1088	Unicorn-15419.exe
944	Unicorn-22898.exe
2092	Unicorn-54501.exe
2312	Unicorn-54501.exe
2924	Unicorn-38165.exe
2992	Unicorn-34443.exe
2200	Unicorn-50972.exe
2000	Unicorn-37973.exe
2424	Unicorn-37973.exe
2088	Unicorn-5108.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exeUnicorn-16542.exeUnicorn-52037.exeUnicorn-33240.exeUnicorn-24233.exeUnicorn-39308.exeUnicorn-19634.exeUnicorn-6578.exe

description	pid	process	target process
PID 1776 wrote to memory of 2172	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	Unicorn-16542.exe
PID 1776 wrote to memory of 2172	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	Unicorn-16542.exe
PID 1776 wrote to memory of 2172	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	Unicorn-16542.exe
PID 1776 wrote to memory of 2172	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	Unicorn-16542.exe
PID 2172 wrote to memory of 2792	2172	Unicorn-16542.exe	Unicorn-52037.exe
PID 2172 wrote to memory of 2792	2172	Unicorn-16542.exe	Unicorn-52037.exe
PID 2172 wrote to memory of 2792	2172	Unicorn-16542.exe	Unicorn-52037.exe
PID 2172 wrote to memory of 2792	2172	Unicorn-16542.exe	Unicorn-52037.exe
PID 1776 wrote to memory of 2632	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	Unicorn-33240.exe
PID 1776 wrote to memory of 2632	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	Unicorn-33240.exe
PID 1776 wrote to memory of 2632	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	Unicorn-33240.exe
PID 1776 wrote to memory of 2632	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	Unicorn-33240.exe
PID 1776 wrote to memory of 2660	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	WerFault.exe
PID 1776 wrote to memory of 2660	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	WerFault.exe
PID 1776 wrote to memory of 2660	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	WerFault.exe
PID 1776 wrote to memory of 2660	1776	c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe	WerFault.exe
PID 2792 wrote to memory of 2760	2792	Unicorn-52037.exe	Unicorn-24233.exe
PID 2792 wrote to memory of 2760	2792	Unicorn-52037.exe	Unicorn-24233.exe
PID 2792 wrote to memory of 2760	2792	Unicorn-52037.exe	Unicorn-24233.exe
PID 2792 wrote to memory of 2760	2792	Unicorn-52037.exe	Unicorn-24233.exe
PID 2172 wrote to memory of 2720	2172	Unicorn-16542.exe	Unicorn-19634.exe
PID 2172 wrote to memory of 2720	2172	Unicorn-16542.exe	Unicorn-19634.exe
PID 2172 wrote to memory of 2720	2172	Unicorn-16542.exe	Unicorn-19634.exe
PID 2172 wrote to memory of 2720	2172	Unicorn-16542.exe	Unicorn-19634.exe
PID 2632 wrote to memory of 2616	2632	Unicorn-33240.exe	Unicorn-39308.exe
PID 2632 wrote to memory of 2616	2632	Unicorn-33240.exe	Unicorn-39308.exe
PID 2632 wrote to memory of 2616	2632	Unicorn-33240.exe	Unicorn-39308.exe
PID 2632 wrote to memory of 2616	2632	Unicorn-33240.exe	Unicorn-39308.exe
PID 2172 wrote to memory of 2968	2172	Unicorn-16542.exe	WerFault.exe
PID 2172 wrote to memory of 2968	2172	Unicorn-16542.exe	WerFault.exe
PID 2172 wrote to memory of 2968	2172	Unicorn-16542.exe	WerFault.exe
PID 2172 wrote to memory of 2968	2172	Unicorn-16542.exe	WerFault.exe
PID 2760 wrote to memory of 348	2760	Unicorn-24233.exe	Unicorn-6578.exe
PID 2760 wrote to memory of 348	2760	Unicorn-24233.exe	Unicorn-6578.exe
PID 2760 wrote to memory of 348	2760	Unicorn-24233.exe	Unicorn-6578.exe
PID 2760 wrote to memory of 348	2760	Unicorn-24233.exe	Unicorn-6578.exe
PID 2792 wrote to memory of 2800	2792	Unicorn-52037.exe	Unicorn-19385.exe
PID 2792 wrote to memory of 2800	2792	Unicorn-52037.exe	Unicorn-19385.exe
PID 2792 wrote to memory of 2800	2792	Unicorn-52037.exe	Unicorn-19385.exe
PID 2792 wrote to memory of 2800	2792	Unicorn-52037.exe	Unicorn-19385.exe
PID 2616 wrote to memory of 2940	2616	Unicorn-39308.exe	Unicorn-39059.exe
PID 2616 wrote to memory of 2940	2616	Unicorn-39308.exe	Unicorn-39059.exe
PID 2616 wrote to memory of 2940	2616	Unicorn-39308.exe	Unicorn-39059.exe
PID 2616 wrote to memory of 2940	2616	Unicorn-39308.exe	Unicorn-39059.exe
PID 2632 wrote to memory of 1944	2632	Unicorn-33240.exe	Unicorn-2665.exe
PID 2632 wrote to memory of 1944	2632	Unicorn-33240.exe	Unicorn-2665.exe
PID 2632 wrote to memory of 1944	2632	Unicorn-33240.exe	Unicorn-2665.exe
PID 2632 wrote to memory of 1944	2632	Unicorn-33240.exe	Unicorn-2665.exe
PID 2720 wrote to memory of 2416	2720	Unicorn-19634.exe	Unicorn-22531.exe
PID 2720 wrote to memory of 2416	2720	Unicorn-19634.exe	Unicorn-22531.exe
PID 2720 wrote to memory of 2416	2720	Unicorn-19634.exe	Unicorn-22531.exe
PID 2720 wrote to memory of 2416	2720	Unicorn-19634.exe	Unicorn-22531.exe
PID 2792 wrote to memory of 1632	2792	Unicorn-52037.exe	WerFault.exe
PID 2792 wrote to memory of 1632	2792	Unicorn-52037.exe	WerFault.exe
PID 2792 wrote to memory of 1632	2792	Unicorn-52037.exe	WerFault.exe
PID 2792 wrote to memory of 1632	2792	Unicorn-52037.exe	WerFault.exe
PID 2632 wrote to memory of 2488	2632	Unicorn-33240.exe	WerFault.exe
PID 2632 wrote to memory of 2488	2632	Unicorn-33240.exe	WerFault.exe
PID 2632 wrote to memory of 2488	2632	Unicorn-33240.exe	WerFault.exe
PID 2632 wrote to memory of 2488	2632	Unicorn-33240.exe	WerFault.exe
PID 348 wrote to memory of 1512	348	Unicorn-6578.exe	Unicorn-34882.exe
PID 348 wrote to memory of 1512	348	Unicorn-6578.exe	Unicorn-34882.exe
PID 348 wrote to memory of 1512	348	Unicorn-6578.exe	Unicorn-34882.exe
PID 348 wrote to memory of 1512	348	Unicorn-6578.exe	Unicorn-34882.exe

C:\Users\Admin\AppData\Local\Temp\c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe
"C:\Users\Admin\AppData\Local\Temp\c155865f0702198debff20d267f43f049dddff89a9ccb4e3a14c6089d9ee1df2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
10⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
11⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
12⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
13⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
14⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
15⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
15⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
14⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
13⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
12⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 236
11⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
10⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
11⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
12⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
13⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
14⤵
PID:11508

C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
15⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
14⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
13⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 216
11⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
10⤵
- Program crash
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-479.exe
9⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
10⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
11⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
12⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
13⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
14⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 236
14⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
13⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 236
12⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
11⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
10⤵
- Program crash
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
9⤵
- Program crash
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
9⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
10⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
11⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
12⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
13⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
14⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 236
14⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
13⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
11⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
10⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
10⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
11⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
12⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
13⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
12⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
11⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
10⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
9⤵
- Program crash
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
8⤵
- Program crash
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-2747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2747.exe
9⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
10⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
11⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
12⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
13⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
14⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 220
14⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
13⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
12⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
11⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
10⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
10⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
11⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
12⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
13⤵
PID:11576

C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
14⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
13⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 236
12⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
11⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
10⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
9⤵
- Program crash
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
8⤵
- Program crash
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
7⤵
- Program crash
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-35477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35477.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
9⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
10⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
11⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
12⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
13⤵
PID:9764

C:\Users\Admin\AppData\Local\Temp\Unicorn-28879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28879.exe
14⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 216
14⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 236
13⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
12⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
11⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
10⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
11⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
12⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
13⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
13⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
12⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 220
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
8⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
10⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
11⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
12⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
13⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 216
13⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
12⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 236
11⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
10⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
9⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
8⤵
- Program crash
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
8⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-27287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27287.exe
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
11⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
12⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-12542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12542.exe
13⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 236
13⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
12⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
10⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-53243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53243.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
10⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
11⤵
PID:9296

C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
12⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 216
12⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
11⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
10⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
9⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
8⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
7⤵
- Program crash
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
6⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-38336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38336.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
9⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
10⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
11⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
12⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
13⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
14⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 236
14⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
13⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
12⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
11⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
10⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-12702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12702.exe
11⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
12⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
13⤵
PID:11624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
14⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
13⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
12⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
11⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 220
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-20998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20998.exe
9⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe
10⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
11⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
12⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
13⤵
PID:11400

C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
14⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
13⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
12⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
11⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
10⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
9⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
8⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
9⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
10⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
11⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
12⤵
PID:9324

C:\Users\Admin\AppData\Local\Temp\Unicorn-46854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46854.exe
13⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 216
13⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
12⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
11⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
10⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
9⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
8⤵
- Program crash
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-17448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17448.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
8⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-40480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40480.exe
9⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-46456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46456.exe
10⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
11⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
12⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
13⤵
PID:11536

C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
14⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
13⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 236
12⤵
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
11⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
9⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
8⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
9⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
11⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
12⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
12⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
11⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
10⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
9⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
7⤵
- Program crash
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-2134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2134.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
8⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
10⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-43507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43507.exe
11⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
12⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
13⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
13⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
12⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
11⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
10⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
9⤵
- Program crash
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe
11⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
12⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 236
12⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
11⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
10⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
8⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
7⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-44799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44799.exe
10⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-10869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10869.exe
11⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
12⤵
PID:11476

C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
13⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
12⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
11⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
9⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-47805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47805.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
10⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
11⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 236
11⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 236
10⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
9⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
8⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
7⤵
- Program crash
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
6⤵
- Program crash
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-3369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3369.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
8⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
9⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
10⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
11⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
12⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
12⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
11⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
9⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
8⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
7⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
9⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
10⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
11⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
12⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 236
12⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
10⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
9⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
8⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
7⤵
- Program crash
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
6⤵
- Program crash
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
7⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
8⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41703.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
11⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
12⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
13⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
12⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
11⤵
PID:2388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
10⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
9⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
10⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-63800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63800.exe
11⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
12⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
10⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
9⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
8⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
7⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-57572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57572.exe
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
10⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe
11⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
12⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 216
12⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 236
11⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
10⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
9⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
8⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
7⤵
- Program crash
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-1387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1387.exe
6⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-60028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60028.exe
7⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-34206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34206.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
10⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-45468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45468.exe
11⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
12⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 220
12⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
11⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
9⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
8⤵
- Program crash
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
8⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
9⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
10⤵
PID:8380

C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
11⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 220
11⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
10⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
9⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
8⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
7⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
6⤵
- Program crash
PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
5⤵
- Program crash
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
8⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
11⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
12⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
13⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
13⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
12⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
11⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
9⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
8⤵
- Program crash
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
7⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
11⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 220
12⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 220
11⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
10⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
9⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
8⤵
- Program crash
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
7⤵
- Program crash
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
7⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-41032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41032.exe
10⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
11⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 236
12⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
11⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
10⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
8⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
7⤵
- Program crash
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
6⤵
- Program crash
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
5⤵
- Program crash
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-65452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65452.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
7⤵
- Executes dropped EXE
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
8⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
9⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
11⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 236
12⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
11⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 220
9⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
10⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
11⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
12⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
12⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
11⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
10⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 220
8⤵
- Program crash
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-5076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5076.exe
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-55853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55853.exe
10⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
11⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
12⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 236
12⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 236
11⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
9⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
7⤵
- Program crash
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
6⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
7⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-6529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6529.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
11⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
12⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
10⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 216
8⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
7⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
8⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
9⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
10⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
11⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
11⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
10⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
9⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
8⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
7⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
6⤵
- Program crash
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
7⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
10⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
11⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
12⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
12⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
11⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
8⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
7⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
8⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
10⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-3033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3033.exe
11⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 236
11⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
9⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
8⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 220
7⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 216
6⤵
- Program crash
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
5⤵
- Program crash
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
8⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
10⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
11⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
12⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-35448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35448.exe
13⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 236
13⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
12⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
11⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
9⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 216
8⤵
- Program crash
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
8⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
10⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
11⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
12⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-46403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46403.exe
13⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
13⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
11⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
8⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
9⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
10⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
11⤵
PID:9340

C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
12⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
11⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
10⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
9⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
8⤵
- Program crash
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
7⤵
- Program crash
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
10⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
11⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
12⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
11⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
8⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
7⤵
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 220
6⤵
- Program crash
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
5⤵
- Program crash
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
8⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
11⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
12⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
13⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
13⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
12⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
11⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
9⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-20954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20954.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-41110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41110.exe
10⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
11⤵
PID:10164

C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 236
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
11⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
9⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
8⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
7⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
10⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
11⤵
PID:9684

C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 236
12⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
10⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
8⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
7⤵
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
7⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
10⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
11⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
12⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 220
12⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
11⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
10⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
7⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
8⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
9⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
10⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
11⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
11⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
9⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
8⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
7⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
6⤵
- Program crash
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-3369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3369.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-5108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5108.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
7⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
9⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
10⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
11⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
11⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
10⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
8⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
7⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-40987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40987.exe
8⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
9⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
10⤵
PID:9584

C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
11⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 220
11⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
10⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
9⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
8⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
7⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
6⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
7⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-25957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25957.exe
9⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
10⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
11⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 236
11⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
10⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
9⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
8⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
7⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
6⤵
- Program crash
PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
5⤵
- Program crash
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-3369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3369.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-7571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7571.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-57515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57515.exe
9⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
10⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe
11⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
12⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
11⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
8⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
7⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
8⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
9⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
10⤵
PID:9540

C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 216
11⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
10⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
9⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
8⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
7⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
6⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
7⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
8⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
9⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
10⤵
PID:9404

C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
11⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 216
11⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
10⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
9⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
8⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
7⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
6⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 216
5⤵
- Program crash
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
7⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
10⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
11⤵
PID:9940

C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
12⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 216
12⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
11⤵
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
10⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 236
8⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
7⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
8⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
9⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
10⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
11⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
11⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
10⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
8⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
7⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
6⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
7⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe
8⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
9⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
10⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
11⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
10⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
9⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
8⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
7⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
6⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
8⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
9⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
10⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
11⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 216
11⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
10⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
9⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
8⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
7⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
6⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
7⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
8⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
9⤵
PID:9224

C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
10⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 216
10⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
9⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
8⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
7⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
6⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
5⤵
- Program crash
PID:820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
4⤵
- Program crash
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
2⤵
- Program crash
PID:2660

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
Filesize
184KB

MD5
1ddd36cb26f07e88e290d604ab05cad9

SHA1
ecc4468525c9f6584b5ea45020e0329c6628c6fa

SHA256
e1f85eede56ceb59a2998ea5fe5fda6192527402ba360d24fef76d802f23a86c

SHA512
e62b2b26d993b75737ef61ee19c70209ba05417bef023b67a32cfb3578172c91cbd7980a31695c2d6a088fbd3f33fe4ac504c428de8f73cc341e9b61a245991d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
Filesize
184KB

MD5
f5c8c63c411215d22840d9f5e3724f8c

SHA1
c3f384ada5865f50043908c7ca96840e6b840c8b

SHA256
987e0df5c067ae127fbcf41cc08b771e40c3f1c52943c79fbe79cc4e61ed7d25

SHA512
02e385f244bb25321fa4f7d6d4d74a9916ce45445c228ad355c0fe3fec5d863e59ef00699372b4263ecd4420c6da4df38a819ffcfc27e91440281315fb086809

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
Filesize
184KB

MD5
ea4837945837df3bb4a28fb29c7d4d30

SHA1
013f6a984e426ba3a1fbe9c53b7937fa8a900726

SHA256
f6a95e3753f3cadec659394acec77e58944996a11a3ee46ceef216a375e32205

SHA512
77a064b26928e5c94bc66bb080715344c1dc1551c3e0234d1b1bf2e18f9e26889fe20bc9a486612d68649ff9bec64cb845142d6132a74a0bab6afa9e200cbaca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
Filesize
184KB

MD5
843f5a6d5782cfa21f39011c0b4f0635

SHA1
b9b2734ab70fb71bd78d001c2fab6f3e4fc55871

SHA256
ccec19e664df5a1edfe30abcbeb99a37e35c8d1c7dff7c7dc48191d98ca051e0

SHA512
e9a02be1a77daa0fb7ba55b484a3552f33720b62daf3308c3a24cc38c59bb578e9dd73015ed084e5eece5225f2c3cab6455b28035d33e3e52a5035ec093d9a59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
Filesize
184KB

MD5
a0d8b43630dfdb54e829fbcd248de52e

SHA1
8afb0c2e9b56a5c01da783af569d20c5d69a7477

SHA256
ed7e8cf4be6dc3f533c35eb27018e804326e5d12dd357f67432a4a04a5d327d9

SHA512
6fed675c3d86985d4b8a35ddf01a28e3fd8c059c52ca61691572e0209996539663a7e13066841a491fe58a25f064f19943706095a28747a912ea43270545f3ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
Filesize
184KB

MD5
e152ac839f30629d8f076a47cf9b8cbf

SHA1
3a3822386d8225e0f07216eb66afd2a03914ea2b

SHA256
ac6c0c2401e038cb8e95a63181f29665604edce87aca94d34a4a11bde7f046e1

SHA512
70716d49eab565e3f27043603ae9a284b8dbb545587f4cee91a9313ed202b2da8f65298b906025392bff71c6f0fe0043ce4f140ed550953eddc3d38339600a8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
Filesize
184KB

MD5
883f0d4086eaeb688a564655e4f6fb51

SHA1
687e2632c251c067478cff40362d7a0eeb83bf6d

SHA256
f4d1ea75f1091f99c4f7ed08b1cb6092b96dda7e1eb950af928a4a8d76d7ad2e

SHA512
af252525c51cf049bb640c6489c488fbf096463ddff5a9f8f725e0d73f53cc306f4c1e2ce63618268ae6a309d14b9ae7991e09931e78b90f67d1d72534a134cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6529.exe
Filesize
184KB

MD5
6c56dc2261a8930226c5fd40152ef46f

SHA1
57433bc13a3f45e323fd91786bd88c55748b44c5

SHA256
cf76155ee0c95ef8197408bdf87b37241e0c7d827687784ca900f38b287a5099

SHA512
e8c7add167e2195a302753386683fe23986cfe86df0fcc05d20cd9bcec8d02b4a649cd45c54a11447177ec1e4a83844b87b5e121c854af6a7ddc43fa665fe74d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
Filesize
184KB

MD5
3ae8a2e69bc653ad647c14d4d2ce637a

SHA1
b93d49045161971c1c9f40f60c1908627f3fd2ff

SHA256
50f13c04719a6740cdb04fd559b8bcf0f600597e4fb9305f7622326e3958d2fc

SHA512
1be47d1e832152f44af86d7f9d7e3df6757cad5a0ab9d1769c4dcf8824ea6ed9d4a1557fa920d138e77575bd64f51d9db9b66ed95c3d76fb3a5e5cbaef98fe55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
Filesize
184KB

MD5
0fe878b895b20da033f3494d48c8c064

SHA1
6e66c6ef41b6a99fea2c5c74fdef6cdbedcf00aa

SHA256
2146615c720c1200bff2a7058ffe9fa32e4ec0ccdcd91e2a6e43f9cbc8290c66

SHA512
4544ffa30db23839aa52d27bc976c93001e1dc9e0f4135d9642f6a350ae58e2aa2dd32012aa036f16db9627a76f417176b7e0b3b1544ab6fc39a3af101ce1ab5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
Filesize
184KB

MD5
da24339445007627a186f2b816055131

SHA1
87c29f07656df17bd8529b4ae7c80195cd4ac107

SHA256
111938ee74eaa372bf67219ad21af4959336b457ae45009b6d2fe300cf777f3c

SHA512
ae8ce345ad5ecedfe18fb3771cc517c6c4e01b2fae97aa6f23490e5aa68f491d83c8ba6f83c65ca55733f7a44d94f4753978703d246f579f3ebecb100e81db00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
Filesize
184KB

MD5
565a89f9d7f02c8bcabef93bc73fabcd

SHA1
3c1ef14b649b504b5d23289a5ce842699f25e2a5

SHA256
eb7d0d607064912c056e5bfe22b75ee2d08051e6c3de3c5ed49185324a193389

SHA512
167c32c79e615bb1f96f51029aa57682b825848b78a8d50e4066e9b1ab305a49a2dbb6db5c40319d1107ff3d31314ebc0d31233a1a7f7dc669fb889e18d0d720

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
Filesize
184KB

MD5
a8a4b867b50090b75576e989dbaf42be

SHA1
6729e18c30ed598845e96a368272b53514900b51

SHA256
841fd37d8afd8504c89a6cc31dece02adeebeb7d5ee298c49ce2f5036ed5b9df

SHA512
e02eb984266c1fad5f62a645987849a6019dcad102fd532fb5a14bbe1978e943d43f2e68f4b3675d41a3b0dc92614515ebc3da1ed5d1db9661d411739e703284

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
Filesize
184KB

MD5
cacdd0cf594d7acfba433ac8174a1e27

SHA1
2eaa486485f4a44ea4bb21755787a280daaaace0

SHA256
cc1cd9cc9d90c11d226f755cf809d0af496c81222f53c910b635f34138151a2f

SHA512
37ffd05f673d6dec90d3222adc85b8ce172af934a4f9d3cd72f81d39e1eb189daac65ca2e57b17241a931a75b1102e3bd204beb77e50a67a40086b2736df2d95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
Filesize
184KB

MD5
a96f7dacb6798e5971f341ec017e24f0

SHA1
bd05ed5d36b2674919ee05d23694ca825563c6a6

SHA256
06ac1dce7a538f9483480079430e2f56e1c80e4327f665a39b84a86ac07b21f4

SHA512
f1a9ed6deb8fdff78a0499ef92def84ebdd4d002eac3ee1deb136bb88520b356f32f84cb37f8bea9ff54bb117a9e03e7f45e3032c807a57f6fc8768880c46320

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
Filesize
184KB

MD5
83021c2de188d435def221ea9cd18ce5

SHA1
ddc222ba415b997b8301f1957e54860516619ff6

SHA256
2d3a07a0e84eb6aceb3bc41ef79d345f9c046606593a65ed6a9dff4d2293edc7

SHA512
1caca6a4c1c204a94faea45d49ffebc996eb796fde57390af5aa0939507c63386baa1f4f732e08c69637b7965e023bc036542031de2817f09bc146fcd85c2a02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
Filesize
184KB

MD5
f632fb4db3140acc7b1e05ea9d26f228

SHA1
3519ce9a0315d51c20bf62a5f0af7c8e367d6ae7

SHA256
ce063aea09d4b8856bf941c0c34d12d0af49aed5a0635cd2085e84cd2ab8578d

SHA512
9919fda95ea4d77acf5cff3fa4a4726df3daf87ee2b5165f69b841ed8557cb9b6d8eabf844930ecf93be6b0375a56b7382b7e4846360ecaaa1d4b4eb4ca82379

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
Filesize
184KB

MD5
590531e5b77e552ec368f219355b7bca

SHA1
77030594d33a22fad9446c43eab2805cede6fe43

SHA256
dbdc70d1e75211aee3e2d3072ffd0bd2e1b6542fb97c5704bfc490e175124ee3

SHA512
de298a9708a0a06b99cded1fbf2834b45cc00e8088973bedb43bfd85f90c162769b983e79612de51d6bd1267599d5014ea89db02ada5ddd877dbb954f1725916

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
Filesize
184KB

MD5
a3760c4bffe1599a9f870546b666b55c

SHA1
b5bb1d5e1bbc306a5453429b814468c978f5506c

SHA256
dfae399d086b21a7203c99d29dad1cb81c1d80ab48ea7035e63c65277816fb48

SHA512
6d1e4ad772310e8555d4b0906f37f66993bf62e76f5c9a847bf67c9670cab47be2d06e04448a185a80b61f67ebf855d4a5a0f1297566c00ce8d1e6738e124317

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
Filesize
184KB

MD5
e6074b6271531a62c0c5669bca255f44

SHA1
c1d78947813c859603a087afd4d48127de2b15f9

SHA256
2746c28b5211605c89120c6ce8072aaea06472559d19887c2f26e135674276f6

SHA512
14964ebb87562ecea7767887b27ab5633ba04398f8de95adce8b685cd2dc39bd1f8b2477ef27ca9b03418cb0fac3d626504d113ea0bfc4651f4dc35dfa1eddf6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads