b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe
Size

184KB
MD5

c9bc0caf4fc68304e7c60ff34b9be273
SHA1

b51636bdc255708057e4e3adb7b32ba93c9082fc
SHA256

b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082
SHA512

589c6a5963957f9bd429d2ab072720c825e69d73a6efc96652006852487184dbb69e1316ee920cb1dd474488abffb6b76365a0f6935f99433e62be4bd5c0a2a9
SSDEEP

3072:QUaOvgM+HjW8dRRYekqxa6KYCBOxyGNAM3yO5qLUpPhlnVOFCnr:QUIMZoRRbU6KYDpCChlnVOFC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-21368.exeUnicorn-14777.exeUnicorn-60641.exeUnicorn-62868.exeUnicorn-31950.exeUnicorn-60600.exeUnicorn-39483.exeUnicorn-4542.exeUnicorn-20577.exeUnicorn-9524.exeUnicorn-25176.exeUnicorn-60417.exeUnicorn-14745.exeUnicorn-14937.exeUnicorn-45804.exeUnicorn-13707.exeUnicorn-42165.exeUnicorn-26706.exeUnicorn-13707.exeUnicorn-16721.exeUnicorn-21329.exeUnicorn-48661.exeUnicorn-29326.exeUnicorn-19539.exeUnicorn-19958.exeUnicorn-39824.exeUnicorn-19731.exeUnicorn-35225.exeUnicorn-65402.exeUnicorn-32345.exeUnicorn-37328.exeUnicorn-22035.exeUnicorn-20795.exeUnicorn-1121.exeUnicorn-19451.exeUnicorn-37048.exeUnicorn-23617.exeUnicorn-46446.exeUnicorn-582.exeUnicorn-33831.exeUnicorn-31562.exeUnicorn-51620.exeUnicorn-47214.exeUnicorn-19332.exeUnicorn-1376.exeUnicorn-19166.exeUnicorn-14759.exeUnicorn-14951.exeUnicorn-2144.exeUnicorn-2144.exeUnicorn-32548.exeUnicorn-60826.exeUnicorn-56420.exeUnicorn-10748.exeUnicorn-53434.exeUnicorn-53434.exeUnicorn-10133.exeUnicorn-10133.exeUnicorn-63055.exeUnicorn-36683.exeUnicorn-21228.exeUnicorn-54285.exeUnicorn-1514.exeUnicorn-21804.exe

pid	process
2208	Unicorn-21368.exe
2628	Unicorn-14777.exe
2640	Unicorn-60641.exe
2580	Unicorn-62868.exe
1224	Unicorn-31950.exe
2476	Unicorn-60600.exe
568	Unicorn-39483.exe
272	Unicorn-4542.exe
2864	Unicorn-20577.exe
1972	Unicorn-9524.exe
2108	Unicorn-25176.exe
1900	Unicorn-60417.exe
2792	Unicorn-14745.exe
1112	Unicorn-14937.exe
2028	Unicorn-45804.exe
1636	Unicorn-13707.exe
2160	Unicorn-42165.exe
1200	Unicorn-26706.exe
2020	Unicorn-13707.exe
1940	Unicorn-16721.exe
1776	Unicorn-21329.exe
1692	Unicorn-48661.exe
1452	Unicorn-29326.exe
1060	Unicorn-19539.exe
2212	Unicorn-19958.exe
1884	Unicorn-39824.exe
1764	Unicorn-19731.exe
2204	Unicorn-35225.exe
1680	Unicorn-65402.exe
2340	Unicorn-32345.exe
1008	Unicorn-37328.exe
740	Unicorn-22035.exe
2884	Unicorn-20795.exe
2584	Unicorn-1121.exe
2468	Unicorn-19451.exe
2576	Unicorn-37048.exe
1708	Unicorn-23617.exe
2392	Unicorn-46446.exe
524	Unicorn-582.exe
1356	Unicorn-33831.exe
2100	Unicorn-31562.exe
2976	Unicorn-51620.exe
2836	Unicorn-47214.exe
2472	Unicorn-19332.exe
1408	Unicorn-1376.exe
1084	Unicorn-19166.exe
2768	Unicorn-14759.exe
2804	Unicorn-14951.exe
1760	Unicorn-2144.exe
2296	Unicorn-2144.exe
2148	Unicorn-32548.exe
2280	Unicorn-60826.exe
1036	Unicorn-56420.exe
1796	Unicorn-10748.exe
2928	Unicorn-53434.exe
596	Unicorn-53434.exe
932	Unicorn-10133.exe
2372	Unicorn-10133.exe
2920	Unicorn-63055.exe
3032	Unicorn-36683.exe
2536	Unicorn-21228.exe
2524	Unicorn-54285.exe
2700	Unicorn-1514.exe
1208	Unicorn-21804.exe

Loads dropped DLL 64 IoCs

Processes:

b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exeUnicorn-21368.exeUnicorn-60641.exeUnicorn-14777.exeWerFault.exeUnicorn-31950.exeUnicorn-60600.exeUnicorn-62868.exeWerFault.exeWerFault.exeUnicorn-39483.exeUnicorn-4542.exeUnicorn-20577.exeUnicorn-9524.exeUnicorn-25176.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe
2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe
2208	Unicorn-21368.exe
2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe
2208	Unicorn-21368.exe
2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe
2640	Unicorn-60641.exe
2628	Unicorn-14777.exe
2628	Unicorn-14777.exe
2640	Unicorn-60641.exe
2208	Unicorn-21368.exe
2208	Unicorn-21368.exe
732	WerFault.exe
732	WerFault.exe
732	WerFault.exe
732	WerFault.exe
732	WerFault.exe
1224	Unicorn-31950.exe
1224	Unicorn-31950.exe
2640	Unicorn-60641.exe
2640	Unicorn-60641.exe
2628	Unicorn-14777.exe
2628	Unicorn-14777.exe
2476	Unicorn-60600.exe
2476	Unicorn-60600.exe
2580	Unicorn-62868.exe
2580	Unicorn-62868.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2756	WerFault.exe
2756	WerFault.exe
2756	WerFault.exe
2756	WerFault.exe
2680	WerFault.exe
2756	WerFault.exe
568	Unicorn-39483.exe
568	Unicorn-39483.exe
1224	Unicorn-31950.exe
272	Unicorn-4542.exe
1224	Unicorn-31950.exe
272	Unicorn-4542.exe
2864	Unicorn-20577.exe
2864	Unicorn-20577.exe
1972	Unicorn-9524.exe
2108	Unicorn-25176.exe
1972	Unicorn-9524.exe
2580	Unicorn-62868.exe
2108	Unicorn-25176.exe
2580	Unicorn-62868.exe
2476	Unicorn-60600.exe
2476	Unicorn-60600.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
2360	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2708	2120	WerFault.exe	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe
732	2208	WerFault.exe	Unicorn-21368.exe
2680	2640	WerFault.exe	Unicorn-60641.exe
2756	2628	WerFault.exe	Unicorn-14777.exe
2384	1224	WerFault.exe	Unicorn-31950.exe
944	2580	WerFault.exe	Unicorn-62868.exe
2360	2476	WerFault.exe	Unicorn-60600.exe
1988	568	WerFault.exe	Unicorn-39483.exe
2552	272	WerFault.exe	Unicorn-4542.exe
2620	2108	WerFault.exe	Unicorn-25176.exe
2636	2864	WerFault.exe	Unicorn-20577.exe
2704	1972	WerFault.exe	Unicorn-9524.exe
1980	1900	WerFault.exe	Unicorn-60417.exe
1960	1112	WerFault.exe	Unicorn-14937.exe
1440	2792	WerFault.exe	Unicorn-14745.exe
2644	2020	WerFault.exe	Unicorn-13707.exe
588	1636	WerFault.exe	Unicorn-13707.exe
1540	2028	WerFault.exe	Unicorn-45804.exe
2352	1200	WerFault.exe	Unicorn-26706.exe
1992	2160	WerFault.exe	Unicorn-42165.exe
2136	1776	WerFault.exe	Unicorn-21329.exe
1648	524	WerFault.exe	Unicorn-582.exe
1704	1680	WerFault.exe	Unicorn-65402.exe
2000	740	WerFault.exe	Unicorn-22035.exe
2516	2340	WerFault.exe	Unicorn-32345.exe
2688	1692	WerFault.exe	Unicorn-48661.exe
2424	2212	WerFault.exe	Unicorn-19958.exe
2532	1884	WerFault.exe	Unicorn-39824.exe
280	1764	WerFault.exe	Unicorn-19731.exe
2676	1940	WerFault.exe	Unicorn-16721.exe
2852	1008	WerFault.exe	Unicorn-37328.exe
1832	2884	WerFault.exe	Unicorn-20795.exe
1924	2584	WerFault.exe	Unicorn-1121.exe
1640	1452	WerFault.exe	Unicorn-29326.exe
1376	1060	WerFault.exe	Unicorn-19539.exe
2276	2468	WerFault.exe	Unicorn-19451.exe
2916	2576	WerFault.exe	Unicorn-37048.exe
1548	1708	WerFault.exe	Unicorn-23617.exe
3272	2392	WerFault.exe	Unicorn-46446.exe
3444	2836	WerFault.exe	Unicorn-47214.exe
3544	1760	WerFault.exe	Unicorn-2144.exe
3552	1084	WerFault.exe	Unicorn-19166.exe
3632	2804	WerFault.exe	Unicorn-14951.exe
3224	2296	WerFault.exe	Unicorn-2144.exe
3260	2768	WerFault.exe	Unicorn-14759.exe
3352	3032	WerFault.exe	Unicorn-36683.exe
3368	2100	WerFault.exe	Unicorn-31562.exe
3396	1356	WerFault.exe	Unicorn-33831.exe
3460	2648	WerFault.exe	Unicorn-39973.exe
3484	2980	WerFault.exe	Unicorn-38411.exe
3488	1100	WerFault.exe	Unicorn-7492.exe
3496	2920	WerFault.exe	Unicorn-63055.exe
3692	2244	WerFault.exe	Unicorn-7492.exe
3780	2148	WerFault.exe	Unicorn-32548.exe
3792	2280	WerFault.exe	Unicorn-60826.exe
3816	2524	WerFault.exe	Unicorn-54285.exe
3880	2536	WerFault.exe	Unicorn-21228.exe
4008	1656	WerFault.exe	Unicorn-20107.exe
4056	1036	WerFault.exe	Unicorn-56420.exe
3132	1404	WerFault.exe	Unicorn-53164.exe
3920	1480	WerFault.exe	Unicorn-53164.exe
3976	928	WerFault.exe	Unicorn-22184.exe
1316	1228	WerFault.exe	Unicorn-11659.exe
3116	2748	WerFault.exe	Unicorn-7492.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exeUnicorn-21368.exeUnicorn-60641.exeUnicorn-14777.exeUnicorn-31950.exeUnicorn-62868.exeUnicorn-60600.exeUnicorn-39483.exeUnicorn-4542.exeUnicorn-20577.exeUnicorn-9524.exeUnicorn-25176.exeUnicorn-60417.exeUnicorn-14937.exeUnicorn-14745.exeUnicorn-45804.exeUnicorn-13707.exeUnicorn-42165.exeUnicorn-13707.exeUnicorn-26706.exeUnicorn-16721.exeUnicorn-48661.exeUnicorn-21329.exeUnicorn-39824.exeUnicorn-19958.exeUnicorn-29326.exeUnicorn-19731.exeUnicorn-19539.exeUnicorn-32345.exeUnicorn-37328.exeUnicorn-65402.exeUnicorn-22035.exeUnicorn-20795.exeUnicorn-1121.exeUnicorn-19451.exeUnicorn-37048.exeUnicorn-23617.exeUnicorn-582.exeUnicorn-46446.exeUnicorn-33831.exeUnicorn-31562.exeUnicorn-51620.exeUnicorn-19332.exeUnicorn-47214.exeUnicorn-19166.exeUnicorn-14951.exeUnicorn-2144.exeUnicorn-2144.exeUnicorn-32548.exeUnicorn-14759.exeUnicorn-56420.exeUnicorn-10748.exeUnicorn-60826.exeUnicorn-53434.exeUnicorn-53434.exeUnicorn-10133.exeUnicorn-10133.exeUnicorn-63055.exeUnicorn-36683.exeUnicorn-21228.exeUnicorn-54285.exeUnicorn-1514.exeUnicorn-38987.exeUnicorn-21804.exe

pid	process
2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe
2208	Unicorn-21368.exe
2640	Unicorn-60641.exe
2628	Unicorn-14777.exe
1224	Unicorn-31950.exe
2580	Unicorn-62868.exe
2476	Unicorn-60600.exe
568	Unicorn-39483.exe
272	Unicorn-4542.exe
2864	Unicorn-20577.exe
1972	Unicorn-9524.exe
2108	Unicorn-25176.exe
1900	Unicorn-60417.exe
1112	Unicorn-14937.exe
2792	Unicorn-14745.exe
2028	Unicorn-45804.exe
2020	Unicorn-13707.exe
2160	Unicorn-42165.exe
1636	Unicorn-13707.exe
1200	Unicorn-26706.exe
1940	Unicorn-16721.exe
1692	Unicorn-48661.exe
1776	Unicorn-21329.exe
1884	Unicorn-39824.exe
2212	Unicorn-19958.exe
1452	Unicorn-29326.exe
1764	Unicorn-19731.exe
1060	Unicorn-19539.exe
2340	Unicorn-32345.exe
1008	Unicorn-37328.exe
1680	Unicorn-65402.exe
740	Unicorn-22035.exe
2884	Unicorn-20795.exe
2584	Unicorn-1121.exe
2468	Unicorn-19451.exe
2576	Unicorn-37048.exe
1708	Unicorn-23617.exe
524	Unicorn-582.exe
2392	Unicorn-46446.exe
1356	Unicorn-33831.exe
2100	Unicorn-31562.exe
2976	Unicorn-51620.exe
2472	Unicorn-19332.exe
2836	Unicorn-47214.exe
1084	Unicorn-19166.exe
2804	Unicorn-14951.exe
2296	Unicorn-2144.exe
1760	Unicorn-2144.exe
2148	Unicorn-32548.exe
2768	Unicorn-14759.exe
1036	Unicorn-56420.exe
1796	Unicorn-10748.exe
2280	Unicorn-60826.exe
2928	Unicorn-53434.exe
596	Unicorn-53434.exe
2372	Unicorn-10133.exe
932	Unicorn-10133.exe
2920	Unicorn-63055.exe
3032	Unicorn-36683.exe
2536	Unicorn-21228.exe
2524	Unicorn-54285.exe
2700	Unicorn-1514.exe
704	Unicorn-38987.exe
1208	Unicorn-21804.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exeUnicorn-21368.exeUnicorn-14777.exeUnicorn-60641.exeUnicorn-31950.exeUnicorn-60600.exeUnicorn-62868.exeUnicorn-39483.exe

description	pid	process	target process
PID 2120 wrote to memory of 2208	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	Unicorn-21368.exe
PID 2120 wrote to memory of 2208	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	Unicorn-21368.exe
PID 2120 wrote to memory of 2208	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	Unicorn-21368.exe
PID 2120 wrote to memory of 2208	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	Unicorn-21368.exe
PID 2208 wrote to memory of 2628	2208	Unicorn-21368.exe	Unicorn-14777.exe
PID 2208 wrote to memory of 2628	2208	Unicorn-21368.exe	Unicorn-14777.exe
PID 2208 wrote to memory of 2628	2208	Unicorn-21368.exe	Unicorn-14777.exe
PID 2208 wrote to memory of 2628	2208	Unicorn-21368.exe	Unicorn-14777.exe
PID 2120 wrote to memory of 2640	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	Unicorn-60641.exe
PID 2120 wrote to memory of 2640	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	Unicorn-60641.exe
PID 2120 wrote to memory of 2640	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	Unicorn-60641.exe
PID 2120 wrote to memory of 2640	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	Unicorn-60641.exe
PID 2120 wrote to memory of 2708	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	WerFault.exe
PID 2120 wrote to memory of 2708	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	WerFault.exe
PID 2120 wrote to memory of 2708	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	WerFault.exe
PID 2120 wrote to memory of 2708	2120	b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe	WerFault.exe
PID 2628 wrote to memory of 2580	2628	Unicorn-14777.exe	Unicorn-62868.exe
PID 2628 wrote to memory of 2580	2628	Unicorn-14777.exe	Unicorn-62868.exe
PID 2628 wrote to memory of 2580	2628	Unicorn-14777.exe	Unicorn-62868.exe
PID 2628 wrote to memory of 2580	2628	Unicorn-14777.exe	Unicorn-62868.exe
PID 2640 wrote to memory of 1224	2640	Unicorn-60641.exe	Unicorn-31950.exe
PID 2640 wrote to memory of 1224	2640	Unicorn-60641.exe	Unicorn-31950.exe
PID 2640 wrote to memory of 1224	2640	Unicorn-60641.exe	Unicorn-31950.exe
PID 2640 wrote to memory of 1224	2640	Unicorn-60641.exe	Unicorn-31950.exe
PID 2208 wrote to memory of 2476	2208	Unicorn-21368.exe	Unicorn-60600.exe
PID 2208 wrote to memory of 2476	2208	Unicorn-21368.exe	Unicorn-60600.exe
PID 2208 wrote to memory of 2476	2208	Unicorn-21368.exe	Unicorn-60600.exe
PID 2208 wrote to memory of 2476	2208	Unicorn-21368.exe	Unicorn-60600.exe
PID 2208 wrote to memory of 732	2208	Unicorn-21368.exe	WerFault.exe
PID 2208 wrote to memory of 732	2208	Unicorn-21368.exe	WerFault.exe
PID 2208 wrote to memory of 732	2208	Unicorn-21368.exe	WerFault.exe
PID 2208 wrote to memory of 732	2208	Unicorn-21368.exe	WerFault.exe
PID 1224 wrote to memory of 568	1224	Unicorn-31950.exe	Unicorn-39483.exe
PID 1224 wrote to memory of 568	1224	Unicorn-31950.exe	Unicorn-39483.exe
PID 1224 wrote to memory of 568	1224	Unicorn-31950.exe	Unicorn-39483.exe
PID 1224 wrote to memory of 568	1224	Unicorn-31950.exe	Unicorn-39483.exe
PID 2640 wrote to memory of 272	2640	Unicorn-60641.exe	Unicorn-4542.exe
PID 2640 wrote to memory of 272	2640	Unicorn-60641.exe	Unicorn-4542.exe
PID 2640 wrote to memory of 272	2640	Unicorn-60641.exe	Unicorn-4542.exe
PID 2640 wrote to memory of 272	2640	Unicorn-60641.exe	Unicorn-4542.exe
PID 2628 wrote to memory of 2864	2628	Unicorn-14777.exe	Unicorn-20577.exe
PID 2628 wrote to memory of 2864	2628	Unicorn-14777.exe	Unicorn-20577.exe
PID 2628 wrote to memory of 2864	2628	Unicorn-14777.exe	Unicorn-20577.exe
PID 2628 wrote to memory of 2864	2628	Unicorn-14777.exe	Unicorn-20577.exe
PID 2476 wrote to memory of 2108	2476	Unicorn-60600.exe	Unicorn-25176.exe
PID 2476 wrote to memory of 2108	2476	Unicorn-60600.exe	Unicorn-25176.exe
PID 2476 wrote to memory of 2108	2476	Unicorn-60600.exe	Unicorn-25176.exe
PID 2476 wrote to memory of 2108	2476	Unicorn-60600.exe	Unicorn-25176.exe
PID 2580 wrote to memory of 1972	2580	Unicorn-62868.exe	Unicorn-9524.exe
PID 2580 wrote to memory of 1972	2580	Unicorn-62868.exe	Unicorn-9524.exe
PID 2580 wrote to memory of 1972	2580	Unicorn-62868.exe	Unicorn-9524.exe
PID 2580 wrote to memory of 1972	2580	Unicorn-62868.exe	Unicorn-9524.exe
PID 2640 wrote to memory of 2680	2640	Unicorn-60641.exe	WerFault.exe
PID 2640 wrote to memory of 2680	2640	Unicorn-60641.exe	WerFault.exe
PID 2640 wrote to memory of 2680	2640	Unicorn-60641.exe	WerFault.exe
PID 2640 wrote to memory of 2680	2640	Unicorn-60641.exe	WerFault.exe
PID 2628 wrote to memory of 2756	2628	Unicorn-14777.exe	WerFault.exe
PID 2628 wrote to memory of 2756	2628	Unicorn-14777.exe	WerFault.exe
PID 2628 wrote to memory of 2756	2628	Unicorn-14777.exe	WerFault.exe
PID 2628 wrote to memory of 2756	2628	Unicorn-14777.exe	WerFault.exe
PID 568 wrote to memory of 2792	568	Unicorn-39483.exe	Unicorn-14745.exe
PID 568 wrote to memory of 2792	568	Unicorn-39483.exe	Unicorn-14745.exe
PID 568 wrote to memory of 2792	568	Unicorn-39483.exe	Unicorn-14745.exe
PID 568 wrote to memory of 2792	568	Unicorn-39483.exe	Unicorn-14745.exe

C:\Users\Admin\AppData\Local\Temp\b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe
"C:\Users\Admin\AppData\Local\Temp\b68bf3859a8e16212b2fae8c971bf374fbb59e5b3760a0af9693910aa28d9082.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-62868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62868.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-9524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9524.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-4586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4586.exe
9⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
10⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
11⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-23997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23997.exe
12⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
13⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
14⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
15⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
14⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 236
13⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
12⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
11⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
10⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
9⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
10⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
11⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
12⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
13⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 236
13⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
12⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
11⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
10⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 220
9⤵
- Program crash
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
10⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
11⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
12⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
13⤵
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
13⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 236
12⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
11⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
9⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
8⤵
- Program crash
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-38411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38411.exe
8⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
9⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
10⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
11⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
12⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-44962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44962.exe
13⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
14⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
14⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 236
13⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
12⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
11⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
10⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
11⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
12⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
13⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
14⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
13⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
12⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
11⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
10⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
9⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
10⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
11⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
12⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 236
12⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
10⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
9⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 220
8⤵
- Program crash
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
7⤵
- Program crash
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
6⤵
- Executes dropped EXE
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
6⤵
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-19731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19731.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-1376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1376.exe
7⤵
- Executes dropped EXE
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
10⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
11⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
12⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 236
12⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 236
11⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 236
10⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
9⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
8⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
7⤵
- Program crash
PID:280

C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
7⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
10⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
11⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
12⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
13⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 236
12⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
11⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 236
10⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
9⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
8⤵
- Program crash
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-45852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45852.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
9⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
10⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-17800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17800.exe
11⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
12⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
11⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 236
10⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
8⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 220
7⤵
- Program crash
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
6⤵
- Program crash
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
8⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
9⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
10⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
11⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-60401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60401.exe
12⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-56697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56697.exe
13⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
13⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
12⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
11⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
10⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
9⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
8⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
10⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
11⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
12⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
13⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
12⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
11⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
9⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
8⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
7⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-24876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24876.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
11⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
12⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
13⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
12⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
11⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
10⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
8⤵
- Program crash
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 220
7⤵
- Program crash
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
7⤵
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
8⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
10⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
11⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
12⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
13⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 236
12⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 236
11⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
10⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
9⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
8⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
7⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
10⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
11⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
12⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 236
12⤵
PID:652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
11⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 236
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
9⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
8⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
7⤵
- Program crash
PID:3780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
6⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
7⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
8⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
11⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
12⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
13⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
12⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
10⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
9⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
8⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
7⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
8⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-39264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39264.exe
9⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
10⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
11⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
12⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
11⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 236
10⤵
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
9⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
8⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
7⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
6⤵
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
7⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
8⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
9⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
10⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
11⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
11⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 236
10⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
9⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
8⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 216
7⤵
- Program crash
PID:1316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
6⤵
- Program crash
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
5⤵
- Program crash
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
8⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
10⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
11⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
12⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
13⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
13⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
12⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
11⤵
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
10⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 236
9⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
10⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
11⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
12⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
12⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
11⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 236
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
8⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
7⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
11⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
12⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
13⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
12⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 236
11⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
10⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
8⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
7⤵
- Program crash
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-38987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38987.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-56354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56354.exe
9⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
11⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
12⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 236
12⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 236
11⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
10⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
8⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
7⤵
- Program crash
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
6⤵
- Program crash
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
7⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-45319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45319.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
10⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-27570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27570.exe
11⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
12⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
12⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
13⤵
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 220
12⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
11⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
10⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
9⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
8⤵
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
7⤵
- Program crash
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
6⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
7⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-12272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12272.exe
11⤵
PID:8696

C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
12⤵
PID:896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 236
12⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 236
11⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
9⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 216
8⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
7⤵
- Program crash
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
6⤵
- Program crash
PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
5⤵
- Program crash
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-4586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4586.exe
7⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-4121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4121.exe
10⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
11⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-16596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16596.exe
12⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
13⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 236
12⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 236
11⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
10⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
9⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
8⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
7⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
6⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
7⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
9⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
10⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
11⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
12⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 236
12⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
11⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 236
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
8⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
7⤵
- Program crash
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
6⤵
- Program crash
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-31525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31525.exe
6⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
7⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
8⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
9⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-30743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30743.exe
10⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
11⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
11⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 236
10⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
9⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
8⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 216
7⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
6⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
5⤵
- Program crash
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:732

C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:740

C:\Users\Admin\AppData\Local\Temp\Unicorn-582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-582.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:524

C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
9⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
10⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
11⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
12⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
13⤵
PID:8832

C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
14⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
13⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
12⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
11⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
10⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
9⤵
- Program crash
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 236
8⤵
- Program crash
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
10⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
11⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
12⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
13⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 236
12⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
11⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
10⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
9⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
8⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 240
7⤵
- Program crash
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
11⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-53949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53949.exe
12⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 236
12⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
11⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
10⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
8⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
7⤵
- Program crash
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 220
6⤵
- Program crash
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-19958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19958.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
7⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-33438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33438.exe
10⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
11⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 188
12⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
11⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
10⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
8⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
7⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
6⤵
- Program crash
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
5⤵
- Program crash
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-57314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57314.exe
10⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-44983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44983.exe
11⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
12⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
13⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
14⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
13⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 236
12⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
11⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
10⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
11⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
12⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 236
12⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 236
11⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
10⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
9⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
8⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
7⤵
- Program crash
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
10⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-29264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29264.exe
11⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
11⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
10⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
7⤵
- Program crash
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
6⤵
- Program crash
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-10748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10748.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
9⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
10⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe
11⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
11⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
10⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
8⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
7⤵
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
6⤵
- Program crash
PID:1924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
5⤵
- Program crash
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:272

C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
9⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
10⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
11⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
12⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
12⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
11⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 236
10⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
9⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
8⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
7⤵
- Program crash
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe
7⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
9⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
10⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
11⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
12⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-28850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28850.exe
13⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
12⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
11⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
10⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
9⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-43982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43982.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-28799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28799.exe
11⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
12⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
11⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
10⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
9⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
8⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
7⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
8⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
9⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
10⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
11⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
11⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
9⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
8⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
7⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
6⤵
- Program crash
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
7⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-59277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59277.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-27153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27153.exe
10⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
11⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
12⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
11⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
10⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
9⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
8⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
7⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
6⤵
- Program crash
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 240
5⤵
- Program crash
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
7⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
8⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
9⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
10⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe
11⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
11⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 236
10⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
8⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 236
7⤵
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
6⤵
- Program crash
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
6⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
7⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
8⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
9⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
10⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
11⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
11⤵
PID:820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 236
10⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 236
9⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
8⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
7⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
6⤵
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
5⤵
- Program crash
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
4⤵
- Program crash
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
2⤵
- Program crash
PID:2708

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
Filesize
184KB

MD5
9c3284fdc179204de98689291b48e757

SHA1
db1f3c1d0f370f680b2f1e010ee0e5aedf90fc18

SHA256
40c853b25d27d126fb2f869befd329e90d33548ca5664cd19210b7a15716c52a

SHA512
d6f213377d1801abb465ce707e7b63fb53708d533f1660df0909b271d9906f04e095db8ef99f606d2148868f8f306c779a0cc987973acfa8bffac15baba1a778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44962.exe
Filesize
184KB

MD5
de32b3c9163f6519f69856003985961f

SHA1
3d3bcd26d9e00ddcdb62c3326e417519cf0a6e51

SHA256
3158de4e50fc1c1fa8e1ba122cb968e39f3cd30563dbd19d8dca4ed18097ce5b

SHA512
54dfff1692eab1a60563054b6df17938eeeaa6c018727f8fa5dd96519794d39398b651859eee20e8d4fc3046fda1dcdecfba59691d586e6ed6dddb631d987dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
Filesize
184KB

MD5
3c429f92ae3b32248012e854d853c593

SHA1
37efd4b409741da586e5b24e225c8b6949875a16

SHA256
68d5335cee6b4b9e86af01b233a034c9d47619fb7a567f881d2eedec832c23a8

SHA512
376d724bfb0a851bce686a38b36bf80a92c6616a552714106f3b8952c9b343dfb2fe085fdb30a157e0ddd7676ea66f09dc709b90d6a20fcab23ea27912473edd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
Filesize
184KB

MD5
a9eecd32c21f1b1f2f02baee7033a450

SHA1
a55aadd784665358267c152cf9df0ebd0deaa52a

SHA256
c73fe829be20b7683d176d124dec23ebcaa81c5ed931a5b351068843f090521d

SHA512
166f080188b6abd531bc8775176a570f81e38e239a07ebe48f6b42b318432487c67fa3fc13a66f0daa7eb0757aa311e1fee8d86da2d36469b6cddb0d226410d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
Filesize
184KB

MD5
acffc4a8a91a2d4b1cd0099796c37a33

SHA1
b644bc39cbcd2fa9b4a640f6b543fe84e385ea17

SHA256
5d9141a04cc740006a55440562060c1949b2269782cf041e4866cad8cd316ed7

SHA512
d37579213842b968904546a380e686142b511507f5449b788e07d34b3e8a759b1db59be6a9a3d52e544084404db4cd6e6bcca0e077d22442433a6e99eff08e56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
Filesize
184KB

MD5
ceee5af3a1e504ff6fb4709bcb903909

SHA1
2050cad364da7f09531988499839378519e9b28d

SHA256
0f042bbc25df6672fdebb69ac07a09914de6ecdb07dacfb340d290b541c492c1

SHA512
902a330ad18eeded79874eb87fb4aa48a127b53b527cb6a739a37340fcb92dded7ac40d5a339668628f89ad1d2ef8f30f431d1afc9b6b77706b44047a27701d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
Filesize
184KB

MD5
4469420e0115f63dd05084aac40f56fd

SHA1
a8571b74fa8c74bd13a67c9b0d3196dffc9728df

SHA256
4825fefd0dc49c85f4c263922bd72682bb6bb015d4fa4c9c1b51f86db956f69a

SHA512
706e0aa2f27bf75efce0beb27a75f48a5bd1d02c4c1f5bf5b312e9efdd8cba4374d69ae564e89f59c4f931c0a14dafaba946fc676c8809297f89c9701804b48d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
Filesize
184KB

MD5
2f4d6db8e2b2c7874e2d6b44a2a83b0c

SHA1
ed7c8b43e6b171f91381818f2fa837acc745a4f1

SHA256
bb0c9c792741d2e7e61788c14b775df1ad0137a27d8303f91e978c7e21cbd18b

SHA512
70080bfd9e0312d78df5f78909cca3ccf0359e473a4b9fe512cffc377853e4cdc00b2fe6c34d95d50cb6aa8f60af3571e4baac665dc98c534290d96f204c2082

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
Filesize
184KB

MD5
59384299c75a79e828fdb368660cdedd

SHA1
ae4068476828a16c81fe418f2b968748bf3966cf

SHA256
7ebc1dbb540210bca276fbfd798c8eb70a8bc2c718b16cdade6b6ce23c8d4e25

SHA512
a46a84102c8cc96433c542b9351818cfbd4ed35571a7e177e022fe5f8df2b6de7101760861b98caa49600e31233ec067071dc9bc3cb8281bd89d59d840512bad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
Filesize
184KB

MD5
9e6b293a19275c8f1a547c808a76ed9a

SHA1
702c1adfbb58a26905dda5aa4a74081f5fcf5086

SHA256
970fbe5251dcade2c40fee003d60e9c0ed2df98882ef856f7b7f0f5da491a6fd

SHA512
379834e930c9809bdb287875ff69273292a4462ccdcf1bf1ba9a5483c8bc60cd1f799a2debdec04992a40427c086f090c9416354b168b896fc2a702fdf8bc5c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
Filesize
184KB

MD5
c9dc4089ad482537c210df1a12d96c43

SHA1
666cc4038f3134468134b2e9a743dd47e05591bf

SHA256
ffa8863b413c314f8d818e28f38d395897bf8988e5382ed16c1c3d8e48b5c09b

SHA512
2dfea503dbedd530f4ce3525148393fbb7f8f9b457133144f43938ea9f7a111c07e7266a0731f6d3db4e8c4ac6300c42e787fb75a469e8a7d56878c4bd41f450

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
Filesize
184KB

MD5
7ad941def9110c9bbda50320ee094018

SHA1
ac952034ea5982ca1b72efd5c498a9a4828006a4

SHA256
07ae36f824abd4797a457ec35956c1703ddd83dd82cb62e2ecc8c6ffd9e70570

SHA512
28c35ee7fd632476917b645a408004856c3d85897d7e200cfc185b79cd2b46926959384daa36dbfd76ed083d1f54203e3a982edeb5aec02057aa170696eec3e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
Filesize
184KB

MD5
c8ed923aafff350c52c3b0f7df867f12

SHA1
c3e8ccd80a60fe91ff07e26b10a48afa4f1a7c48

SHA256
ba43bff600c4b0bc0af459cc8212a6622329213b876755cb49cd824c09d04685

SHA512
6745c2fba0d6ed3371116571cec2fb083c49c44f64f76475e6b8d9ed1d256dc5cc85c538fd66adb58425de6b758cb6aec74a4c63f1e80dd8209379848e038344

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
Filesize
184KB

MD5
dc4258aa6f3092ff476a95bcf2a4a74d

SHA1
bb20667a2b2601896ed00d232608b74b3e9985f7

SHA256
817cf4d3c5431c110c93d49dbcfb485d47a1f8aa5e0a1cc36c58e3cfd7ac8e3a

SHA512
65ff00b2e0e4027c44d9d256aa87785c222e21419575f2e72971097bb27dc0aff4ab686c1155db1c640353d9a2be511e92fa4f06a85de1b297f2609e28e544a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62868.exe
Filesize
184KB

MD5
b17f72f3acb566cfdcf28733a7ad875a

SHA1
8a314b15e50b2f1387689f6f15fe73745dd3a60f

SHA256
839f875e264b76a76ca0c2122ac00770a68e706a85db05b4c0ec8596f177461a

SHA512
3f49b57ae159c65a136df51a47ad96be25a9d6829718c8af8a3118e6af03ff2d9033d775427e93e1ea88894e967a0cc54a572f166cb49e1f812624573e4e1fc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9524.exe
Filesize
184KB

MD5
27ed98506fcc74ba9e7badb50cf9c119

SHA1
6c133237484ca0799997c2e5eb9dff2e8b7cf66a

SHA256
9e79b19bfd7dcdaf4ed96a07e89fe94a485098effb8e0bed673d1c484f728e79

SHA512
6be3c6e551478f8c100627278f3b2679bb32d9c9352a44ee88eb69e5836c3153eb9e29c8c4bc9f2f6a274fcbd667bd12a62e1f3097df5ff397591175781c3d3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads