721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe
Size

184KB
MD5

2a0e5f97724ede9dbf87cd2aa745a5ac
SHA1

dfac5c9f501cfea609a29f3336c7215d6f018e74
SHA256

721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060
SHA512

d1bb5e95d1812f9367538ecdb34f3d6eae8f8386aafc847d11a947e4a33ca225987d2ffab5835540df0d31d3070d0da5efee7d21ab353e2aead1489ffe573ae4
SSDEEP

3072:5yYMrIoc068huVjieYZLpMZMIK0xNg88+/lU5qJULphlnVOUBnG:5yAoX4VjWLiZMItT7khlnVOUB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-58850.exeUnicorn-32483.exeUnicorn-51512.exeUnicorn-6286.exeUnicorn-60962.exeUnicorn-26152.exeUnicorn-43796.exeUnicorn-25898.exeUnicorn-40842.exeUnicorn-50402.exeUnicorn-30536.exeUnicorn-48347.exeUnicorn-10007.exeUnicorn-14091.exeUnicorn-29873.exeUnicorn-5923.exeUnicorn-25789.exeUnicorn-38233.exeUnicorn-36924.exeUnicorn-53090.exeUnicorn-65534.exeUnicorn-10858.exeUnicorn-19026.exeUnicorn-53837.exeUnicorn-34808.exeUnicorn-42976.exeUnicorn-4081.exeUnicorn-12249.exeUnicorn-20418.exeUnicorn-4444.exeUnicorn-8741.exeUnicorn-31876.exeUnicorn-16094.exeUnicorn-1704.exeUnicorn-56764.exeUnicorn-51611.exeUnicorn-53235.exeUnicorn-7563.exeUnicorn-9187.exeUnicorn-63863.exeUnicorn-54626.exeUnicorn-34760.exeUnicorn-49665.exeUnicorn-6686.exeUnicorn-29799.exeUnicorn-23023.exeUnicorn-7241.exeUnicorn-60607.exeUnicorn-44826.exeUnicorn-60415.exeUnicorn-11214.exeUnicorn-15298.exeUnicorn-34327.exeUnicorn-54769.exeUnicorn-93.exeUnicorn-16621.exeUnicorn-9844.exeUnicorn-32957.exeUnicorn-42901.exeUnicorn-57846.exeUnicorn-51069.exeUnicorn-35287.exeUnicorn-20343.exeUnicorn-4561.exe

pid	process
2556	Unicorn-58850.exe
2720	Unicorn-32483.exe
2704	Unicorn-51512.exe
1920	Unicorn-6286.exe
2412	Unicorn-60962.exe
2968	Unicorn-26152.exe
736	Unicorn-43796.exe
1276	Unicorn-25898.exe
2864	Unicorn-40842.exe
2744	Unicorn-50402.exe
1460	Unicorn-30536.exe
2760	Unicorn-48347.exe
1252	Unicorn-10007.exe
2244	Unicorn-14091.exe
1128	Unicorn-29873.exe
2020	Unicorn-5923.exe
2312	Unicorn-25789.exe
1968	Unicorn-38233.exe
2328	Unicorn-36924.exe
1692	Unicorn-53090.exe
1152	Unicorn-65534.exe
1452	Unicorn-10858.exe
1064	Unicorn-19026.exe
1648	Unicorn-53837.exe
932	Unicorn-34808.exe
1680	Unicorn-42976.exe
2212	Unicorn-4081.exe
1932	Unicorn-12249.exe
2064	Unicorn-20418.exe
1652	Unicorn-4444.exe
2692	Unicorn-8741.exe
2828	Unicorn-31876.exe
2964	Unicorn-16094.exe
2532	Unicorn-1704.exe
2500	Unicorn-56764.exe
2480	Unicorn-51611.exe
564	Unicorn-53235.exe
2856	Unicorn-7563.exe
2972	Unicorn-9187.exe
2284	Unicorn-63863.exe
928	Unicorn-54626.exe
2648	Unicorn-34760.exe
2152	Unicorn-49665.exe
2132	Unicorn-6686.exe
2792	Unicorn-29799.exe
2816	Unicorn-23023.exe
2272	Unicorn-7241.exe
1784	Unicorn-60607.exe
2908	Unicorn-44826.exe
2040	Unicorn-60415.exe
2892	Unicorn-11214.exe
1540	Unicorn-15298.exe
2352	Unicorn-34327.exe
936	Unicorn-54769.exe
2208	Unicorn-93.exe
1512	Unicorn-16621.exe
3064	Unicorn-9844.exe
2176	Unicorn-32957.exe
524	Unicorn-42901.exe
1352	Unicorn-57846.exe
2848	Unicorn-51069.exe
1280	Unicorn-35287.exe
2752	Unicorn-20343.exe
2672	Unicorn-4561.exe

Loads dropped DLL 64 IoCs

Processes:

721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exeUnicorn-58850.exeUnicorn-32483.exeUnicorn-51512.exeWerFault.exeUnicorn-6286.exeUnicorn-26152.exeUnicorn-60962.exeWerFault.exeWerFault.exeUnicorn-43796.exeUnicorn-25898.exeUnicorn-50402.exeUnicorn-30536.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe
2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe
2556	Unicorn-58850.exe
2556	Unicorn-58850.exe
2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe
2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe
2556	Unicorn-58850.exe
2720	Unicorn-32483.exe
2556	Unicorn-58850.exe
2720	Unicorn-32483.exe
2704	Unicorn-51512.exe
2704	Unicorn-51512.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
1920	Unicorn-6286.exe
1920	Unicorn-6286.exe
2968	Unicorn-26152.exe
2968	Unicorn-26152.exe
2704	Unicorn-51512.exe
2704	Unicorn-51512.exe
2412	Unicorn-60962.exe
2412	Unicorn-60962.exe
2720	Unicorn-32483.exe
2720	Unicorn-32483.exe
2772	WerFault.exe
2772	WerFault.exe
2772	WerFault.exe
2772	WerFault.exe
1408	WerFault.exe
1408	WerFault.exe
1408	WerFault.exe
1408	WerFault.exe
1408	WerFault.exe
2772	WerFault.exe
736	Unicorn-43796.exe
736	Unicorn-43796.exe
2412	Unicorn-60962.exe
1276	Unicorn-25898.exe
2412	Unicorn-60962.exe
2968	Unicorn-26152.exe
1276	Unicorn-25898.exe
2968	Unicorn-26152.exe
2744	Unicorn-50402.exe
1920	Unicorn-6286.exe
2744	Unicorn-50402.exe
1460	Unicorn-30536.exe
1920	Unicorn-6286.exe
1460	Unicorn-30536.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2868	2600	WerFault.exe	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe
2392	2556	WerFault.exe	Unicorn-58850.exe
1408	2704	WerFault.exe	Unicorn-51512.exe
2772	2720	WerFault.exe	Unicorn-32483.exe
2248	1920	WerFault.exe	Unicorn-6286.exe
1184	2968	WerFault.exe	Unicorn-26152.exe
1476	2412	WerFault.exe	Unicorn-60962.exe
1988	736	WerFault.exe	Unicorn-43796.exe
2612	2744	WerFault.exe	Unicorn-50402.exe
2268	1276	WerFault.exe	Unicorn-25898.exe
2540	1460	WerFault.exe	Unicorn-30536.exe
2616	2864	WerFault.exe	Unicorn-40842.exe
2456	1152	WerFault.exe	Unicorn-65534.exe
592	2020	WerFault.exe	Unicorn-5923.exe
1124	2312	WerFault.exe	Unicorn-25789.exe
1776	1128	WerFault.exe	Unicorn-29873.exe
456	1968	WerFault.exe	Unicorn-38233.exe
1160	1252	WerFault.exe	Unicorn-10007.exe
2204	2244	WerFault.exe	Unicorn-14091.exe
1884	2760	WerFault.exe	Unicorn-48347.exe
1660	2176	WerFault.exe	Unicorn-32957.exe
1748	2648	WerFault.exe	Unicorn-34760.exe
2008	2328	WerFault.exe	Unicorn-36924.exe
1952	1692	WerFault.exe	Unicorn-53090.exe
2944	1652	WerFault.exe	Unicorn-4444.exe
2804	2352	WerFault.exe	Unicorn-34327.exe
1896	1680	WerFault.exe	Unicorn-42976.exe
2316	1932	WerFault.exe	Unicorn-12249.exe
1344	932	WerFault.exe	Unicorn-34808.exe
1104	1064	WerFault.exe	Unicorn-19026.exe
1328	1452	WerFault.exe	Unicorn-10858.exe
2116	2692	WerFault.exe	Unicorn-8741.exe
1992	2964	WerFault.exe	Unicorn-16094.exe
2216	2064	WerFault.exe	Unicorn-20418.exe
2260	2532	WerFault.exe	Unicorn-1704.exe
3040	2828	WerFault.exe	Unicorn-31876.exe
2608	2500	WerFault.exe	Unicorn-56764.exe
3084	2480	WerFault.exe	Unicorn-51611.exe
3176	1648	WerFault.exe	Unicorn-53837.exe
3208	2284	WerFault.exe	Unicorn-63863.exe
3244	2132	WerFault.exe	Unicorn-6686.exe
3264	2272	WerFault.exe	Unicorn-7241.exe
3328	928	WerFault.exe	Unicorn-54626.exe
3340	2152	WerFault.exe	Unicorn-49665.exe
3408	2792	WerFault.exe	Unicorn-29799.exe
3572	852	WerFault.exe	Unicorn-10591.exe
3520	2208	WerFault.exe	Unicorn-93.exe
3608	2212	WerFault.exe	Unicorn-4081.exe
3636	2972	WerFault.exe	Unicorn-9187.exe
3688	2040	WerFault.exe	Unicorn-60415.exe
3716	2672	WerFault.exe	Unicorn-4561.exe
3740	1512	WerFault.exe	Unicorn-16621.exe
3764	1572	WerFault.exe	Unicorn-57161.exe
3840	552	WerFault.exe	Unicorn-34048.exe
3892	524	WerFault.exe	Unicorn-42901.exe
3916	1352	WerFault.exe	Unicorn-57846.exe
3956	1600	WerFault.exe	Unicorn-53269.exe
3980	1736	WerFault.exe	Unicorn-10228.exe
4016	2848	WerFault.exe	Unicorn-51069.exe
4064	2816	WerFault.exe	Unicorn-23023.exe
3116	2588	WerFault.exe	Unicorn-32787.exe
3152	2072	WerFault.exe	Unicorn-42216.exe
3252	1948	WerFault.exe	Unicorn-41016.exe
3284	936	WerFault.exe	Unicorn-54769.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exeUnicorn-58850.exeUnicorn-32483.exeUnicorn-51512.exeUnicorn-6286.exeUnicorn-26152.exeUnicorn-60962.exeUnicorn-43796.exeUnicorn-25898.exeUnicorn-30536.exeUnicorn-50402.exeUnicorn-40842.exeUnicorn-10007.exeUnicorn-5923.exeUnicorn-48347.exeUnicorn-29873.exeUnicorn-38233.exeUnicorn-25789.exeUnicorn-14091.exeUnicorn-36924.exeUnicorn-53090.exeUnicorn-65534.exeUnicorn-10858.exeUnicorn-53837.exeUnicorn-4081.exeUnicorn-19026.exeUnicorn-12249.exeUnicorn-42976.exeUnicorn-34808.exeUnicorn-20418.exeUnicorn-4444.exeUnicorn-8741.exeUnicorn-31876.exeUnicorn-16094.exeUnicorn-1704.exeUnicorn-56764.exeUnicorn-51611.exeUnicorn-7563.exeUnicorn-9187.exeUnicorn-53235.exeUnicorn-54626.exeUnicorn-63863.exeUnicorn-49665.exeUnicorn-23023.exeUnicorn-29799.exeUnicorn-34760.exeUnicorn-6686.exeUnicorn-7241.exeUnicorn-60607.exeUnicorn-44826.exeUnicorn-60415.exeUnicorn-11214.exeUnicorn-15298.exeUnicorn-34327.exeUnicorn-93.exeUnicorn-16621.exeUnicorn-9844.exeUnicorn-32957.exeUnicorn-42901.exeUnicorn-57846.exeUnicorn-51069.exeUnicorn-20343.exeUnicorn-4561.exeUnicorn-32787.exe

pid	process
2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe
2556	Unicorn-58850.exe
2720	Unicorn-32483.exe
2704	Unicorn-51512.exe
1920	Unicorn-6286.exe
2968	Unicorn-26152.exe
2412	Unicorn-60962.exe
736	Unicorn-43796.exe
1276	Unicorn-25898.exe
1460	Unicorn-30536.exe
2744	Unicorn-50402.exe
2864	Unicorn-40842.exe
1252	Unicorn-10007.exe
2020	Unicorn-5923.exe
2760	Unicorn-48347.exe
1128	Unicorn-29873.exe
1968	Unicorn-38233.exe
2312	Unicorn-25789.exe
2244	Unicorn-14091.exe
2328	Unicorn-36924.exe
1692	Unicorn-53090.exe
1152	Unicorn-65534.exe
1452	Unicorn-10858.exe
1648	Unicorn-53837.exe
2212	Unicorn-4081.exe
1064	Unicorn-19026.exe
1932	Unicorn-12249.exe
1680	Unicorn-42976.exe
932	Unicorn-34808.exe
2064	Unicorn-20418.exe
1652	Unicorn-4444.exe
2692	Unicorn-8741.exe
2828	Unicorn-31876.exe
2964	Unicorn-16094.exe
2532	Unicorn-1704.exe
2500	Unicorn-56764.exe
2480	Unicorn-51611.exe
2856	Unicorn-7563.exe
2972	Unicorn-9187.exe
564	Unicorn-53235.exe
928	Unicorn-54626.exe
2284	Unicorn-63863.exe
2152	Unicorn-49665.exe
2816	Unicorn-23023.exe
2792	Unicorn-29799.exe
2648	Unicorn-34760.exe
2132	Unicorn-6686.exe
2272	Unicorn-7241.exe
1784	Unicorn-60607.exe
2908	Unicorn-44826.exe
2040	Unicorn-60415.exe
2892	Unicorn-11214.exe
1540	Unicorn-15298.exe
2352	Unicorn-34327.exe
2208	Unicorn-93.exe
1512	Unicorn-16621.exe
3064	Unicorn-9844.exe
2176	Unicorn-32957.exe
524	Unicorn-42901.exe
1352	Unicorn-57846.exe
2848	Unicorn-51069.exe
2752	Unicorn-20343.exe
2672	Unicorn-4561.exe
2588	Unicorn-32787.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exeUnicorn-58850.exeUnicorn-32483.exeUnicorn-51512.exeUnicorn-6286.exeUnicorn-26152.exeUnicorn-60962.exeUnicorn-43796.exe

description	pid	process	target process
PID 2600 wrote to memory of 2556	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	Unicorn-58850.exe
PID 2600 wrote to memory of 2556	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	Unicorn-58850.exe
PID 2600 wrote to memory of 2556	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	Unicorn-58850.exe
PID 2600 wrote to memory of 2556	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	Unicorn-58850.exe
PID 2556 wrote to memory of 2720	2556	Unicorn-58850.exe	Unicorn-32483.exe
PID 2556 wrote to memory of 2720	2556	Unicorn-58850.exe	Unicorn-32483.exe
PID 2556 wrote to memory of 2720	2556	Unicorn-58850.exe	Unicorn-32483.exe
PID 2556 wrote to memory of 2720	2556	Unicorn-58850.exe	Unicorn-32483.exe
PID 2600 wrote to memory of 2704	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	Unicorn-51512.exe
PID 2600 wrote to memory of 2704	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	Unicorn-51512.exe
PID 2600 wrote to memory of 2704	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	Unicorn-51512.exe
PID 2600 wrote to memory of 2704	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	Unicorn-51512.exe
PID 2600 wrote to memory of 2868	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	WerFault.exe
PID 2600 wrote to memory of 2868	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	WerFault.exe
PID 2600 wrote to memory of 2868	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	WerFault.exe
PID 2600 wrote to memory of 2868	2600	721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe	WerFault.exe
PID 2556 wrote to memory of 1920	2556	Unicorn-58850.exe	Unicorn-6286.exe
PID 2556 wrote to memory of 1920	2556	Unicorn-58850.exe	Unicorn-6286.exe
PID 2556 wrote to memory of 1920	2556	Unicorn-58850.exe	Unicorn-6286.exe
PID 2556 wrote to memory of 1920	2556	Unicorn-58850.exe	Unicorn-6286.exe
PID 2720 wrote to memory of 2412	2720	Unicorn-32483.exe	Unicorn-60962.exe
PID 2720 wrote to memory of 2412	2720	Unicorn-32483.exe	Unicorn-60962.exe
PID 2720 wrote to memory of 2412	2720	Unicorn-32483.exe	Unicorn-60962.exe
PID 2720 wrote to memory of 2412	2720	Unicorn-32483.exe	Unicorn-60962.exe
PID 2704 wrote to memory of 2968	2704	Unicorn-51512.exe	Unicorn-26152.exe
PID 2704 wrote to memory of 2968	2704	Unicorn-51512.exe	Unicorn-26152.exe
PID 2704 wrote to memory of 2968	2704	Unicorn-51512.exe	Unicorn-26152.exe
PID 2704 wrote to memory of 2968	2704	Unicorn-51512.exe	Unicorn-26152.exe
PID 2556 wrote to memory of 2392	2556	Unicorn-58850.exe	WerFault.exe
PID 2556 wrote to memory of 2392	2556	Unicorn-58850.exe	WerFault.exe
PID 2556 wrote to memory of 2392	2556	Unicorn-58850.exe	WerFault.exe
PID 2556 wrote to memory of 2392	2556	Unicorn-58850.exe	WerFault.exe
PID 1920 wrote to memory of 736	1920	Unicorn-6286.exe	Unicorn-43796.exe
PID 1920 wrote to memory of 736	1920	Unicorn-6286.exe	Unicorn-43796.exe
PID 1920 wrote to memory of 736	1920	Unicorn-6286.exe	Unicorn-43796.exe
PID 1920 wrote to memory of 736	1920	Unicorn-6286.exe	Unicorn-43796.exe
PID 2968 wrote to memory of 1276	2968	Unicorn-26152.exe	Unicorn-25898.exe
PID 2968 wrote to memory of 1276	2968	Unicorn-26152.exe	Unicorn-25898.exe
PID 2968 wrote to memory of 1276	2968	Unicorn-26152.exe	Unicorn-25898.exe
PID 2968 wrote to memory of 1276	2968	Unicorn-26152.exe	Unicorn-25898.exe
PID 2704 wrote to memory of 2864	2704	Unicorn-51512.exe	Unicorn-40842.exe
PID 2704 wrote to memory of 2864	2704	Unicorn-51512.exe	Unicorn-40842.exe
PID 2704 wrote to memory of 2864	2704	Unicorn-51512.exe	Unicorn-40842.exe
PID 2704 wrote to memory of 2864	2704	Unicorn-51512.exe	Unicorn-40842.exe
PID 2412 wrote to memory of 2744	2412	Unicorn-60962.exe	Unicorn-50402.exe
PID 2412 wrote to memory of 2744	2412	Unicorn-60962.exe	Unicorn-50402.exe
PID 2412 wrote to memory of 2744	2412	Unicorn-60962.exe	Unicorn-50402.exe
PID 2412 wrote to memory of 2744	2412	Unicorn-60962.exe	Unicorn-50402.exe
PID 2720 wrote to memory of 1460	2720	Unicorn-32483.exe	Unicorn-30536.exe
PID 2720 wrote to memory of 1460	2720	Unicorn-32483.exe	Unicorn-30536.exe
PID 2720 wrote to memory of 1460	2720	Unicorn-32483.exe	Unicorn-30536.exe
PID 2720 wrote to memory of 1460	2720	Unicorn-32483.exe	Unicorn-30536.exe
PID 2720 wrote to memory of 2772	2720	Unicorn-32483.exe	WerFault.exe
PID 2720 wrote to memory of 2772	2720	Unicorn-32483.exe	WerFault.exe
PID 2720 wrote to memory of 2772	2720	Unicorn-32483.exe	WerFault.exe
PID 2720 wrote to memory of 2772	2720	Unicorn-32483.exe	WerFault.exe
PID 2704 wrote to memory of 1408	2704	Unicorn-51512.exe	WerFault.exe
PID 2704 wrote to memory of 1408	2704	Unicorn-51512.exe	WerFault.exe
PID 2704 wrote to memory of 1408	2704	Unicorn-51512.exe	WerFault.exe
PID 2704 wrote to memory of 1408	2704	Unicorn-51512.exe	WerFault.exe
PID 736 wrote to memory of 2760	736	Unicorn-43796.exe	Unicorn-48347.exe
PID 736 wrote to memory of 2760	736	Unicorn-43796.exe	Unicorn-48347.exe
PID 736 wrote to memory of 2760	736	Unicorn-43796.exe	Unicorn-48347.exe
PID 736 wrote to memory of 2760	736	Unicorn-43796.exe	Unicorn-48347.exe

C:\Users\Admin\AppData\Local\Temp\721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe
"C:\Users\Admin\AppData\Local\Temp\721327b65517b11fa23bad959b2a627b4190b825a4e24c914bbadbe4a848a060.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 244
8⤵
- Program crash
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-44162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44162.exe
9⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
10⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-63975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63975.exe
11⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
12⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
13⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
14⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
15⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
14⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
13⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 236
12⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
11⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
10⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
11⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
12⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
13⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
12⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 236
11⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
10⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
8⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45226.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
11⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
12⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-58257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58257.exe
13⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
14⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
13⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 236
12⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
11⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
10⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
9⤵
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
8⤵
- Program crash
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
7⤵
- Program crash
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
8⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
10⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
11⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
12⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
13⤵
PID:9440

C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
14⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
13⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
12⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
11⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
10⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
9⤵
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
8⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
7⤵
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
8⤵
- Program crash
PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
7⤵
- Program crash
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
6⤵
- Program crash
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
10⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
11⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
12⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
13⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 236
13⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 236
12⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
11⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
9⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
8⤵
- Program crash
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
7⤵
- Executes dropped EXE
PID:1280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
7⤵
- Program crash
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
7⤵
- Program crash
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
6⤵
- Program crash
PID:1160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-30536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30536.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
10⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
11⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
12⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
13⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
13⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
12⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
11⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
10⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
9⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
8⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
8⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
9⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-13954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13954.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-43498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43498.exe
11⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
12⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
13⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
13⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
12⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
11⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
9⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
8⤵
- Program crash
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
7⤵
- Program crash
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-38625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38625.exe
7⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
11⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
12⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
12⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
13⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 240
12⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
11⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
10⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
9⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
8⤵
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
7⤵
- Program crash
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
6⤵
- Program crash
PID:456

C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
7⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
10⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
11⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-51148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51148.exe
12⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 236
12⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
11⤵
PID:3004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
10⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
7⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
8⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
9⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
10⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-46861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46861.exe
11⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
11⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
10⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
9⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
8⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 220
7⤵
- Program crash
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
6⤵
- Program crash
PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
5⤵
- Program crash
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:736

C:\Users\Admin\AppData\Local\Temp\Unicorn-48347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48347.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
10⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
11⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
12⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
13⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
12⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
11⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
10⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
10⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
11⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
12⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 236
12⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 236
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
9⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
8⤵
- Program crash
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
7⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
8⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
10⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
10⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
11⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
12⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 236
12⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 236
11⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 240
10⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 240
9⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
8⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
7⤵
- Program crash
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-32787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32787.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-53202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53202.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
11⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
12⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
13⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
12⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
11⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 236
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
8⤵
- Program crash
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
7⤵
- Program crash
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
6⤵
- Program crash
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-4444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4444.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56764.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
7⤵
- Executes dropped EXE
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
8⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
11⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
12⤵
PID:8764

C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
13⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 236
12⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 236
11⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
10⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
9⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-14338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14338.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
11⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
12⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
13⤵
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
12⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 236
10⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
8⤵
- Program crash
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe
7⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
9⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
11⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
12⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 236
12⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 236
11⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
10⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
9⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
8⤵
- Program crash
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
7⤵
- Program crash
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-42408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42408.exe
7⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
8⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
10⤵
PID:7364

C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe
11⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
12⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
11⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 236
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
9⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
8⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
7⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
6⤵
- Program crash
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 240
5⤵
- Program crash
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
8⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-6694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6694.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
10⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
11⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
12⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
13⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
13⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
12⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
11⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
10⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
11⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
12⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe
13⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
12⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
11⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 236
10⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
9⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
7⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
10⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 240
11⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 236
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
9⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
8⤵
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
7⤵
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
7⤵
- Program crash
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
6⤵
- Program crash
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-16094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16094.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
7⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
9⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
10⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-18797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18797.exe
11⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
12⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 236
12⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 236
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
9⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
7⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
8⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
9⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
10⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
11⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
11⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 236
9⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
8⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
7⤵
- Program crash
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
6⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
7⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
8⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
9⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
10⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
11⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 236
11⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
10⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
9⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
8⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
7⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
6⤵
- Program crash
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
5⤵
- Program crash
PID:592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-62963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62963.exe
11⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
12⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
13⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
14⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
13⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
12⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 236
11⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
10⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
8⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
10⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
11⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
12⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
13⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
14⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
13⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 236
12⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
11⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
10⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 216
9⤵
- Program crash
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
8⤵
- Program crash
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 188
8⤵
- Program crash
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
7⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
7⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
8⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
11⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
12⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
12⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
11⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
10⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
8⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
7⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
10⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
11⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
12⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
11⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 236
9⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
9⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
10⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
11⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
10⤵
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
9⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
8⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
7⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
6⤵
- Program crash
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
7⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
10⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
11⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
12⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe
13⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
12⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
11⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
10⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
8⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 236
7⤵
- Program crash
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
6⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
7⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
8⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-4800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4800.exe
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
10⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
11⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
11⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
10⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
9⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
8⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
7⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
6⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
5⤵
- Program crash
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:524

C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
8⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
10⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
11⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-31013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31013.exe
12⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
12⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
11⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
10⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
9⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 236
8⤵
- Program crash
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe
7⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
9⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12408.exe
10⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
11⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
11⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
10⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
9⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
8⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
7⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
7⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-57265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57265.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
10⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
11⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
12⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 236
12⤵
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 236
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 236
10⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
9⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
8⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
7⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
8⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
10⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
11⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
12⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
11⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
10⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 236
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
8⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
7⤵
- Program crash
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
6⤵
- Program crash
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
6⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
7⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-2330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2330.exe
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
10⤵
PID:8028

C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
11⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 216
11⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
9⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
8⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
7⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
6⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
7⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-17676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17676.exe
8⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
9⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
10⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
11⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
10⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
9⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
8⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 216
7⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
6⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
5⤵
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
7⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
8⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
10⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-4686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4686.exe
11⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
12⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
13⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
12⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
11⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 236
10⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
9⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
8⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
7⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
8⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 240
10⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 236
9⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
8⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
7⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
6⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
7⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
8⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
9⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
10⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
11⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
11⤵
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 236
10⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
9⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
8⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
7⤵
- Program crash
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
6⤵
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
6⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
7⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
8⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
10⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
11⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 236
11⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
10⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
9⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
8⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 216
7⤵
- Program crash
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
6⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
7⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
8⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
9⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
10⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
10⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
9⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 236
8⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
7⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
6⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
5⤵
- Program crash
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
4⤵
- Program crash
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
2⤵
- Program crash
PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe

Filesize
184KB

MD5
9f505fcd3b598c4e3e8143f430aebd74

SHA1
1306c64111927f6518607dee9b81f573530c659b

SHA256
06fa9f7eff14f82301e9fb133e6befb6f3480951ec59500ad41bdd49f1b36e33

SHA512
440b53bcf9a53fef11d7b0d7ff4e255a0af5218cd6478aa97565f8292fb69e34072239ab3166f52e5c7864c14dee54f0e926fff97cec654edf5de7abc1cd32cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe

Filesize
184KB

MD5
a568987c6c23341de3ffbc0e870881a0

SHA1
377b58fc774e73d6e4838bb61d7baaeca9270519

SHA256
bbf8e01dadb672532c0f2ece2d16dcf3de93f0d9996947bf73ddff13a968b838

SHA512
ba4423afd476cdf1d535e40b7a6ddd4ee968bb9de032f50b75d8f3bdaaa873f2cca68e9e68a34757d2f86b33968f246d5339012cffdb74371d2026c03394635c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe

Filesize
184KB

MD5
94f6ee97d9f4087f83e77ad0131f1c7d

SHA1
f3a1da8c149a6b84ae1a65af8b145508154741c7

SHA256
3e4866a1ac229fb0a01e59a3e7ae3e05f11144db57573b7b961b856767d99a80

SHA512
3001d60d0ec4acee172f61da9e6b51fe493fc2e82bbaae2e471cb631ac0be294166dd46b9766b824cad7612adfb0c618af897c70825167bdf63546100ccd68ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe

Filesize
184KB

MD5
a458529a2f070f5db448b1923b6103f4

SHA1
cc710d0474f561b913cea1baf5155ec87d3f264a

SHA256
bd2d7535f3e3ddc5d26bcaab9ab20b08fcbdb50de5a9c3d8e6b6292fa1cf73d8

SHA512
bc0c614af57ebb37b40b70dc8a0c327f18f301fd61d47799cd780939873fd836b5bb786a6e7b7fd30cb741c38792e48b7bf5b79c265fa497109145df0a7bd61e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48347.exe

Filesize
184KB

MD5
00a06e08712d3bd5671b08f9754acc87

SHA1
df84e30560c53b777957120a63ebb2ec23547385

SHA256
6337f7134be6c67ca42c3bb6d255fcd6ec625cb3e6ab2d59d2e03ba59cc02ab5

SHA512
85475b19b7b5c31507eb0427affcc44bd4893c1a7db2626fd374ba1d218febe22127535294505966e0c4a4ba2866934b488c69712e666ea1e042ebe0bb75d3c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe

Filesize
184KB

MD5
a613896cc8d323bda635b0692b5f3395

SHA1
abeafaf44ec8191e0e4948bc8727fb94ec21e9a4

SHA256
2f6814b01ecd3f5419624fba54b203abe7793f8065e3d432d02f1d3134c63136

SHA512
059963ff695c27735633d3b88b77dc9199ba05c1133ca26ef21c5c980590b4c396e9d22499bfdb040ba8546489de55985dbe4c6edcf9ff0d53916f694144d729

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe

Filesize
184KB

MD5
1e9f7b1276d051668ac096996ebbf9bc

SHA1
a89a2d317b9317d917ffb4f6016d9bb52779bf85

SHA256
869f0bf15a5658388888312b270c2d344fea9efa370e2ec363b74859b6b9840b

SHA512
6909caa7cbb8c376d08b2d24b8d08491c83b3f4e3f9621b46aeee1a431c81e4dace1c7bcb51657b919243595b451a7e70f372c9583db2fdb954f3d6caef0f2d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe

Filesize
184KB

MD5
c0fcb1ec9b80c9a11a7b3947d3933088

SHA1
dda7b315e4c4cdc508193bad73563899d115576a

SHA256
2006d8bbd5ebb9f3db5162649923aebc284630eb3c4ff893fe353b759e5fa967

SHA512
a0da4e3cd7609d897b3cdf3feda405abe96e3b7d4ababc8aeffa79c3e0613684e01e6fdabe49a4f15bfea0c55406cf84e34ce805726f104a5a05858cf324f4eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe

Filesize
184KB

MD5
986683875a93bc70f94bc1015d554085

SHA1
33f6a550eaee67bbf6c6501b59c56299b637de76

SHA256
4985e6a525c63a316605346f2a5e0e244ef455076265b466d193751f361bb79b

SHA512
4a60be6f6e2ebd2f7461aa684dfdafc500f148ed815c1f215b70c203355dfd635f7c504cde403d01a6485be4f7cc212c768d133ba05ec736019687313070924c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe

Filesize
184KB

MD5
566ab92d816a20d0426e3033a6f262ec

SHA1
0b72dac473081e8f50ef92e52b7ab9abb21349ab

SHA256
8f3ea4746c9c740241021162920087e3a2ae02ad1892be72fdfb81c173492451

SHA512
e3470dd6347475dfd2bb1cf6f00e14bfc0fdc5e5d2eef2e4ac94e1b538e04ec78a37d8f1d4eb869f19b6c65a1e7fc34644f9aae40c3d7f325ad6ae6eeeb14ccd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe

Filesize
184KB

MD5
8ae75cd85ee934fb85bca95be076d207

SHA1
2d3eea3c8de57e86a3836581336387bd954dcbe4

SHA256
a198bcf3c8f151fc38ae22ab5f016e3af8f6050d86736d8cc80e24bafa0f0424

SHA512
5506dd68e977ed707d58fac27de788f2db0f7ece6a13042a07907c290fee877b50caa2ec79767f0a1e8701058420b3ce83d2ee7427051257d379088173cf4d3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe

Filesize
184KB

MD5
ebce2c6e13a50a143a2bf2f93b7ffe5b

SHA1
17e9b07d31909949d54bc486569d844231d19362

SHA256
f3f8fa732830f77702a21cef55fab462199e54a1b5e9352f1a2b06bc5213bfdb

SHA512
92d2e500ed5938f1526297559f0faad04f0eb794aff3d6c36430ba61f0ae8aeabf222533bb24613745edb7682c3ac81b0189d3a440b018df327e5bb417917fab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30536.exe

Filesize
184KB

MD5
39e59290087edc4b7930ce73acf0434b

SHA1
9ee2b66154b191f0c3dfd2a1ab755d9c7bc071df

SHA256
c9dc36294b399a5e56255ccd53e1232ae57524042bb1117ffe7c335d323c322f

SHA512
113b16780acfafbd523afc2cadc7443050b4ebda4fdb6ff5711b031495f612378a132ae22319d8bc5cc298cc4c00591a657c1674c97d80e090eb4126525bd247

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe

Filesize
184KB

MD5
b2931169f92e3e9c9ba86c4e9823a74a

SHA1
0d1c6bb65d18feb0c9ec251342e18c3177c6c055

SHA256
f71af6f0734cf0be38acfa94fbe2a32b885ee47b6ce3ceda840be35f76a49b7e

SHA512
ebf1d761e736ed60c91c2d8164d0ece974319c8be7c53812577b13d870e1ad006bac6c004cb40ab945211f706b795054faa8cd3a5671887af8bc2b9a1da5fdcf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe

Filesize
184KB

MD5
cd720401de5357a376f29c0b8a77b411

SHA1
d1150c5da1c7f3d5c654b46d5dcbf1d144cf6407

SHA256
ce2a00106acefaa68cf9dbc45d2e1067cfde7e6ca5b76f2ff18a9be71aaf75fc

SHA512
0dcbcab1a94e034fed9bc7979a229b29b3a53f46cb3dac02f285cbd384618bdadb784d29f825971495a911a8b6021bc44641adbfba18592ee8f2ac3e06b20486

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe

Filesize
184KB

MD5
03929a53e85c0ce4ba01e27426dfe5ab

SHA1
f21103c1e0e911026fd72da70beafb55e4986053

SHA256
6521129d458d6319084ca89a28dd664c762b1216a6a0bfdca60045cb303d9c4b

SHA512
7340855e63625793c72349079366ad607fc2abdffde37ce49a8f970d50025ab5635af4ef7570defc8e625cfb75c3d6fb94a72bf0782807430c7a6534cf5bba68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe

Filesize
184KB

MD5
4c73d41e7f35389077f9e479ed1198e0

SHA1
e3593e7fb408b1d69a0a76fb64d3742dc83affe1

SHA256
3e10e46e5518e647d3c65f27db995d490a3828a3d40ebdfda095970ebbb1a3aa

SHA512
a84f65f585f676663e43170aef844c51558f7c0bdefd67ec97c36d68796678e6e9b8c2564ef01b632c00cacd0178118347eb7c548b43578ee2738e79a0a4486e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe

Filesize
184KB

MD5
bca24af11f36b3392e8e84f80dc59616

SHA1
f08fa106728c84dc5c656264c5c9ad7c25d11d93

SHA256
88ce4a8c902ce792b22f22a7d0ce1033aa47a62ee60a83fda979f8e90a3df929

SHA512
0496a90b14614c8a21c414bd731e4bf74808c1c794e5d351ce53baba717b0229b0cf1988ac796bed7300f99c091fd0bc9cabbe060a1384b7d00731d7299a7c6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe

Filesize
184KB

MD5
c478fd36c5417e66f42d066edad90a70

SHA1
c29380fe8a83af984c61325d0d63dc19cb31453a

SHA256
8f7450061edfe93ca0085dde4f6b31673904136f99dedb81f4ebebbc019cf358

SHA512
c8234ceb2a9a9c27d61e74ea51fc45b1880c51a8236020aba88f3fa6b16fe284168da2ee0217bfffcdcee79b6e0a88dcbd304c08af44badcf2c5293dbcb617d0

Download Submit