72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe
Size

184KB
MD5

99f0bca0dbdf297146f97ddd091cc6c8
SHA1

2debcaa44fa6de0c7cf40b2273406b21a6479675
SHA256

72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba
SHA512

6765e8fb2c04e677bc0f5ca29b0922fde66adc377b9f479c2af8e57c8bb9d765674117b2ab3c047c09b15f6a671871c54a43ac6f36463685fcda913d53e519cc
SSDEEP

3072:2R5QScozdlazdpjYej7Yp2NhIK4YIhVWF0ZvU5ClFcvhlnVOF2nT:2REoeppjrYkNhIqKnChlnVOF2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-47042.exeUnicorn-38765.exeUnicorn-49626.exeUnicorn-986.exeUnicorn-20015.exeUnicorn-5070.exeUnicorn-17598.exeUnicorn-52408.exeUnicorn-21682.exeUnicorn-5900.exeUnicorn-28458.exeUnicorn-40239.exeUnicorn-20373.exeUnicorn-43830.exeUnicorn-37285.exeUnicorn-38677.exeUnicorn-7950.exeUnicorn-12034.exeUnicorn-61790.exeUnicorn-27577.exeUnicorn-38437.exeUnicorn-58303.exeUnicorn-39829.exeUnicorn-39829.exeUnicorn-50690.exeUnicorn-28131.exeUnicorn-47997.exeUnicorn-52081.exeUnicorn-62942.exeUnicorn-21355.exeUnicorn-1489.exeUnicorn-25631.exeUnicorn-23576.exeUnicorn-62470.exeUnicorn-7794.exeUnicorn-35828.exeUnicorn-21630.exeUnicorn-5848.exeUnicorn-56440.exeUnicorn-9932.exeUnicorn-60524.exeUnicorn-42050.exeUnicorn-52911.exeUnicorn-45942.exeUnicorn-56803.exeUnicorn-15215.exeUnicorn-34244.exeUnicorn-54110.exeUnicorn-64971.exeUnicorn-19300.exeUnicorn-63586.exeUnicorn-47997.exeUnicorn-5703.exeUnicorn-5703.exeUnicorn-7094.exeUnicorn-31791.exeUnicorn-16009.exeUnicorn-48703.exeUnicorn-6279.exeUnicorn-26145.exeUnicorn-41089.exeUnicorn-60955.exeUnicorn-34313.exeUnicorn-65039.exe

pid	process
2840	Unicorn-47042.exe
2576	Unicorn-38765.exe
2528	Unicorn-49626.exe
2560	Unicorn-986.exe
1656	Unicorn-20015.exe
2456	Unicorn-5070.exe
1356	Unicorn-17598.exe
320	Unicorn-52408.exe
1540	Unicorn-21682.exe
1796	Unicorn-5900.exe
1584	Unicorn-28458.exe
1204	Unicorn-40239.exe
2416	Unicorn-20373.exe
1844	Unicorn-43830.exe
2748	Unicorn-37285.exe
540	Unicorn-38677.exe
1412	Unicorn-7950.exe
1260	Unicorn-12034.exe
908	Unicorn-61790.exe
1248	Unicorn-27577.exe
944	Unicorn-38437.exe
1892	Unicorn-58303.exe
856	Unicorn-39829.exe
896	Unicorn-39829.exe
1136	Unicorn-50690.exe
2964	Unicorn-28131.exe
1824	Unicorn-47997.exe
2292	Unicorn-52081.exe
1932	Unicorn-62942.exe
1728	Unicorn-21355.exe
2892	Unicorn-1489.exe
1528	Unicorn-25631.exe
2484	Unicorn-23576.exe
2736	Unicorn-62470.exe
2544	Unicorn-7794.exe
2988	Unicorn-35828.exe
2144	Unicorn-21630.exe
1264	Unicorn-5848.exe
2676	Unicorn-56440.exe
328	Unicorn-9932.exe
108	Unicorn-60524.exe
2308	Unicorn-42050.exe
1992	Unicorn-52911.exe
1004	Unicorn-45942.exe
2236	Unicorn-56803.exe
1688	Unicorn-15215.exe
2172	Unicorn-34244.exe
1620	Unicorn-54110.exe
1632	Unicorn-64971.exe
2056	Unicorn-19300.exe
792	Unicorn-63586.exe
284	Unicorn-47997.exe
2092	Unicorn-5703.exe
2176	Unicorn-5703.exe
1916	Unicorn-7094.exe
2152	Unicorn-31791.exe
2300	Unicorn-16009.exe
1524	Unicorn-48703.exe
1944	Unicorn-6279.exe
2340	Unicorn-26145.exe
2524	Unicorn-41089.exe
2440	Unicorn-60955.exe
2408	Unicorn-34313.exe
1128	Unicorn-65039.exe

Loads dropped DLL 64 IoCs

Processes:

72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exeUnicorn-47042.exeUnicorn-38765.exeUnicorn-49626.exeWerFault.exeUnicorn-986.exeUnicorn-20015.exeUnicorn-5070.exeWerFault.exeWerFault.exeUnicorn-17598.exeUnicorn-52408.exeUnicorn-5900.exeUnicorn-28458.exeUnicorn-21682.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe
2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe
2840	Unicorn-47042.exe
2840	Unicorn-47042.exe
2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe
2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe
2576	Unicorn-38765.exe
2840	Unicorn-47042.exe
2576	Unicorn-38765.exe
2840	Unicorn-47042.exe
2528	Unicorn-49626.exe
2528	Unicorn-49626.exe
1428	WerFault.exe
1428	WerFault.exe
1428	WerFault.exe
1428	WerFault.exe
1428	WerFault.exe
2560	Unicorn-986.exe
2560	Unicorn-986.exe
1656	Unicorn-20015.exe
1656	Unicorn-20015.exe
2456	Unicorn-5070.exe
2456	Unicorn-5070.exe
2528	Unicorn-49626.exe
2528	Unicorn-49626.exe
2576	Unicorn-38765.exe
2576	Unicorn-38765.exe
2276	WerFault.exe
2276	WerFault.exe
2276	WerFault.exe
2276	WerFault.exe
2276	WerFault.exe
1124	WerFault.exe
1124	WerFault.exe
1124	WerFault.exe
1124	WerFault.exe
1124	WerFault.exe
1356	Unicorn-17598.exe
2560	Unicorn-986.exe
1356	Unicorn-17598.exe
2560	Unicorn-986.exe
320	Unicorn-52408.exe
320	Unicorn-52408.exe
2456	Unicorn-5070.exe
2456	Unicorn-5070.exe
1796	Unicorn-5900.exe
1796	Unicorn-5900.exe
1584	Unicorn-28458.exe
1584	Unicorn-28458.exe
1540	Unicorn-21682.exe
1540	Unicorn-21682.exe
1656	Unicorn-20015.exe
1656	Unicorn-20015.exe
952	WerFault.exe
952	WerFault.exe
952	WerFault.exe
952	WerFault.exe
952	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2412	2220	WerFault.exe	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe
1428	2840	WerFault.exe	Unicorn-47042.exe
2276	2576	WerFault.exe	Unicorn-38765.exe
1124	2528	WerFault.exe	Unicorn-49626.exe
952	2560	WerFault.exe	Unicorn-986.exe
1308	1656	WerFault.exe	Unicorn-20015.exe
3032	2456	WerFault.exe	Unicorn-5070.exe
2984	1356	WerFault.exe	Unicorn-17598.exe
1608	320	WerFault.exe	Unicorn-52408.exe
2568	1796	WerFault.exe	Unicorn-5900.exe
2496	1584	WerFault.exe	Unicorn-28458.exe
2388	1540	WerFault.exe	Unicorn-21682.exe
2436	2416	WerFault.exe	Unicorn-20373.exe
1184	1204	WerFault.exe	Unicorn-40239.exe
2904	1844	WerFault.exe	Unicorn-43830.exe
2948	2748	WerFault.exe	Unicorn-37285.exe
1696	540	WerFault.exe	Unicorn-38677.exe
912	1412	WerFault.exe	Unicorn-7950.exe
1952	1260	WerFault.exe	Unicorn-12034.exe
1432	908	WerFault.exe	Unicorn-61790.exe
536	2172	WerFault.exe	Unicorn-34244.exe
1644	1892	WerFault.exe	Unicorn-58303.exe
1500	944	WerFault.exe	Unicorn-38437.exe
2508	896	WerFault.exe	Unicorn-39829.exe
2372	856	WerFault.exe	Unicorn-39829.exe
2452	1136	WerFault.exe	Unicorn-50690.exe
2624	1728	WerFault.exe	Unicorn-21355.exe
2636	2292	WerFault.exe	Unicorn-52081.exe
2124	2892	WerFault.exe	Unicorn-1489.exe
2324	1528	WerFault.exe	Unicorn-25631.exe
1456	1932	WerFault.exe	Unicorn-62942.exe
2704	1824	WerFault.exe	Unicorn-47997.exe
3236	2484	WerFault.exe	Unicorn-23576.exe
3356	2544	WerFault.exe	Unicorn-7794.exe
3424	2736	WerFault.exe	Unicorn-62470.exe
3448	2988	WerFault.exe	Unicorn-35828.exe
3464	328	WerFault.exe	Unicorn-9932.exe
3488	1264	WerFault.exe	Unicorn-5848.exe
3508	2144	WerFault.exe	Unicorn-21630.exe
3536	2236	WerFault.exe	Unicorn-56803.exe
3628	1992	WerFault.exe	Unicorn-52911.exe
3636	2676	WerFault.exe	Unicorn-56440.exe
3388	1632	WerFault.exe	Unicorn-64971.exe
3432	1620	WerFault.exe	Unicorn-54110.exe
3696	792	WerFault.exe	Unicorn-63586.exe
3276	2308	WerFault.exe	Unicorn-42050.exe
3668	2340	WerFault.exe	Unicorn-26145.exe
3768	624	WerFault.exe	Unicorn-54925.exe
3776	2012	WerFault.exe	Unicorn-39143.exe
3840	1232	WerFault.exe	Unicorn-16031.exe
3844	1840	WerFault.exe	Unicorn-63093.exe
3892	2056	WerFault.exe	Unicorn-19300.exe
3932	3036	WerFault.exe	Unicorn-39143.exe
4000	828	WerFault.exe	Unicorn-51396.exe
4012	1788	WerFault.exe	Unicorn-57426.exe
3076	2112	WerFault.exe	Unicorn-11754.exe
3112	1492	WerFault.exe	Unicorn-26699.exe
3156	356	WerFault.exe	Unicorn-47312.exe
3176	1688	WerFault.exe	Unicorn-15215.exe
3232	108	WerFault.exe	Unicorn-60524.exe
3316	1004	WerFault.exe	Unicorn-45942.exe
3692	2524	WerFault.exe	Unicorn-41089.exe
3780	1128	WerFault.exe	Unicorn-65039.exe
3084	756	WerFault.exe	Unicorn-42481.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exeUnicorn-47042.exeUnicorn-38765.exeUnicorn-49626.exeUnicorn-986.exeUnicorn-20015.exeUnicorn-5070.exeUnicorn-17598.exeUnicorn-52408.exeUnicorn-5900.exeUnicorn-28458.exeUnicorn-21682.exeUnicorn-20373.exeUnicorn-40239.exeUnicorn-43830.exeUnicorn-37285.exeUnicorn-38677.exeUnicorn-7950.exeUnicorn-12034.exeUnicorn-61790.exeUnicorn-27577.exeUnicorn-38437.exeUnicorn-58303.exeUnicorn-39829.exeUnicorn-39829.exeUnicorn-50690.exeUnicorn-52081.exeUnicorn-47997.exeUnicorn-28131.exeUnicorn-21355.exeUnicorn-62942.exeUnicorn-1489.exeUnicorn-25631.exeUnicorn-23576.exeUnicorn-7794.exeUnicorn-62470.exeUnicorn-35828.exeUnicorn-21630.exeUnicorn-5848.exeUnicorn-56440.exeUnicorn-9932.exeUnicorn-60524.exeUnicorn-42050.exeUnicorn-45942.exeUnicorn-52911.exeUnicorn-56803.exeUnicorn-15215.exeUnicorn-19300.exeUnicorn-34244.exeUnicorn-54110.exeUnicorn-64971.exeUnicorn-63586.exeUnicorn-47997.exeUnicorn-5703.exeUnicorn-5703.exeUnicorn-7094.exeUnicorn-31791.exeUnicorn-16009.exeUnicorn-48703.exeUnicorn-6279.exeUnicorn-26145.exeUnicorn-34313.exeUnicorn-41089.exeUnicorn-60955.exe

pid	process
2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe
2840	Unicorn-47042.exe
2576	Unicorn-38765.exe
2528	Unicorn-49626.exe
2560	Unicorn-986.exe
1656	Unicorn-20015.exe
2456	Unicorn-5070.exe
1356	Unicorn-17598.exe
320	Unicorn-52408.exe
1796	Unicorn-5900.exe
1584	Unicorn-28458.exe
1540	Unicorn-21682.exe
2416	Unicorn-20373.exe
1204	Unicorn-40239.exe
1844	Unicorn-43830.exe
2748	Unicorn-37285.exe
540	Unicorn-38677.exe
1412	Unicorn-7950.exe
1260	Unicorn-12034.exe
908	Unicorn-61790.exe
1248	Unicorn-27577.exe
944	Unicorn-38437.exe
1892	Unicorn-58303.exe
856	Unicorn-39829.exe
896	Unicorn-39829.exe
1136	Unicorn-50690.exe
2292	Unicorn-52081.exe
1824	Unicorn-47997.exe
2964	Unicorn-28131.exe
1728	Unicorn-21355.exe
1932	Unicorn-62942.exe
2892	Unicorn-1489.exe
1528	Unicorn-25631.exe
2484	Unicorn-23576.exe
2544	Unicorn-7794.exe
2736	Unicorn-62470.exe
2988	Unicorn-35828.exe
2144	Unicorn-21630.exe
1264	Unicorn-5848.exe
2676	Unicorn-56440.exe
328	Unicorn-9932.exe
108	Unicorn-60524.exe
2308	Unicorn-42050.exe
1004	Unicorn-45942.exe
1992	Unicorn-52911.exe
2236	Unicorn-56803.exe
1688	Unicorn-15215.exe
2056	Unicorn-19300.exe
2172	Unicorn-34244.exe
1620	Unicorn-54110.exe
1632	Unicorn-64971.exe
792	Unicorn-63586.exe
284	Unicorn-47997.exe
2092	Unicorn-5703.exe
2176	Unicorn-5703.exe
1916	Unicorn-7094.exe
2152	Unicorn-31791.exe
2300	Unicorn-16009.exe
1524	Unicorn-48703.exe
1944	Unicorn-6279.exe
2340	Unicorn-26145.exe
2408	Unicorn-34313.exe
2524	Unicorn-41089.exe
2440	Unicorn-60955.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exeUnicorn-47042.exeUnicorn-38765.exeUnicorn-49626.exeUnicorn-986.exeUnicorn-20015.exeUnicorn-5070.exeUnicorn-17598.exe

description	pid	process	target process
PID 2220 wrote to memory of 2840	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	Unicorn-47042.exe
PID 2220 wrote to memory of 2840	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	Unicorn-47042.exe
PID 2220 wrote to memory of 2840	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	Unicorn-47042.exe
PID 2220 wrote to memory of 2840	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	Unicorn-47042.exe
PID 2840 wrote to memory of 2576	2840	Unicorn-47042.exe	Unicorn-38765.exe
PID 2840 wrote to memory of 2576	2840	Unicorn-47042.exe	Unicorn-38765.exe
PID 2840 wrote to memory of 2576	2840	Unicorn-47042.exe	Unicorn-38765.exe
PID 2840 wrote to memory of 2576	2840	Unicorn-47042.exe	Unicorn-38765.exe
PID 2220 wrote to memory of 2528	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	Unicorn-49626.exe
PID 2220 wrote to memory of 2528	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	Unicorn-49626.exe
PID 2220 wrote to memory of 2528	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	Unicorn-49626.exe
PID 2220 wrote to memory of 2528	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	Unicorn-49626.exe
PID 2220 wrote to memory of 2412	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	WerFault.exe
PID 2220 wrote to memory of 2412	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	WerFault.exe
PID 2220 wrote to memory of 2412	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	WerFault.exe
PID 2220 wrote to memory of 2412	2220	72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe	WerFault.exe
PID 2576 wrote to memory of 2560	2576	Unicorn-38765.exe	Unicorn-986.exe
PID 2576 wrote to memory of 2560	2576	Unicorn-38765.exe	Unicorn-986.exe
PID 2576 wrote to memory of 2560	2576	Unicorn-38765.exe	Unicorn-986.exe
PID 2576 wrote to memory of 2560	2576	Unicorn-38765.exe	Unicorn-986.exe
PID 2840 wrote to memory of 1656	2840	Unicorn-47042.exe	Unicorn-20015.exe
PID 2840 wrote to memory of 1656	2840	Unicorn-47042.exe	Unicorn-20015.exe
PID 2840 wrote to memory of 1656	2840	Unicorn-47042.exe	Unicorn-20015.exe
PID 2840 wrote to memory of 1656	2840	Unicorn-47042.exe	Unicorn-20015.exe
PID 2528 wrote to memory of 2456	2528	Unicorn-49626.exe	Unicorn-5070.exe
PID 2528 wrote to memory of 2456	2528	Unicorn-49626.exe	Unicorn-5070.exe
PID 2528 wrote to memory of 2456	2528	Unicorn-49626.exe	Unicorn-5070.exe
PID 2528 wrote to memory of 2456	2528	Unicorn-49626.exe	Unicorn-5070.exe
PID 2840 wrote to memory of 1428	2840	Unicorn-47042.exe	WerFault.exe
PID 2840 wrote to memory of 1428	2840	Unicorn-47042.exe	WerFault.exe
PID 2840 wrote to memory of 1428	2840	Unicorn-47042.exe	WerFault.exe
PID 2840 wrote to memory of 1428	2840	Unicorn-47042.exe	WerFault.exe
PID 2560 wrote to memory of 1356	2560	Unicorn-986.exe	Unicorn-17598.exe
PID 2560 wrote to memory of 1356	2560	Unicorn-986.exe	Unicorn-17598.exe
PID 2560 wrote to memory of 1356	2560	Unicorn-986.exe	Unicorn-17598.exe
PID 2560 wrote to memory of 1356	2560	Unicorn-986.exe	Unicorn-17598.exe
PID 1656 wrote to memory of 1540	1656	Unicorn-20015.exe	Unicorn-21682.exe
PID 1656 wrote to memory of 1540	1656	Unicorn-20015.exe	Unicorn-21682.exe
PID 1656 wrote to memory of 1540	1656	Unicorn-20015.exe	Unicorn-21682.exe
PID 1656 wrote to memory of 1540	1656	Unicorn-20015.exe	Unicorn-21682.exe
PID 2456 wrote to memory of 320	2456	Unicorn-5070.exe	Unicorn-52408.exe
PID 2456 wrote to memory of 320	2456	Unicorn-5070.exe	Unicorn-52408.exe
PID 2456 wrote to memory of 320	2456	Unicorn-5070.exe	Unicorn-52408.exe
PID 2456 wrote to memory of 320	2456	Unicorn-5070.exe	Unicorn-52408.exe
PID 2528 wrote to memory of 1796	2528	Unicorn-49626.exe	Unicorn-5900.exe
PID 2528 wrote to memory of 1796	2528	Unicorn-49626.exe	Unicorn-5900.exe
PID 2528 wrote to memory of 1796	2528	Unicorn-49626.exe	Unicorn-5900.exe
PID 2528 wrote to memory of 1796	2528	Unicorn-49626.exe	Unicorn-5900.exe
PID 2576 wrote to memory of 1584	2576	Unicorn-38765.exe	Unicorn-28458.exe
PID 2576 wrote to memory of 1584	2576	Unicorn-38765.exe	Unicorn-28458.exe
PID 2576 wrote to memory of 1584	2576	Unicorn-38765.exe	Unicorn-28458.exe
PID 2576 wrote to memory of 1584	2576	Unicorn-38765.exe	Unicorn-28458.exe
PID 2576 wrote to memory of 2276	2576	Unicorn-38765.exe	WerFault.exe
PID 2576 wrote to memory of 2276	2576	Unicorn-38765.exe	WerFault.exe
PID 2576 wrote to memory of 2276	2576	Unicorn-38765.exe	WerFault.exe
PID 2576 wrote to memory of 2276	2576	Unicorn-38765.exe	WerFault.exe
PID 2528 wrote to memory of 1124	2528	Unicorn-49626.exe	WerFault.exe
PID 2528 wrote to memory of 1124	2528	Unicorn-49626.exe	WerFault.exe
PID 2528 wrote to memory of 1124	2528	Unicorn-49626.exe	WerFault.exe
PID 2528 wrote to memory of 1124	2528	Unicorn-49626.exe	WerFault.exe
PID 1356 wrote to memory of 1204	1356	Unicorn-17598.exe	Unicorn-40239.exe
PID 1356 wrote to memory of 1204	1356	Unicorn-17598.exe	Unicorn-40239.exe
PID 1356 wrote to memory of 1204	1356	Unicorn-17598.exe	Unicorn-40239.exe
PID 1356 wrote to memory of 1204	1356	Unicorn-17598.exe	Unicorn-40239.exe

C:\Users\Admin\AppData\Local\Temp\72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe
"C:\Users\Admin\AppData\Local\Temp\72484208d835735a4273fa543860edb74f424a06d34cb173976d8a8de9249eba.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
10⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-10467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10467.exe
11⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
12⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-22772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22772.exe
13⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
14⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
15⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
15⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
14⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
13⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
12⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
11⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
10⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
11⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
12⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
13⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
14⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
14⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
13⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
12⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
11⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
10⤵
- Program crash
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
9⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
10⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
11⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
12⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
13⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
14⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
14⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
13⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
12⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
11⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
10⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
9⤵
- Program crash
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
9⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
10⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
11⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
12⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
13⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-58857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58857.exe
14⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
13⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
12⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
11⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
10⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
11⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-61952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61952.exe
12⤵
PID:9552

C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
13⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
12⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
11⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
10⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
9⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
8⤵
- Program crash
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
7⤵
- Program crash
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-38437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-27297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27297.exe
9⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
10⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-60156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60156.exe
11⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
12⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17604.exe
13⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
14⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
13⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
12⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
11⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
10⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
9⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
10⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
11⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
12⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
13⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 236
12⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
11⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
10⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
8⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
10⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
11⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-18071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18071.exe
12⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
13⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
12⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
11⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
9⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
8⤵
- Program crash
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
10⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
11⤵
PID:9356

C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
12⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
11⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
10⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
8⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
7⤵
- Program crash
PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
6⤵
- Program crash
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-20373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20373.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
9⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
10⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
11⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
12⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
13⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-31312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31312.exe
14⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 236
13⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 236
12⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
11⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
10⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
11⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe
12⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
13⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
12⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
11⤵
PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
8⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
10⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
11⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
12⤵
PID:9396

C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
13⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 216
13⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
12⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
11⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
9⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
8⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
11⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
12⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
13⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
12⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
11⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46612.exe
10⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
11⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
12⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
11⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
10⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
8⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
8⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
10⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-46612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46612.exe
11⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
12⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
13⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
12⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
11⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-35844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35844.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
10⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
11⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
12⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
11⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
10⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
8⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
7⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
10⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-49461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49461.exe
11⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
12⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 236
11⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
10⤵
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
8⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
7⤵
- Program crash
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
6⤵
- Program crash
PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-60955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60955.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
9⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
10⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
11⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-26995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26995.exe
12⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
13⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-37342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37342.exe
14⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
13⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
12⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
11⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-16737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16737.exe
11⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 236
12⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
11⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
8⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
10⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
11⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
12⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
12⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
11⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
10⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
9⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
8⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
7⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
9⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
10⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
10⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
11⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
12⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 216
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
11⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 220
10⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
10⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
11⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 236
11⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
10⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
9⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
8⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
7⤵
- Program crash
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
7⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
8⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
11⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
12⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
13⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
12⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
11⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
10⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
9⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
10⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-57541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57541.exe
11⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
12⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
11⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
10⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
9⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 220
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
7⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-35294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35294.exe
10⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 236
11⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 236
10⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
8⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
7⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
6⤵
- Program crash
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
7⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
10⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
11⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
12⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
10⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
9⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
8⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
7⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
8⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
9⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
10⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
10⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 236
9⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
8⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
6⤵
- Program crash
PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
5⤵
- Program crash
PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
8⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
9⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
11⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
12⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
13⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
13⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 236
12⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
11⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
10⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 236
9⤵
- Program crash
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
8⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
9⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
10⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
11⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
12⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
11⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
10⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
9⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
8⤵
- Program crash
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
7⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
8⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
11⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-65216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65216.exe
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
12⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
9⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
8⤵
- Program crash
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
7⤵
- Program crash
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
7⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
8⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
11⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
12⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\Unicorn-33834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33834.exe
13⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
12⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
11⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
10⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
9⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
9⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
10⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
11⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
11⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
10⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
8⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
7⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
9⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
10⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
11⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
11⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 236
10⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
9⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
8⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
7⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
6⤵
- Program crash
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
7⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-20878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20878.exe
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
10⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
11⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
12⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
11⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
8⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
7⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
9⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-14889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14889.exe
10⤵
PID:9420

C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
11⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
10⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
9⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
8⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
7⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
6⤵
- Program crash
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
5⤵
- Program crash
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-15215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15215.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
10⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
11⤵
PID:9852

C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
12⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
11⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
10⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
7⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
8⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
9⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
10⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
11⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
11⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
10⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
9⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
8⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
6⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-53062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53062.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-43768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43768.exe
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-9419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9419.exe
10⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
11⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
11⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
10⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
9⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 216
8⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
7⤵
- Program crash
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 220
6⤵
- Program crash
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 220
6⤵
- Program crash
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
5⤵
- Program crash
PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-5070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5070.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-52408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52408.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
9⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
10⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
11⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-7582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7582.exe
12⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
13⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
13⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
12⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
11⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
10⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
9⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
8⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
9⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-37349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37349.exe
11⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
12⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
12⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
11⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
10⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
9⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
8⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
8⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
10⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-55974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55974.exe
12⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
11⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
10⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
9⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
8⤵
- Program crash
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
7⤵
- Program crash
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
8⤵
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
10⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
11⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
12⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
11⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
10⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
8⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-54878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54878.exe
7⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
10⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 236
11⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
10⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
8⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 220
7⤵
- Program crash
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
6⤵
- Program crash
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
7⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
8⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
9⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exe
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
11⤵
PID:8596

C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
12⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
12⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
11⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 216
9⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
8⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
7⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
8⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-11287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11287.exe
9⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
10⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 220
11⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
10⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
9⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
8⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 220
7⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
6⤵
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
7⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
10⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
11⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
10⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
9⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 216
8⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 216
7⤵
- Program crash
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
6⤵
- Program crash
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
5⤵
- Program crash
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-21630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21630.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-16031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16031.exe
7⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
8⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
10⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
11⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
12⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
12⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
11⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
10⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
9⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
8⤵
- Program crash
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 216
7⤵
- Program crash
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
6⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
7⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-59144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59144.exe
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
10⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
11⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
11⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
10⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
9⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
8⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
7⤵
- Program crash
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
6⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
6⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
7⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
10⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-21060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21060.exe
11⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
11⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
10⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
8⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
7⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 220
7⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
6⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
7⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
8⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
9⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
10⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
10⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
9⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
8⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
7⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
6⤵
- Program crash
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
5⤵
- Program crash
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
7⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
8⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-16633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16633.exe
10⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
11⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
12⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
11⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 236
10⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 236
8⤵
- Program crash
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
7⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
8⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exe
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
10⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
11⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
11⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
10⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
9⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
8⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
7⤵
- Program crash
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
6⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
7⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
8⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
9⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
10⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
11⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
11⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
10⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
8⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
7⤵
- Program crash
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
6⤵
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-64971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64971.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
6⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
7⤵
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
8⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
9⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
10⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
11⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
11⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
10⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
9⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 236
8⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
7⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
6⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
7⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
8⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
9⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
10⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
10⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
7⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
6⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
5⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
6⤵
- Executes dropped EXE
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-5942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5942.exe
9⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
10⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-40681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40681.exe
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 220
11⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 236
10⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
9⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
8⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
7⤵
- Program crash
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
6⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
7⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
8⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
9⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
10⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 236
10⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
9⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
8⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
7⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
6⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
5⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
6⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
7⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-4105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4105.exe
8⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
9⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
10⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 236
10⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 236
9⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
8⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
7⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
6⤵
- Program crash
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
4⤵
- Program crash
PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
2⤵
- Program crash
PID:2412

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
Filesize
184KB

MD5
d67b708c24cc08cd287b01feab418b39

SHA1
fc663b591f1c40e1ef41c9fd9213aedbf6221de3

SHA256
e095502d99b8dcf062d50d608ab88c7c0a162b9bbe822d1545840cea51f7cbed

SHA512
9fc46975754e54020c698571775d9fe0bf5de04e6d460fac571bac2398d780374714373933ab527af937c5312d03404056b69a84d94e94f2c753c57deb43cf50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exe
Filesize
184KB

MD5
13225902cddb0b8555139a861beb55c1

SHA1
669f09449bf0cf5b3494428d33ba6c6369809df1

SHA256
4d8d6fae94a376dffa94c1b4d8b9a250ed6d8ea78705e493f5e4ae4a1470c8e1

SHA512
9230e08e9288ecc87920b8c31c3ca0b4ac58b89877fe3bf1747f6ab822c8f87a37d68c24a711dc37b45e9037d54c95cc502fbd08c2d3453069310fe1d3acf80c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
Filesize
184KB

MD5
ea1105e965b41c2f8b4a7b2da2e350f9

SHA1
be04d4622faf3968fdbf172e416f6ccd4e026baa

SHA256
f239f1700359d4e031ebe1eb03b4de397f04fe70e89e41f40b7b6c99acf674bf

SHA512
01b1783c19c44e23dd03230ed4fb7ec350343c0eb78eb7875e855f289a60e981aa3d9bff73bee5ba94ecbb6d5b221354796a5cecd5c58d10ffc7b01b6d121935

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
Filesize
184KB

MD5
c83568be570a0ef8038a5e2e4208a593

SHA1
b3d48900388a9eaee8b8ad063a1d787d1d6b2fd6

SHA256
1049bd8479341e81df35274f781c0bde7b0cc0739f6e30c68f53d30035acfc29

SHA512
c3d4e9ae00b41664260a8616d001a27f3316aa26b9f2273b554974efbcd5dcf980c95faf83a314e502643e1e6a786a8c097a1440984c4bc3fb2eb78a9f6f8813

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
Filesize
184KB

MD5
239d031cf7513612f74d89dafd09ac57

SHA1
f3b01bcc12d8a8008af6e293bd2c95692d0c4cfc

SHA256
d5d87dcd235c984369e07c71bff05bad06d113ecc6ac031615cae24eccef162d

SHA512
cbc3806c233b74b81147fd4e1cce43e37b14bf599a7e68e6bb337a47b58c721c843fc3913dbd5a969b6516bf3b2d510c813b0f576c8d6a111bb203669f314be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52408.exe
Filesize
184KB

MD5
61a45ee170a5f20b15498df5ff6c241d

SHA1
fc10bee6b7ff9ef3aeaa451dac5ae2bef98f9a50

SHA256
3dad77c98295b1cc01ec1cefa7ea94df99ce62b443bb96bf37e588174989095a

SHA512
877394b4ac26e5480e4a3d9ff427c636a43e4e709fa123e1e8f77d3fbcff66d78736f6eb11db827ef5c062875acd6b93773be7ceca500551a887f3dd2ce199ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
Filesize
184KB

MD5
185c259999ce96521107b4349f91a7e2

SHA1
88ec8726bf8b79ad308077f09994ed598018b884

SHA256
9afafddfc38121a3c443642fd2f28e9ddef90bc5acb5dbd60a8f00a4df28f26f

SHA512
1d3d7460302aba6ceb07a1226e2769b04778c3f6f6fd3e3049f09a26880815d9632169d0c103277c949fa1320af232dbef9f70c1f148e8192f669b9f87ae6449

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
Filesize
184KB

MD5
018e8b45c067528dcf345d7df1e67059

SHA1
5bca58e838ee7b31fdb97d0db6607423020a7f24

SHA256
0f450156a64d2736476e0c3bd829f8ce8ab280b157cb35903aafb206c27b4d1d

SHA512
151c12ac4747dd918621608d49ebb4cefc7123bc26171c1c37865b1ff547dbe9159d616bed01b951fb97b390afb524a4e24eabfc644ab07972389224a06fd53e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
Filesize
184KB

MD5
c51b5f63fcbc8ddaac06ce70c167de42

SHA1
97d5b205465d1855f9ae42d345cb1b17e5f01fd6

SHA256
01a1c53dbc30b401c3104d35699bcf6841269cd878f1f454ea0f657dc7b390e6

SHA512
43334b180d237e7310a97c854cf2274346bb5297d6ec7e84d7481566ed750ad8f7e088817c92508c1f870753e481a30c7dbeafe5f543430f090ca0f1fa899cf7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
Filesize
184KB

MD5
4650d45106cb656e014cb196506765e9

SHA1
48dbcc5459139312212b2db65fa8c69c4a11754e

SHA256
0bf01e7a29023ccb3f05a3a5cc08d87212e44a59c5d4ec92dab87dd335ccc647

SHA512
503ac5a79034a931433d6bc0f52235c979f75ad4cfb81e14e1d3a88fb4d3f9df1914e24a6bb296e57eed9e1d67ca877992dc77616cffa8b5b6ceb17fdbec3ae3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
Filesize
184KB

MD5
c3f1b057c9aaba9b49d74f4eb572aa50

SHA1
e531ce18c536bc227b1b71b53106e78ba851928c

SHA256
db9bfcf4283dba6112ba6561ff16db614072567fc183450ef2bdb6169548a75f

SHA512
014f10ad9289099de4535a151b4780c29fb42faa3bcade42db4e6c2ca5dff7f9e935cd042e3b53a2b884290ae07fc9a5e8f1c3d9448352a1c0eeb0633ce51d5c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20373.exe
Filesize
184KB

MD5
16a7a5a3b679cfb1178a96a437b093f8

SHA1
59a7d72f9770ea2a431de0e1ee650b7be17a3856

SHA256
3211e48b767a232246db304396d86b957dfa7543e169d4ee28a65f6825604163

SHA512
e9b878c63a80acac0edffad43cb7a2b19f54e0bad079c62ea2df66eec2ac2a3a6730e831e585ecb654c6728dfdcf46ac66f346a267520c823226799a5930eea0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
Filesize
184KB

MD5
8a2381ce90056f0d937371c5f5c2262a

SHA1
b52c0c6c63ef3810d414739b5e1d95e8034f8eb1

SHA256
a42088f93ebf3a3ca570f51ae9a81a2c273d63cf23f3fa1c681289c428c5da19

SHA512
f41d3164113d18f4a891e8c098be489e0bb28c1d78ec86a49a8e51707271dc0bbc527e9d18eb3bd63e25c8cd0a2403fe96948f2036b0a907c647cc327e9680c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
Filesize
184KB

MD5
4d8835421d254ffbda0c86b89972bc97

SHA1
1994c80e1eaa4273d4d70e2b157e71a8b6b415c5

SHA256
9debefb7db00c913b9c60d164895494e216280fca8ff3f0de8087b4fbf9a05c9

SHA512
8547cde8b8ff840f0bc2ee10aad9d1cd402aa33ab4868cf38f15fea94b2660d34f8cc42fe3db9e8c658e9757ab5bfee663614f448e8282a2e20aef23c5feef9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
Filesize
184KB

MD5
0e5d126d12acf5c33b4b9e66efbd8dbf

SHA1
0121df4ac0753758d901ca90e08389c13b12d364

SHA256
31c1865dbbd9231d9dc64dd7e9fe45f90a2ff2a0a825565485b832e1c9a33344

SHA512
c35b0987c5f33d4096416048db0d7ef39543c2dc9723cfaec9d8250bdf30eb40bdc3be4ff3046f5cdd216d340049eccb1595ad57d23def921e3e160e44691e3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
Filesize
184KB

MD5
b3cc1743d5e26715729935d34ea5a305

SHA1
5f7a1e41eb39257226de54195742f4e91bd93bd4

SHA256
6206f8d672dc185e850d8fa5f64bc4b16148f77c49d94f362cf7b0cdfd13003d

SHA512
cfce6572cd6591cc9e149e7f1fcd16330344ff124aebbb4d2682ac63dd5b00fbbf32d970349e576cc089bb2044908cc8a803220650485a919793eaba1e1435a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5070.exe
Filesize
184KB

MD5
2ba4c47726a97c0c350b15ca90045417

SHA1
a1322a0b52f573feb5c01c921775a73a6d80740e

SHA256
923e2a8b2f4465d7f3f4296ca4d3338a3f4ab6280def8e798c7d6f3d8eff95cb

SHA512
8c58a0a62c4762cfbbab293e2d34ccf83250464b935ee709f2a925319010812cc0267583f389e857c12a014f41174c218d02e059025aa276ce462af2a85be820

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
Filesize
184KB

MD5
4b11d0bc16f2acf221790604ecd9a17e

SHA1
949c1fa302fc500d731fcf8b0d6f0e0511b4fc78

SHA256
1735cf7c12605978971cc3c365ebcdecb2f5b3c8362fa2211b9dd12a7d89e061

SHA512
18af02c78a5ca5c35b49950dd460799dc87fef67b28af82208988703e8cb9d478f935303098745f1040edbd2e155293dd710d35dccfbc43141946c9c922670a7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads