99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe
Size

184KB
MD5

61bcdd9b466e11aaf811e5cb7c954946
SHA1

80a9678324a82d7b8a5e47e219e45753d2aec39c
SHA256

99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6
SHA512

f46a9236eb8ecf3eb8e9abeff5c2ebdb85f0893088e9d56f9b30b6827bf45d2228163853e9c30576ffdecd8138c47828c481bc28a910c46b95c20cfd10bface5
SSDEEP

3072:ya90b8ofW8hWdFaWeOVLRTskhlnViFbn3:yaJoLiFaIL1skhlnViFb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-51811.exeUnicorn-48299.exeUnicorn-13192.exeUnicorn-20441.exeUnicorn-1535.exeUnicorn-5199.exeUnicorn-25821.exeUnicorn-62670.exeUnicorn-30429.exeUnicorn-34020.exeUnicorn-26624.exeUnicorn-18658.exeUnicorn-59861.exeUnicorn-40936.exeUnicorn-53769.exeUnicorn-14049.exeUnicorn-11169.exeUnicorn-11169.exeUnicorn-59062.exeUnicorn-28982.exeUnicorn-61209.exeUnicorn-41343.exeUnicorn-30291.exeUnicorn-48848.exeUnicorn-44380.exeUnicorn-12693.exeUnicorn-9849.exeUnicorn-2169.exeUnicorn-56653.exeUnicorn-6601.exeUnicorn-52273.exeUnicorn-37520.exeUnicorn-38878.exeUnicorn-44446.exeUnicorn-40065.exeUnicorn-41950.exeUnicorn-40641.exeUnicorn-60507.exeUnicorn-32961.exeUnicorn-19797.exeUnicorn-19797.exeUnicorn-50715.exeUnicorn-50715.exeUnicorn-12868.exeUnicorn-32734.exeUnicorn-891.exeUnicorn-13828.exeUnicorn-4539.exeUnicorn-24405.exeUnicorn-55899.exeUnicorn-41426.exeUnicorn-36033.exeUnicorn-9828.exeUnicorn-21649.exeUnicorn-804.exeUnicorn-63497.exeUnicorn-20898.exeUnicorn-44398.exeUnicorn-7475.exeUnicorn-52955.exeUnicorn-25265.exeUnicorn-65332.exeUnicorn-63064.exeUnicorn-47626.exe

pid	process
2216	Unicorn-51811.exe
3020	Unicorn-48299.exe
2836	Unicorn-13192.exe
2656	Unicorn-20441.exe
3004	Unicorn-1535.exe
2604	Unicorn-5199.exe
2692	Unicorn-25821.exe
2392	Unicorn-62670.exe
1732	Unicorn-30429.exe
1092	Unicorn-34020.exe
2864	Unicorn-26624.exe
896	Unicorn-18658.exe
1628	Unicorn-59861.exe
1836	Unicorn-40936.exe
2684	Unicorn-53769.exe
2700	Unicorn-14049.exe
2732	Unicorn-11169.exe
2704	Unicorn-11169.exe
2088	Unicorn-59062.exe
2092	Unicorn-28982.exe
1012	Unicorn-61209.exe
2744	Unicorn-41343.exe
1484	Unicorn-30291.exe
2788	Unicorn-48848.exe
2968	Unicorn-44380.exe
2120	Unicorn-12693.exe
1636	Unicorn-9849.exe
876	Unicorn-2169.exe
2800	Unicorn-56653.exe
1692	Unicorn-6601.exe
2212	Unicorn-52273.exe
1772	Unicorn-37520.exe
2524	Unicorn-38878.exe
2784	Unicorn-44446.exe
1968	Unicorn-40065.exe
2564	Unicorn-41950.exe
2544	Unicorn-40641.exe
2432	Unicorn-60507.exe
2860	Unicorn-32961.exe
1688	Unicorn-19797.exe
1240	Unicorn-19797.exe
1216	Unicorn-50715.exe
1764	Unicorn-50715.exe
1568	Unicorn-12868.exe
1936	Unicorn-32734.exe
1712	Unicorn-891.exe
1696	Unicorn-13828.exe
1492	Unicorn-4539.exe
1104	Unicorn-24405.exe
676	Unicorn-55899.exe
848	Unicorn-41426.exe
580	Unicorn-36033.exe
2112	Unicorn-9828.exe
1616	Unicorn-21649.exe
816	Unicorn-804.exe
1132	Unicorn-63497.exe
1844	Unicorn-20898.exe
2484	Unicorn-44398.exe
2632	Unicorn-7475.exe
2724	Unicorn-52955.exe
2444	Unicorn-25265.exe
2420	Unicorn-65332.exe
2852	Unicorn-63064.exe
1940	Unicorn-47626.exe

Loads dropped DLL 64 IoCs

Processes:

99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exeUnicorn-51811.exeUnicorn-48299.exeUnicorn-13192.exeWerFault.exeUnicorn-1535.exeUnicorn-20441.exeUnicorn-5199.exeWerFault.exeWerFault.exeUnicorn-25821.exeUnicorn-30429.exeUnicorn-62670.exeUnicorn-26624.exeUnicorn-34020.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe
2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe
2216	Unicorn-51811.exe
2216	Unicorn-51811.exe
2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe
2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe
3020	Unicorn-48299.exe
3020	Unicorn-48299.exe
2216	Unicorn-51811.exe
2216	Unicorn-51811.exe
2836	Unicorn-13192.exe
2836	Unicorn-13192.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
3004	Unicorn-1535.exe
3004	Unicorn-1535.exe
2656	Unicorn-20441.exe
3020	Unicorn-48299.exe
3020	Unicorn-48299.exe
2656	Unicorn-20441.exe
2836	Unicorn-13192.exe
2836	Unicorn-13192.exe
2604	Unicorn-5199.exe
2604	Unicorn-5199.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
2692	Unicorn-25821.exe
2692	Unicorn-25821.exe
3004	Unicorn-1535.exe
3004	Unicorn-1535.exe
1732	Unicorn-30429.exe
1732	Unicorn-30429.exe
2656	Unicorn-20441.exe
2656	Unicorn-20441.exe
2392	Unicorn-62670.exe
2392	Unicorn-62670.exe
2864	Unicorn-26624.exe
1092	Unicorn-34020.exe
2864	Unicorn-26624.exe
1092	Unicorn-34020.exe
2604	Unicorn-5199.exe
2604	Unicorn-5199.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
980	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1896	2220	WerFault.exe	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe
2300	2216	WerFault.exe	Unicorn-51811.exe
2176	3020	WerFault.exe	Unicorn-48299.exe
1916	2836	WerFault.exe	Unicorn-13192.exe
1956	3004	WerFault.exe	Unicorn-1535.exe
1140	2656	WerFault.exe	Unicorn-20441.exe
980	2604	WerFault.exe	Unicorn-5199.exe
1924	2692	WerFault.exe	Unicorn-25821.exe
2980	1732	WerFault.exe	Unicorn-30429.exe
2892	2392	WerFault.exe	Unicorn-62670.exe
2460	2864	WerFault.exe	Unicorn-26624.exe
1648	1092	WerFault.exe	Unicorn-34020.exe
2972	2744	WerFault.exe	Unicorn-41343.exe
688	896	WerFault.exe	Unicorn-18658.exe
1088	1836	WerFault.exe	Unicorn-40936.exe
1796	2684	WerFault.exe	Unicorn-53769.exe
2688	1628	WerFault.exe	Unicorn-59861.exe
2928	2700	WerFault.exe	Unicorn-14049.exe
2084	2732	WerFault.exe	Unicorn-11169.exe
2144	2088	WerFault.exe	Unicorn-59062.exe
2020	2704	WerFault.exe	Unicorn-11169.exe
1532	2092	WerFault.exe	Unicorn-28982.exe
1384	1012	WerFault.exe	Unicorn-61209.exe
2876	2968	WerFault.exe	Unicorn-44380.exe
1972	1636	WerFault.exe	Unicorn-9849.exe
2500	1772	WerFault.exe	Unicorn-37520.exe
756	2212	WerFault.exe	Unicorn-52273.exe
2244	2800	WerFault.exe	Unicorn-56653.exe
2228	1484	WerFault.exe	Unicorn-30291.exe
2400	2120	WerFault.exe	Unicorn-12693.exe
1944	876	WerFault.exe	Unicorn-2169.exe
2256	2524	WerFault.exe	Unicorn-38878.exe
2848	2784	WerFault.exe	Unicorn-44446.exe
3188	1936	WerFault.exe	Unicorn-32734.exe
3232	1568	WerFault.exe	Unicorn-12868.exe
3248	1492	WerFault.exe	Unicorn-4539.exe
3240	1764	WerFault.exe	Unicorn-50715.exe
3276	676	WerFault.exe	Unicorn-55899.exe
3648	1968	WerFault.exe	Unicorn-40065.exe
3740	1692	WerFault.exe	Unicorn-6601.exe
3828	2788	WerFault.exe	Unicorn-48848.exe
3976	580	WerFault.exe	Unicorn-36033.exe
4012	1216	WerFault.exe	Unicorn-50715.exe
4028	1616	WerFault.exe	Unicorn-21649.exe
4072	2484	WerFault.exe	Unicorn-44398.exe
4092	816	WerFault.exe	Unicorn-804.exe
3532	2852	WerFault.exe	Unicorn-63064.exe
3560	2444	WerFault.exe	Unicorn-25265.exe
3664	1696	WerFault.exe	Unicorn-13828.exe
3760	2644	WerFault.exe	Unicorn-50423.exe
3788	1120	WerFault.exe	Unicorn-31024.exe
3840	2420	WerFault.exe	Unicorn-65332.exe
3872	2332	WerFault.exe	Unicorn-13583.exe
3864	2564	WerFault.exe	Unicorn-41950.exe
3956	2860	WerFault.exe	Unicorn-32961.exe
3204	1940	WerFault.exe	Unicorn-47626.exe
3392	1240	WerFault.exe	Unicorn-19797.exe
3428	1884	WerFault.exe	Unicorn-1331.exe
3480	1520	WerFault.exe	Unicorn-23693.exe
3752	848	WerFault.exe	Unicorn-41426.exe
3924	612	WerFault.exe	Unicorn-2867.exe
4020	1104	WerFault.exe	Unicorn-24405.exe
3200	2724	WerFault.exe	Unicorn-52955.exe
3180	2360	WerFault.exe	Unicorn-3827.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exeUnicorn-51811.exeUnicorn-48299.exeUnicorn-13192.exeUnicorn-1535.exeUnicorn-20441.exeUnicorn-5199.exeUnicorn-25821.exeUnicorn-30429.exeUnicorn-62670.exeUnicorn-34020.exeUnicorn-26624.exeUnicorn-18658.exeUnicorn-59861.exeUnicorn-40936.exeUnicorn-53769.exeUnicorn-14049.exeUnicorn-11169.exeUnicorn-11169.exeUnicorn-59062.exeUnicorn-28982.exeUnicorn-41343.exeUnicorn-30291.exeUnicorn-61209.exeUnicorn-48848.exeUnicorn-44380.exeUnicorn-12693.exeUnicorn-6601.exeUnicorn-56653.exeUnicorn-2169.exeUnicorn-9849.exeUnicorn-37520.exeUnicorn-52273.exeUnicorn-38878.exeUnicorn-44446.exeUnicorn-40065.exeUnicorn-41950.exeUnicorn-40641.exeUnicorn-60507.exeUnicorn-32961.exeUnicorn-50715.exeUnicorn-19797.exeUnicorn-19797.exeUnicorn-50715.exeUnicorn-32734.exeUnicorn-13828.exeUnicorn-12868.exeUnicorn-891.exeUnicorn-24405.exeUnicorn-4539.exeUnicorn-55899.exeUnicorn-41426.exeUnicorn-36033.exeUnicorn-9828.exeUnicorn-21649.exeUnicorn-804.exeUnicorn-63497.exeUnicorn-20898.exeUnicorn-44398.exeUnicorn-7475.exeUnicorn-52955.exeUnicorn-25265.exeUnicorn-63064.exeUnicorn-65332.exe

pid	process
2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe
2216	Unicorn-51811.exe
3020	Unicorn-48299.exe
2836	Unicorn-13192.exe
3004	Unicorn-1535.exe
2656	Unicorn-20441.exe
2604	Unicorn-5199.exe
2692	Unicorn-25821.exe
1732	Unicorn-30429.exe
2392	Unicorn-62670.exe
1092	Unicorn-34020.exe
2864	Unicorn-26624.exe
896	Unicorn-18658.exe
1628	Unicorn-59861.exe
1836	Unicorn-40936.exe
2684	Unicorn-53769.exe
2700	Unicorn-14049.exe
2732	Unicorn-11169.exe
2704	Unicorn-11169.exe
2088	Unicorn-59062.exe
2092	Unicorn-28982.exe
2744	Unicorn-41343.exe
1484	Unicorn-30291.exe
1012	Unicorn-61209.exe
2788	Unicorn-48848.exe
2968	Unicorn-44380.exe
2120	Unicorn-12693.exe
1692	Unicorn-6601.exe
2800	Unicorn-56653.exe
876	Unicorn-2169.exe
1636	Unicorn-9849.exe
1772	Unicorn-37520.exe
2212	Unicorn-52273.exe
2524	Unicorn-38878.exe
2784	Unicorn-44446.exe
1968	Unicorn-40065.exe
2564	Unicorn-41950.exe
2544	Unicorn-40641.exe
2432	Unicorn-60507.exe
2860	Unicorn-32961.exe
1764	Unicorn-50715.exe
1688	Unicorn-19797.exe
1240	Unicorn-19797.exe
1216	Unicorn-50715.exe
1936	Unicorn-32734.exe
1696	Unicorn-13828.exe
1568	Unicorn-12868.exe
1712	Unicorn-891.exe
1104	Unicorn-24405.exe
1492	Unicorn-4539.exe
676	Unicorn-55899.exe
848	Unicorn-41426.exe
580	Unicorn-36033.exe
2112	Unicorn-9828.exe
1616	Unicorn-21649.exe
816	Unicorn-804.exe
1132	Unicorn-63497.exe
1844	Unicorn-20898.exe
2484	Unicorn-44398.exe
2632	Unicorn-7475.exe
2724	Unicorn-52955.exe
2444	Unicorn-25265.exe
2852	Unicorn-63064.exe
2420	Unicorn-65332.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exeUnicorn-51811.exeUnicorn-48299.exeUnicorn-13192.exeUnicorn-1535.exeUnicorn-20441.exeUnicorn-5199.exeUnicorn-25821.exe

description	pid	process	target process
PID 2220 wrote to memory of 2216	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	Unicorn-51811.exe
PID 2220 wrote to memory of 2216	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	Unicorn-51811.exe
PID 2220 wrote to memory of 2216	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	Unicorn-51811.exe
PID 2220 wrote to memory of 2216	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	Unicorn-51811.exe
PID 2216 wrote to memory of 3020	2216	Unicorn-51811.exe	Unicorn-48299.exe
PID 2216 wrote to memory of 3020	2216	Unicorn-51811.exe	Unicorn-48299.exe
PID 2216 wrote to memory of 3020	2216	Unicorn-51811.exe	Unicorn-48299.exe
PID 2216 wrote to memory of 3020	2216	Unicorn-51811.exe	Unicorn-48299.exe
PID 2220 wrote to memory of 2836	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	Unicorn-13192.exe
PID 2220 wrote to memory of 2836	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	Unicorn-13192.exe
PID 2220 wrote to memory of 2836	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	Unicorn-13192.exe
PID 2220 wrote to memory of 2836	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	Unicorn-13192.exe
PID 2220 wrote to memory of 1896	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	WerFault.exe
PID 2220 wrote to memory of 1896	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	WerFault.exe
PID 2220 wrote to memory of 1896	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	WerFault.exe
PID 2220 wrote to memory of 1896	2220	99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe	WerFault.exe
PID 3020 wrote to memory of 2656	3020	Unicorn-48299.exe	Unicorn-20441.exe
PID 3020 wrote to memory of 2656	3020	Unicorn-48299.exe	Unicorn-20441.exe
PID 3020 wrote to memory of 2656	3020	Unicorn-48299.exe	Unicorn-20441.exe
PID 3020 wrote to memory of 2656	3020	Unicorn-48299.exe	Unicorn-20441.exe
PID 2216 wrote to memory of 3004	2216	Unicorn-51811.exe	Unicorn-1535.exe
PID 2216 wrote to memory of 3004	2216	Unicorn-51811.exe	Unicorn-1535.exe
PID 2216 wrote to memory of 3004	2216	Unicorn-51811.exe	Unicorn-1535.exe
PID 2216 wrote to memory of 3004	2216	Unicorn-51811.exe	Unicorn-1535.exe
PID 2836 wrote to memory of 2604	2836	Unicorn-13192.exe	Unicorn-5199.exe
PID 2836 wrote to memory of 2604	2836	Unicorn-13192.exe	Unicorn-5199.exe
PID 2836 wrote to memory of 2604	2836	Unicorn-13192.exe	Unicorn-5199.exe
PID 2836 wrote to memory of 2604	2836	Unicorn-13192.exe	Unicorn-5199.exe
PID 2216 wrote to memory of 2300	2216	Unicorn-51811.exe	WerFault.exe
PID 2216 wrote to memory of 2300	2216	Unicorn-51811.exe	WerFault.exe
PID 2216 wrote to memory of 2300	2216	Unicorn-51811.exe	WerFault.exe
PID 2216 wrote to memory of 2300	2216	Unicorn-51811.exe	WerFault.exe
PID 3004 wrote to memory of 2692	3004	Unicorn-1535.exe	Unicorn-25821.exe
PID 3004 wrote to memory of 2692	3004	Unicorn-1535.exe	Unicorn-25821.exe
PID 3004 wrote to memory of 2692	3004	Unicorn-1535.exe	Unicorn-25821.exe
PID 3004 wrote to memory of 2692	3004	Unicorn-1535.exe	Unicorn-25821.exe
PID 3020 wrote to memory of 2392	3020	Unicorn-48299.exe	Unicorn-62670.exe
PID 3020 wrote to memory of 2392	3020	Unicorn-48299.exe	Unicorn-62670.exe
PID 3020 wrote to memory of 2392	3020	Unicorn-48299.exe	Unicorn-62670.exe
PID 3020 wrote to memory of 2392	3020	Unicorn-48299.exe	Unicorn-62670.exe
PID 2656 wrote to memory of 1732	2656	Unicorn-20441.exe	Unicorn-30429.exe
PID 2656 wrote to memory of 1732	2656	Unicorn-20441.exe	Unicorn-30429.exe
PID 2656 wrote to memory of 1732	2656	Unicorn-20441.exe	Unicorn-30429.exe
PID 2656 wrote to memory of 1732	2656	Unicorn-20441.exe	Unicorn-30429.exe
PID 2836 wrote to memory of 2864	2836	Unicorn-13192.exe	Unicorn-26624.exe
PID 2836 wrote to memory of 2864	2836	Unicorn-13192.exe	Unicorn-26624.exe
PID 2836 wrote to memory of 2864	2836	Unicorn-13192.exe	Unicorn-26624.exe
PID 2836 wrote to memory of 2864	2836	Unicorn-13192.exe	Unicorn-26624.exe
PID 2604 wrote to memory of 1092	2604	Unicorn-5199.exe	Unicorn-34020.exe
PID 2604 wrote to memory of 1092	2604	Unicorn-5199.exe	Unicorn-34020.exe
PID 2604 wrote to memory of 1092	2604	Unicorn-5199.exe	Unicorn-34020.exe
PID 2604 wrote to memory of 1092	2604	Unicorn-5199.exe	Unicorn-34020.exe
PID 3020 wrote to memory of 2176	3020	Unicorn-48299.exe	WerFault.exe
PID 3020 wrote to memory of 2176	3020	Unicorn-48299.exe	WerFault.exe
PID 3020 wrote to memory of 2176	3020	Unicorn-48299.exe	WerFault.exe
PID 3020 wrote to memory of 2176	3020	Unicorn-48299.exe	WerFault.exe
PID 2836 wrote to memory of 1916	2836	Unicorn-13192.exe	WerFault.exe
PID 2836 wrote to memory of 1916	2836	Unicorn-13192.exe	WerFault.exe
PID 2836 wrote to memory of 1916	2836	Unicorn-13192.exe	WerFault.exe
PID 2836 wrote to memory of 1916	2836	Unicorn-13192.exe	WerFault.exe
PID 2692 wrote to memory of 896	2692	Unicorn-25821.exe	Unicorn-18658.exe
PID 2692 wrote to memory of 896	2692	Unicorn-25821.exe	Unicorn-18658.exe
PID 2692 wrote to memory of 896	2692	Unicorn-25821.exe	Unicorn-18658.exe
PID 2692 wrote to memory of 896	2692	Unicorn-25821.exe	Unicorn-18658.exe

C:\Users\Admin\AppData\Local\Temp\99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe
"C:\Users\Admin\AppData\Local\Temp\99b17d5eff38c9d100859c4f126b796dfbcd1e862ba201d933aaaade23b162d6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-30429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30429.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
10⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-20347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20347.exe
11⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
12⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
13⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
14⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 236
13⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
12⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
11⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 236
10⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
9⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
10⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
11⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
12⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 240
13⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
12⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
11⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
10⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
9⤵
- Program crash
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
9⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
10⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
11⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
12⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
13⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-8988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8988.exe
14⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
13⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 236
12⤵
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
11⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
9⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
10⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
11⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
12⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
12⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
11⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
10⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
9⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
8⤵
- Program crash
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
9⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
10⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
11⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
12⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
13⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
13⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
12⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
11⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-63745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63745.exe
11⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
12⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 236
12⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
11⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
8⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
10⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
11⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
12⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
12⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
11⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 216
9⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
8⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
7⤵
- Program crash
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-28982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28982.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-52603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52603.exe
9⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
10⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
11⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
12⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
13⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
13⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
12⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
11⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
11⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
12⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
13⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
12⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
11⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
10⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
11⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 240
12⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
11⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
9⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
8⤵
- Program crash
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-21301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21301.exe
8⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
11⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
12⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 236
12⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
11⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
10⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 216
9⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
8⤵
- Program crash
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
7⤵
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
6⤵
- Program crash
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
8⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
9⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
10⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
11⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
12⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
12⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
11⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 216
10⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
9⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
8⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
9⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
10⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
11⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
7⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-31921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31921.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-39333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39333.exe
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
10⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-8826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8826.exe
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
11⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
10⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
7⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
7⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
8⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
10⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
11⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-10472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10472.exe
12⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 236
11⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
10⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
9⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
8⤵
- Program crash
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-35797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35797.exe
7⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
9⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
10⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
10⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
8⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
7⤵
- Program crash
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
6⤵
- Program crash
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-14049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14049.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
8⤵
- Executes dropped EXE
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
9⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
10⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
11⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
12⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
13⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 236
12⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
11⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
10⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
9⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
8⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
10⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
11⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
10⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 216
9⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
8⤵
- Program crash
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
7⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
9⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
10⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
11⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
11⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
9⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
8⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 220
7⤵
- Program crash
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-15857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15857.exe
7⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
9⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
10⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
11⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
11⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
10⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
8⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
7⤵
- Program crash
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
6⤵
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
7⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-58803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58803.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
10⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
11⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
11⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
10⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
7⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
8⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
9⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
10⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
10⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
9⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
8⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
6⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
7⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
8⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-19314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19314.exe
9⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
10⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
10⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
9⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
8⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
7⤵
- Program crash
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
6⤵
- Program crash
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
5⤵
- Program crash
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
8⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3795.exe
9⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
10⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
11⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
12⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
12⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
11⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
10⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
9⤵
- Program crash
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
8⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
10⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
11⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 236
11⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
10⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
9⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
8⤵
- Program crash
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
7⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
10⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
11⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
11⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
10⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
8⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
7⤵
- Program crash
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
7⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
8⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
10⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
11⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
11⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
9⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
8⤵
- Program crash
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
7⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
8⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
9⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
10⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
9⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
8⤵
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
7⤵
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 220
6⤵
- Program crash
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
6⤵
- Program crash
PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
5⤵
- Program crash
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
10⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
11⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
10⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
9⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
8⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
7⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
7⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
8⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
9⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
10⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
10⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
9⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
8⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
7⤵
- Program crash
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
6⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4539.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
6⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
8⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
9⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
10⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
10⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
9⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
8⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
7⤵
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 216
6⤵
- Program crash
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
5⤵
- Program crash
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
8⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
9⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
10⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
11⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
12⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
11⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
10⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
9⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
8⤵
- Program crash
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
7⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
9⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
10⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
11⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
11⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
10⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
9⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
8⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 220
7⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
8⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-15093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15093.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
10⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
11⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
12⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
11⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
10⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
9⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
8⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
8⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
9⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
10⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
10⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
9⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 220
8⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
7⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
6⤵
- Program crash
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
7⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-46363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46363.exe
9⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
10⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
11⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
11⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
10⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
8⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
7⤵
- Program crash
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-31024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31024.exe
6⤵
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
7⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
9⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
10⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
11⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 236
10⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
8⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 236
7⤵
- Program crash
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
6⤵
- Program crash
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
5⤵
- Program crash
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
11⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
12⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
11⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
10⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
9⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
8⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
7⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
8⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
9⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
10⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
10⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
9⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 216
8⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
7⤵
- Program crash
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-63064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63064.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
7⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
9⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
10⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
10⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
9⤵
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
8⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
7⤵
- Program crash
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
6⤵
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
6⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
7⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
8⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-47793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47793.exe
9⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 240
10⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
9⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
8⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
7⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
6⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
5⤵
- Program crash
PID:2144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
7⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
9⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
10⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
11⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
11⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
10⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
8⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
7⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-61720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61720.exe
6⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe
7⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
8⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
9⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
10⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 236
10⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 236
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
8⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
7⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 220
6⤵
- Program crash
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
7⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-28176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28176.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
10⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
11⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 236
10⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
9⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
8⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
7⤵
- Program crash
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
6⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
7⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
8⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
9⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-171.exe
10⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
9⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
8⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
7⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
6⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
5⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-2867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2867.exe
6⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-23816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23816.exe
7⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
8⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
9⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
10⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
10⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
9⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
8⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 236
7⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
6⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
7⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
8⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
9⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
9⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 236
8⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
7⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
6⤵
- Program crash
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
5⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
6⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
7⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
8⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
9⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
9⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
8⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
7⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
6⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
5⤵
- Program crash
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
4⤵
- Program crash
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
2⤵
- Program crash
PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe

Filesize
184KB

MD5
8a722814b1cc00d2a2cbcaf5c218a11c

SHA1
24dffa07d74c42b4cd7d8901da3c84c5bf529855

SHA256
b9152801b023ce2d64e558185a7aab4d9f5bcf9bf933417979612599074ebe52

SHA512
9c8c7297d26964411db727dd5d39eb1a506906deef27343aa5be68ac54d72792a27353ab927187925f73ce433c960db47f1fa6e6b5e0338db49bbf3223066722

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe

Filesize
184KB

MD5
acfcc8ef740d0e9321b0ad88d3945faf

SHA1
88172bd539a7bb64abe47d5c5fd79d2da7556938

SHA256
fc32e96056f2d8ae6e379ce41179c2dc1d72ebeb6ca2d6b1babc4c2d471ba384

SHA512
df49582807ff0122eb045a251fe5e6bf0089b26b8b9fbfd76f28f7b58822029d49a3c6e592197f9d930db6930ecdcdaac694d7240043a5f153cf6222444da88d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe

Filesize
184KB

MD5
65f8c02055b0fad2b4e143740e47c14f

SHA1
ca7e006db7e4a9e1ebabfeac0a00d36c14e305e5

SHA256
6c48c8b74fbc811faa4fad4c8e83014abb3a02adb6d3f01f52262351ecba5732

SHA512
f031b5b40e243c8d311c32ea3c043c25a661a6cd27d214c6b4959e2c319106ca2063da9881724dfff4b574f255e42a0e9ef16f2916c5073ac4d06cf051f78d1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe

Filesize
184KB

MD5
2c6e560f2dc384a25b047913b4c88559

SHA1
a69e47f2e5a932e507d6d9ba1d055327d9cc2d03

SHA256
6dab378ae29621c0fd3bd850f28cb8c17566187ecbfbb1f1123459e5e9f66f6d

SHA512
28a61ce055d426f08b027bc7deff578f4a2481ca270572db47c9152c8aee68eac59de67a1a0d4cb3882ae690a4abdcd81fc78bd67c3b884e6ac7346133bc2761

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe

Filesize
184KB

MD5
42d97497adf0cdfacca0b32d1277f57e

SHA1
f37aad4949f1037c804912ac341c9ae866f78802

SHA256
ffdeced3df5a15bf63c079c80840f978cf3354a623dae38a168b0e45e52d7b77

SHA512
e25488d06bb6ccc872dfb851c1d3faf33d34a4c88d1a87291d5c79faabfff293e5c6ef6ca5f2c380d98af7a110311290335887a514999c0703f88755d3a2da9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe

Filesize
184KB

MD5
02bfe1034df154946a2fc8cee7fa5c2f

SHA1
0af34c77de3485d65c9b99f17144f09eeeed92c1

SHA256
024470fc85f30411e6bfb9235be2cfd1af8c5184b3311fa59f39644e2ff3d54c

SHA512
05435a0f9538d87ba5388859e985b7117eac23888243de393f2d4a6ea3d6a76639b12675dba648aca8218b8f81c4ed263a76c1e309806d2ebd2110b6f9e62d4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe

Filesize
184KB

MD5
71601df8252e7bda3e823d2c47ce051f

SHA1
ddd275017c10a4f16e0d0c98b73ad848725b9eac

SHA256
4239736226e07ae5244347b9fce58a6faac2a4ac733985f6bc89afdb743b9396

SHA512
6e7343b3d5c40c92dad201a7bc3ceff736f4013089abc3342bc06ea2c426a610215c2c15b805541102f7cc5cd4833ebe368cfc27870aab96b5b97b383bc45422

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe

Filesize
184KB

MD5
c8f6df6201a0b762e04c61aa95784ddb

SHA1
f7a8b7b5a5692a793bf3cd359e9666cbbefc68fc

SHA256
06a4a62c547c4aac5b3a3d48e30147c9d578727a31ba7ab8c933bd6445ade134

SHA512
6fc093e3608df86bbec5bdbf1a29aa741ae7d0ac30a65df3dbb30829b17018f0792ab7feca3b9e02ba6cc1843b41a2cf3e172c64217a75acd49f0191b46494f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe

Filesize
184KB

MD5
027472b28c58049a9db9c62590d356a8

SHA1
658ec63a9b5533ff13a057dd415bdb27226e606e

SHA256
aaaf80c3c79d278719b8edc23dcc159e18825d302ed66c4d3661f4c07562e763

SHA512
a21de56928508c68ddf95f8d0c9e609d850794b559fdef24dd981a80f8b2e8fee75ce2d5562f872658904835f80c899dfc70e75ef27d5012a8a9ca4d9016360c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe

Filesize
184KB

MD5
e2bfbce91b44361450d81ff31ae9ac3a

SHA1
2c788b531068ef225cec2b7fad4a2c5057507206

SHA256
691cf3fa8675127c0faf4cb35607b606458a76b9709266324002b52b5e40ee6b

SHA512
8c34a7c03ad6f414fdba757328c535dd1d7d3b7644886345a59a47999d37e1d58e76fe36ebc0c34f15e4f0418a3e28f375d76775f6217940008d01416982675f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe

Filesize
184KB

MD5
51ab745915fcb9ddc7298f468683a256

SHA1
7ff97110a16102803e96782599ab65e859b07305

SHA256
cf067bb4d822bc6258572ea66bde8c6536e48a9acc377ec4e09ac84e06e2cd24

SHA512
5004e2ba1a59c3b86e5ff4dde8dca566b81022cece437852de4375f03915243b645c49cb5c86d015003807709391fa1431e7744b86bf049af76177f37b95c40d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe

Filesize
184KB

MD5
7aaef03b3216cd6cb49bf3c79fdcd330

SHA1
afce646133f976d07c8264c03e3bd7f550457f6f

SHA256
8dad2fb413f31633d6e20e57cdbf127d32eaa7bc0e4ca66df7ddf7b438343900

SHA512
a89b5c830b99e083d32e5b5570a3465dee19a6ff2e78113e4ef60dfdbd933c452e35a253dbe3211cd3d5689a4a75872044f91ed1551a0339d13f715eae9d7cb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe

Filesize
184KB

MD5
4895afdbe156336ae557a2f4e819f8b3

SHA1
6cd4ea8b5f7bc7eacfdb7ab2e92403c734e48125

SHA256
3a39d7ffabff16cad113939b814c5744cec3782df66a78b3f8139e58348b1d3a

SHA512
02c90b7a03a04e33a830908413e3716986f419395f8e6da6548b81139a570978ab03f2c3d13a3a6dab494249feb7e47ad6b0e196ff993fae46aff51bcc796575

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30429.exe

Filesize
184KB

MD5
8e6775e599b86bf924b532a2d3a4d33a

SHA1
bddb6a9d4d913eb249c6c39221779fcad5c93e89

SHA256
8bb345defc163405012219fe79fdfe0443d28f36c7435729eff4fce844dca9dc

SHA512
ac356f7422a7f0881ea3f6535aef82642892dbc518565d979a461d93a744638cab848e4b916493f8cbe4234895317a5edba27d3cb8b4d4264ac8e3a77884f1eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe

Filesize
184KB

MD5
2ed5f8c5761d5e8c7e747ec3fcb2eed5

SHA1
64a2cd97ca07c5844bd8fbb95f60946471e89593

SHA256
c10d341458a291a8983d13cab710d3d0b0d3a08f9d09fb8f3aaa415da7d5e186

SHA512
523854b2f3c123ea36184724c5531f904e94a1d6170e3a9a5eb7f59732ae42de8a8e06d4f062adca855b0732ca85754bf0821085e286a070e9dd419d436cac11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe

Filesize
184KB

MD5
1932a1ba009b0d451038b5605c538f70

SHA1
8cf92b6dc332fe9b95397a62c0bb0881b50c03bc

SHA256
750ce03c2955275d0d0de0ff7daf06d3b7ef6f6df536c82041f65141ecbce63e

SHA512
d4de98d23971bf0463d8fd2e1cfabc1bb339df7e11f4f381ad604856d6b0db1664882f13dfa5b51187d8604651f8552afa6ccad6054ab7869fc2cf7ac3c39d8f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe

Filesize
184KB

MD5
2455d8457f97598c7609fc4c5bd30d7c

SHA1
f183d8b189f717395fd7796949e1802aafd98fb4

SHA256
0ec6d41f8f1a8175b8e604ebb782f85cacef23091c8c246594b4e8e8aa6e1ff7

SHA512
ffcd827a4f71bbd58351b0268d951682ed0392643a37c79a85a92d8fd133dc349f21f98506ac4ece094058f2c25ed4c17286b833189a7216b675903313c2ebb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe

Filesize
184KB

MD5
2d48afa8054b2983977d80191208f16c

SHA1
cd549d78b69791940a32d09272a623fef4fd698f

SHA256
80a3eb7e72caabeddc38b292fa0f32b0d571af7efddde358997050119a646544

SHA512
08260377545bb4d594239380376c8404521a34046058883b504ab30a7ee2c7b1c421a1701784723b7c5f675cdeb76e3d042a06c656ed1eb4040b653533f4a9a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe

Filesize
184KB

MD5
93f932d364b96dfc0cf67815478bf3c4

SHA1
51ffe962e02525a97d98edd8fd8c8ba66a9f145d

SHA256
0532ab8bc699614b516cffb651827eeb295d6d76cacb202c5f08701c829a72c1

SHA512
4505b6579ce27f1ee5b3f027b77662028e97ccf653549af8df041ca4fc1ba54cc7f9d9c71070b9c122ab9e4f10676dcdc6bfad114be0a456ce43b84a79cdcef9

Download Submit