a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c

Analysis

max time kernel
90s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe
Size

184KB
MD5

3e21fbf6266b643ce8d75857dc7dc46a
SHA1

38e70bbaf7dc5559d27dd2360c7ef8551142e062
SHA256

a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c
SHA512

4ae1e43cdb9cf86f4084568868b63bd59bbca533ad54ac969a8300618086240085b6b16c64a10a989f9f38f0e394060d446d3b4e925857e31aef8525bc4cb006
SSDEEP

3072:THfkiWol9MuKVRSYeITLRxJOXPYKzof3HBBgA5qQUl9KlnVgF0:THso9+RSuLnJOXyhYpKlnVgF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-56330.exeUnicorn-30991.exeUnicorn-43990.exeUnicorn-42561.exeUnicorn-45083.exeUnicorn-40676.exeUnicorn-3407.exeUnicorn-49655.exeUnicorn-21197.exeUnicorn-1331.exeUnicorn-56054.exeUnicorn-43247.exeUnicorn-54793.exeUnicorn-11150.exeUnicorn-43823.exeUnicorn-56137.exeUnicorn-10465.exeUnicorn-37246.exeUnicorn-32455.exeUnicorn-2243.exeUnicorn-28798.exeUnicorn-28606.exeUnicorn-8740.exeUnicorn-11776.exeUnicorn-11776.exeUnicorn-41796.exeUnicorn-61662.exeUnicorn-57256.exeUnicorn-52275.exeUnicorn-37008.exeUnicorn-65082.exeUnicorn-19411.exeUnicorn-50199.exeUnicorn-53043.exeUnicorn-17910.exeUnicorn-37776.exeUnicorn-35472.exeUnicorn-32819.exeUnicorn-33395.exeUnicorn-53261.exeUnicorn-2799.exeUnicorn-35664.exeUnicorn-15798.exeUnicorn-915.exeUnicorn-20781.exeUnicorn-36240.exeUnicorn-44930.exeUnicorn-8235.exeUnicorn-25605.exeUnicorn-25605.exeUnicorn-10721.exeUnicorn-57270.exeUnicorn-43394.exeUnicorn-10913.exeUnicorn-24981.exeUnicorn-15329.exeUnicorn-61878.exeUnicorn-48002.exeUnicorn-33996.exeUnicorn-61769.exeUnicorn-1707.exeUnicorn-47343.exeUnicorn-31692.exeUnicorn-12402.exe

pid	process
2928	Unicorn-56330.exe
2988	Unicorn-30991.exe
2676	Unicorn-43990.exe
2724	Unicorn-42561.exe
2920	Unicorn-45083.exe
2524	Unicorn-40676.exe
308	Unicorn-3407.exe
2780	Unicorn-49655.exe
1052	Unicorn-21197.exe
2032	Unicorn-1331.exe
2220	Unicorn-56054.exe
1640	Unicorn-43247.exe
2276	Unicorn-54793.exe
2444	Unicorn-11150.exe
2828	Unicorn-43823.exe
3040	Unicorn-56137.exe
1160	Unicorn-10465.exe
696	Unicorn-37246.exe
2428	Unicorn-32455.exe
692	Unicorn-2243.exe
1352	Unicorn-28798.exe
1096	Unicorn-28606.exe
2096	Unicorn-8740.exe
896	Unicorn-11776.exe
848	Unicorn-11776.exe
2108	Unicorn-41796.exe
1712	Unicorn-61662.exe
2088	Unicorn-57256.exe
2232	Unicorn-52275.exe
2940	Unicorn-37008.exe
2740	Unicorn-65082.exe
1864	Unicorn-19411.exe
2192	Unicorn-50199.exe
2612	Unicorn-53043.exe
2652	Unicorn-17910.exe
2572	Unicorn-37776.exe
2584	Unicorn-35472.exe
2456	Unicorn-32819.exe
2328	Unicorn-33395.exe
2752	Unicorn-53261.exe
2776	Unicorn-2799.exe
2748	Unicorn-35664.exe
1896	Unicorn-15798.exe
1048	Unicorn-915.exe
2000	Unicorn-20781.exe
1832	Unicorn-36240.exe
2120	Unicorn-44930.exe
1308	Unicorn-8235.exe
1972	Unicorn-25605.exe
1376	Unicorn-25605.exe
2248	Unicorn-10721.exe
2044	Unicorn-57270.exe
1280	Unicorn-43394.exe
1232	Unicorn-10913.exe
2848	Unicorn-24981.exe
544	Unicorn-15329.exe
840	Unicorn-61878.exe
1800	Unicorn-48002.exe
2368	Unicorn-33996.exe
3048	Unicorn-61769.exe
2696	Unicorn-1707.exe
2660	Unicorn-47343.exe
2596	Unicorn-31692.exe
2476	Unicorn-12402.exe

Loads dropped DLL 64 IoCs

Processes:

a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exeUnicorn-56330.exeUnicorn-43990.exeUnicorn-30991.exeWerFault.exeUnicorn-45083.exeUnicorn-40676.exeWerFault.exeWerFault.exeUnicorn-42561.exeUnicorn-3407.exeUnicorn-49655.exeUnicorn-21197.exeUnicorn-1331.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe
2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe
2928	Unicorn-56330.exe
2928	Unicorn-56330.exe
2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe
2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe
2676	Unicorn-43990.exe
2676	Unicorn-43990.exe
2988	Unicorn-30991.exe
2988	Unicorn-30991.exe
2928	Unicorn-56330.exe
2928	Unicorn-56330.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2920	Unicorn-45083.exe
2920	Unicorn-45083.exe
2988	Unicorn-30991.exe
2988	Unicorn-30991.exe
2524	Unicorn-40676.exe
2524	Unicorn-40676.exe
2676	Unicorn-43990.exe
2676	Unicorn-43990.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2372	WerFault.exe
2348	WerFault.exe
2724	Unicorn-42561.exe
308	Unicorn-3407.exe
2724	Unicorn-42561.exe
308	Unicorn-3407.exe
2920	Unicorn-45083.exe
2920	Unicorn-45083.exe
2780	Unicorn-49655.exe
2780	Unicorn-49655.exe
1052	Unicorn-21197.exe
1052	Unicorn-21197.exe
2524	Unicorn-40676.exe
2524	Unicorn-40676.exe
2032	Unicorn-1331.exe
2032	Unicorn-1331.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
784	WerFault.exe
784	WerFault.exe
784	WerFault.exe
784	WerFault.exe
784	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2816	2320	WerFault.exe	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe
2900	2928	WerFault.exe	Unicorn-56330.exe
2372	2676	WerFault.exe	Unicorn-43990.exe
2348	2988	WerFault.exe	Unicorn-30991.exe
1104	2920	WerFault.exe	Unicorn-45083.exe
2152	2724	WerFault.exe	Unicorn-42561.exe
784	2524	WerFault.exe	Unicorn-40676.exe
1124	2780	WerFault.exe	Unicorn-49655.exe
2856	1052	WerFault.exe	Unicorn-21197.exe
1084	2032	WerFault.exe	Unicorn-1331.exe
2084	2328	WerFault.exe	Unicorn-33395.exe
2056	1640	WerFault.exe	Unicorn-43247.exe
1768	2276	WerFault.exe	Unicorn-54793.exe
2228	2444	WerFault.exe	Unicorn-11150.exe
2388	2220	WerFault.exe	Unicorn-56054.exe
336	3040	WerFault.exe	Unicorn-56137.exe
612	1160	WerFault.exe	Unicorn-10465.exe
1080	2944	WerFault.exe	Unicorn-65132.exe
1672	2428	WerFault.exe	Unicorn-32455.exe
2404	696	WerFault.exe	Unicorn-37246.exe
1340	692	WerFault.exe	Unicorn-2243.exe
1636	1096	WerFault.exe	Unicorn-28606.exe
3008	2096	WerFault.exe	Unicorn-8740.exe
2072	1352	WerFault.exe	Unicorn-28798.exe
2916	848	WerFault.exe	Unicorn-11776.exe
2604	1712	WerFault.exe	Unicorn-61662.exe
2684	896	WerFault.exe	Unicorn-11776.exe
2680	2088	WerFault.exe	Unicorn-57256.exe
2732	2108	WerFault.exe	Unicorn-41796.exe
2208	2232	WerFault.exe	Unicorn-52275.exe
2028	2940	WerFault.exe	Unicorn-37008.exe
1996	1864	WerFault.exe	Unicorn-19411.exe
1528	2740	WerFault.exe	Unicorn-65082.exe
2552	2192	WerFault.exe	Unicorn-50199.exe
1624	2572	WerFault.exe	Unicorn-37776.exe
2600	2612	WerFault.exe	Unicorn-53043.exe
3188	2652	WerFault.exe	Unicorn-17910.exe
3216	2584	WerFault.exe	Unicorn-35472.exe
3240	2456	WerFault.exe	Unicorn-32819.exe
3272	1048	WerFault.exe	Unicorn-915.exe
3264	2752	WerFault.exe	Unicorn-53261.exe
3296	2748	WerFault.exe	Unicorn-35664.exe
3312	1896	WerFault.exe	Unicorn-15798.exe
3340	1832	WerFault.exe	Unicorn-36240.exe
3360	2000	WerFault.exe	Unicorn-20781.exe
3996	2828	WerFault.exe	Unicorn-43823.exe
3088	2120	WerFault.exe	Unicorn-44930.exe
3184	1308	WerFault.exe	Unicorn-8235.exe
3620	2248	WerFault.exe	Unicorn-10721.exe
3652	1376	WerFault.exe	Unicorn-25605.exe
3840	2660	WerFault.exe	Unicorn-47343.exe
3892	544	WerFault.exe	Unicorn-15329.exe
3868	2044	WerFault.exe	Unicorn-57270.exe
3920	2596	WerFault.exe	Unicorn-31692.exe
4024	2528	WerFault.exe	Unicorn-45075.exe
4044	1280	WerFault.exe	Unicorn-43394.exe
3136	2776	WerFault.exe	Unicorn-2799.exe
3732	1284	WerFault.exe	Unicorn-15246.exe
3756	1232	WerFault.exe	Unicorn-10913.exe
1972	2532	WerFault.exe	Unicorn-32268.exe
3828	1148	WerFault.exe	Unicorn-12594.exe
4108	308	WerFault.exe	Unicorn-2019.exe
4152	2476	WerFault.exe	Unicorn-12402.exe
4164	2368	WerFault.exe	Unicorn-33996.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exeUnicorn-56330.exeUnicorn-30991.exeUnicorn-43990.exeUnicorn-45083.exeUnicorn-42561.exeUnicorn-40676.exeUnicorn-3407.exeUnicorn-49655.exeUnicorn-21197.exeUnicorn-1331.exeUnicorn-56054.exeUnicorn-43247.exeUnicorn-54793.exeUnicorn-11150.exeUnicorn-43823.exeUnicorn-56137.exeUnicorn-10465.exeUnicorn-37246.exeUnicorn-32455.exeUnicorn-2243.exeUnicorn-28798.exeUnicorn-28606.exeUnicorn-8740.exeUnicorn-11776.exeUnicorn-11776.exeUnicorn-57256.exeUnicorn-41796.exeUnicorn-61662.exeUnicorn-52275.exeUnicorn-37008.exeUnicorn-65082.exeUnicorn-50199.exeUnicorn-19411.exeUnicorn-53043.exeUnicorn-17910.exeUnicorn-37776.exeUnicorn-35472.exeUnicorn-32819.exeUnicorn-2799.exeUnicorn-33395.exeUnicorn-53261.exeUnicorn-35664.exeUnicorn-15798.exeUnicorn-915.exeUnicorn-20781.exeUnicorn-36240.exeUnicorn-44930.exeUnicorn-8235.exeUnicorn-25605.exeUnicorn-25605.exeUnicorn-10721.exeUnicorn-57270.exeUnicorn-43394.exeUnicorn-10913.exeUnicorn-24981.exeUnicorn-15329.exeUnicorn-61878.exeUnicorn-48002.exeUnicorn-33996.exeUnicorn-61769.exeUnicorn-1707.exeUnicorn-47343.exeUnicorn-31692.exe

pid	process
2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe
2928	Unicorn-56330.exe
2988	Unicorn-30991.exe
2676	Unicorn-43990.exe
2920	Unicorn-45083.exe
2724	Unicorn-42561.exe
2524	Unicorn-40676.exe
308	Unicorn-3407.exe
2780	Unicorn-49655.exe
1052	Unicorn-21197.exe
2032	Unicorn-1331.exe
2220	Unicorn-56054.exe
1640	Unicorn-43247.exe
2276	Unicorn-54793.exe
2444	Unicorn-11150.exe
2828	Unicorn-43823.exe
3040	Unicorn-56137.exe
1160	Unicorn-10465.exe
696	Unicorn-37246.exe
2428	Unicorn-32455.exe
692	Unicorn-2243.exe
1352	Unicorn-28798.exe
1096	Unicorn-28606.exe
2096	Unicorn-8740.exe
896	Unicorn-11776.exe
848	Unicorn-11776.exe
2088	Unicorn-57256.exe
2108	Unicorn-41796.exe
1712	Unicorn-61662.exe
2232	Unicorn-52275.exe
2940	Unicorn-37008.exe
2740	Unicorn-65082.exe
2192	Unicorn-50199.exe
1864	Unicorn-19411.exe
2612	Unicorn-53043.exe
2652	Unicorn-17910.exe
2572	Unicorn-37776.exe
2584	Unicorn-35472.exe
2456	Unicorn-32819.exe
2776	Unicorn-2799.exe
2328	Unicorn-33395.exe
2752	Unicorn-53261.exe
2748	Unicorn-35664.exe
1896	Unicorn-15798.exe
1048	Unicorn-915.exe
2000	Unicorn-20781.exe
1832	Unicorn-36240.exe
2120	Unicorn-44930.exe
1308	Unicorn-8235.exe
1972	Unicorn-25605.exe
1376	Unicorn-25605.exe
2248	Unicorn-10721.exe
2044	Unicorn-57270.exe
1280	Unicorn-43394.exe
1232	Unicorn-10913.exe
2848	Unicorn-24981.exe
544	Unicorn-15329.exe
840	Unicorn-61878.exe
1800	Unicorn-48002.exe
2368	Unicorn-33996.exe
3048	Unicorn-61769.exe
2696	Unicorn-1707.exe
2660	Unicorn-47343.exe
2596	Unicorn-31692.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exeUnicorn-56330.exeUnicorn-43990.exeUnicorn-30991.exeUnicorn-45083.exeUnicorn-40676.exeUnicorn-42561.exeUnicorn-3407.exe

description	pid	process	target process
PID 2320 wrote to memory of 2928	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	Unicorn-56330.exe
PID 2320 wrote to memory of 2928	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	Unicorn-56330.exe
PID 2320 wrote to memory of 2928	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	Unicorn-56330.exe
PID 2320 wrote to memory of 2928	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	Unicorn-56330.exe
PID 2928 wrote to memory of 2988	2928	Unicorn-56330.exe	Unicorn-30991.exe
PID 2928 wrote to memory of 2988	2928	Unicorn-56330.exe	Unicorn-30991.exe
PID 2928 wrote to memory of 2988	2928	Unicorn-56330.exe	Unicorn-30991.exe
PID 2928 wrote to memory of 2988	2928	Unicorn-56330.exe	Unicorn-30991.exe
PID 2320 wrote to memory of 2676	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	Unicorn-43990.exe
PID 2320 wrote to memory of 2676	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	Unicorn-43990.exe
PID 2320 wrote to memory of 2676	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	Unicorn-43990.exe
PID 2320 wrote to memory of 2676	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	Unicorn-43990.exe
PID 2320 wrote to memory of 2816	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	WerFault.exe
PID 2320 wrote to memory of 2816	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	WerFault.exe
PID 2320 wrote to memory of 2816	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	WerFault.exe
PID 2320 wrote to memory of 2816	2320	a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe	WerFault.exe
PID 2676 wrote to memory of 2724	2676	Unicorn-43990.exe	Unicorn-42561.exe
PID 2676 wrote to memory of 2724	2676	Unicorn-43990.exe	Unicorn-42561.exe
PID 2676 wrote to memory of 2724	2676	Unicorn-43990.exe	Unicorn-42561.exe
PID 2676 wrote to memory of 2724	2676	Unicorn-43990.exe	Unicorn-42561.exe
PID 2988 wrote to memory of 2920	2988	Unicorn-30991.exe	Unicorn-45083.exe
PID 2988 wrote to memory of 2920	2988	Unicorn-30991.exe	Unicorn-45083.exe
PID 2988 wrote to memory of 2920	2988	Unicorn-30991.exe	Unicorn-45083.exe
PID 2988 wrote to memory of 2920	2988	Unicorn-30991.exe	Unicorn-45083.exe
PID 2928 wrote to memory of 2524	2928	Unicorn-56330.exe	Unicorn-40676.exe
PID 2928 wrote to memory of 2524	2928	Unicorn-56330.exe	Unicorn-40676.exe
PID 2928 wrote to memory of 2524	2928	Unicorn-56330.exe	Unicorn-40676.exe
PID 2928 wrote to memory of 2524	2928	Unicorn-56330.exe	Unicorn-40676.exe
PID 2928 wrote to memory of 2900	2928	Unicorn-56330.exe	WerFault.exe
PID 2928 wrote to memory of 2900	2928	Unicorn-56330.exe	WerFault.exe
PID 2928 wrote to memory of 2900	2928	Unicorn-56330.exe	WerFault.exe
PID 2928 wrote to memory of 2900	2928	Unicorn-56330.exe	WerFault.exe
PID 2920 wrote to memory of 308	2920	Unicorn-45083.exe	Unicorn-3407.exe
PID 2920 wrote to memory of 308	2920	Unicorn-45083.exe	Unicorn-3407.exe
PID 2920 wrote to memory of 308	2920	Unicorn-45083.exe	Unicorn-3407.exe
PID 2920 wrote to memory of 308	2920	Unicorn-45083.exe	Unicorn-3407.exe
PID 2988 wrote to memory of 2780	2988	Unicorn-30991.exe	Unicorn-49655.exe
PID 2988 wrote to memory of 2780	2988	Unicorn-30991.exe	Unicorn-49655.exe
PID 2988 wrote to memory of 2780	2988	Unicorn-30991.exe	Unicorn-49655.exe
PID 2988 wrote to memory of 2780	2988	Unicorn-30991.exe	Unicorn-49655.exe
PID 2524 wrote to memory of 1052	2524	Unicorn-40676.exe	Unicorn-21197.exe
PID 2524 wrote to memory of 1052	2524	Unicorn-40676.exe	Unicorn-21197.exe
PID 2524 wrote to memory of 1052	2524	Unicorn-40676.exe	Unicorn-21197.exe
PID 2524 wrote to memory of 1052	2524	Unicorn-40676.exe	Unicorn-21197.exe
PID 2676 wrote to memory of 2032	2676	Unicorn-43990.exe	Unicorn-1331.exe
PID 2676 wrote to memory of 2032	2676	Unicorn-43990.exe	Unicorn-1331.exe
PID 2676 wrote to memory of 2032	2676	Unicorn-43990.exe	Unicorn-1331.exe
PID 2676 wrote to memory of 2032	2676	Unicorn-43990.exe	Unicorn-1331.exe
PID 2676 wrote to memory of 2372	2676	Unicorn-43990.exe	WerFault.exe
PID 2676 wrote to memory of 2372	2676	Unicorn-43990.exe	WerFault.exe
PID 2676 wrote to memory of 2372	2676	Unicorn-43990.exe	WerFault.exe
PID 2676 wrote to memory of 2372	2676	Unicorn-43990.exe	WerFault.exe
PID 2988 wrote to memory of 2348	2988	Unicorn-30991.exe	WerFault.exe
PID 2988 wrote to memory of 2348	2988	Unicorn-30991.exe	WerFault.exe
PID 2988 wrote to memory of 2348	2988	Unicorn-30991.exe	WerFault.exe
PID 2988 wrote to memory of 2348	2988	Unicorn-30991.exe	WerFault.exe
PID 2724 wrote to memory of 2220	2724	Unicorn-42561.exe	Unicorn-56054.exe
PID 2724 wrote to memory of 2220	2724	Unicorn-42561.exe	Unicorn-56054.exe
PID 2724 wrote to memory of 2220	2724	Unicorn-42561.exe	Unicorn-56054.exe
PID 2724 wrote to memory of 2220	2724	Unicorn-42561.exe	Unicorn-56054.exe
PID 308 wrote to memory of 1640	308	Unicorn-3407.exe	Unicorn-43247.exe
PID 308 wrote to memory of 1640	308	Unicorn-3407.exe	Unicorn-43247.exe
PID 308 wrote to memory of 1640	308	Unicorn-3407.exe	Unicorn-43247.exe
PID 308 wrote to memory of 1640	308	Unicorn-3407.exe	Unicorn-43247.exe

C:\Users\Admin\AppData\Local\Temp\a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe
"C:\Users\Admin\AppData\Local\Temp\a777ce539d72f3f5f98a26104be3da6d45559f8d38fc5efc5fd0871c1059840c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
10⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
11⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
12⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
13⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
14⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
14⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
13⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
12⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
11⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
12⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
12⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
11⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe
10⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
11⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
12⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
12⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
11⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
9⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
10⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
11⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
12⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 220
12⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
11⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
10⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
11⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
12⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
11⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
10⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 220
9⤵
- Program crash
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
9⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
10⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
11⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-45217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45217.exe
12⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
11⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
10⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
11⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
12⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
12⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 236
11⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
9⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
11⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
11⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
10⤵
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 220
9⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
8⤵
- Program crash
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-65082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65082.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-40068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40068.exe
9⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
10⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
11⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
12⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
12⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
11⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
10⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-6135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6135.exe
11⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
11⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-54801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54801.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
11⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
11⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
10⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
9⤵
- Program crash
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
8⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
11⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 220
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-6135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6135.exe
10⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
9⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
8⤵
- Program crash
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
7⤵
- Program crash
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
9⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-58745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58745.exe
10⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
11⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
12⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 240
13⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
12⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
11⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
10⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
11⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 240
12⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
11⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
10⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
9⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
10⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
11⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
12⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
12⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
11⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 216
10⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
9⤵
- Program crash
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
8⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
9⤵
PID:360

C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
10⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
11⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
11⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 360 -s 236
10⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
10⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
8⤵
- Program crash
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
8⤵
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
9⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
10⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
11⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 240
12⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
11⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
10⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 236
9⤵
- Program crash
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
10⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
11⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 236
11⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
10⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
9⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
8⤵
- Program crash
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
7⤵
- Program crash
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-54793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54793.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
10⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-7445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7445.exe
11⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
12⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
12⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
11⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
10⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
9⤵
- Program crash
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-37991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37991.exe
8⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
10⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
11⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
12⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
12⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
11⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
10⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
9⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
8⤵
- Program crash
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 236
7⤵
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-40094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40094.exe
8⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
10⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
11⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
11⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
10⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 240
11⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
9⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-58750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58750.exe
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
10⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
8⤵
- Program crash
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
9⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
10⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
10⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
8⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
9⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
9⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
8⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
7⤵
- Program crash
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
6⤵
- Program crash
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-33996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33996.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
9⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-27534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27534.exe
10⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
11⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
12⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
12⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
11⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
10⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
11⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
11⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
10⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
10⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
11⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
11⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
9⤵
- Program crash
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-35355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35355.exe
8⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
9⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
10⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 220
11⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
10⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 216
9⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
8⤵
- Program crash
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
8⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
10⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
11⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
11⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
10⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
9⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
10⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
10⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
8⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
7⤵
- Program crash
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
8⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
11⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
11⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
9⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
9⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
10⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 208
11⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
10⤵
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
8⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
7⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
10⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
8⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
7⤵
- Program crash
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
6⤵
- Program crash
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
8⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
10⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
11⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
11⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
9⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
10⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
10⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
8⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-3015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3015.exe
7⤵
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe
10⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
10⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 216
8⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
7⤵
- Program crash
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
7⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
9⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
8⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
7⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
8⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
9⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
9⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
8⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
7⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
6⤵
- Program crash
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
5⤵
- Program crash
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
10⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
11⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
11⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
9⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
8⤵
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
10⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 208
11⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 236
9⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
8⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
7⤵
- Executes dropped EXE
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
8⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
10⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
11⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 220
12⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
11⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-56978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56978.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
10⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 220
8⤵
- Program crash
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
7⤵
- Program crash
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 200
7⤵
- Program crash
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
6⤵
- Program crash
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
7⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
8⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
9⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
11⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
10⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
9⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
10⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
10⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
8⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
7⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
8⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
7⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
6⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
7⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
10⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
9⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
8⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
7⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-20512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20512.exe
8⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
9⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
9⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
8⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
7⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
6⤵
- Program crash
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
5⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
8⤵
PID:672

C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-56558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56558.exe
11⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
10⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 216
9⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
10⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
10⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 220
8⤵
- Program crash
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
7⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
9⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
9⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
8⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
7⤵
- Program crash
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
6⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
7⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
9⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
8⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
7⤵
- Program crash
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
6⤵
- Program crash
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
7⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
9⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
10⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
10⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
9⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
8⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
7⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
6⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
8⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
9⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
9⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
8⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
7⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
6⤵
- Program crash
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
5⤵
- Program crash
PID:336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-53043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53043.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
10⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
11⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
11⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
9⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 216
8⤵
- Program crash
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
7⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
9⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
10⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
10⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
9⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
8⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
7⤵
- Program crash
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
7⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
10⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
9⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
8⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
7⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
8⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
9⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
9⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
8⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
7⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
6⤵
- Program crash
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
7⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
10⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
10⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
9⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
8⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
7⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
8⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
9⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
9⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
8⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
7⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
6⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
7⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
8⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
9⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
9⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
8⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-34913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34913.exe
7⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-59104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59104.exe
8⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 220
8⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
7⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
6⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
5⤵
- Program crash
PID:2388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-61662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61662.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe
7⤵
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 200
8⤵
- Program crash
PID:1080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
7⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
6⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
7⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
9⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
10⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
10⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
9⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
8⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
7⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
8⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
9⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
9⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
8⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
7⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
6⤵
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
6⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
7⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
9⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
11⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
11⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 236
10⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
8⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
9⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
9⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
8⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-56978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56978.exe
7⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
9⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
9⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
8⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 220
7⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
6⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-20980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20980.exe
7⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
8⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
9⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 236
9⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
8⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
7⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
6⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
5⤵
- Program crash
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
6⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
7⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
9⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 220
10⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
9⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
8⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
7⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-64538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64538.exe
8⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
9⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
9⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
8⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 220
7⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
6⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
8⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-16711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16711.exe
9⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
8⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
7⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
6⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
5⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
6⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
9⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
9⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
8⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
7⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
6⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
7⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
8⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
8⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
7⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
6⤵
- Program crash
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
5⤵
- Program crash
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
4⤵
- Program crash
PID:1084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
2⤵
- Program crash
PID:2816

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
Filesize
184KB

MD5
9e9185c8a4be6118a0abae95930973bd

SHA1
1bf3d1f6ddadaa16c61855d21179474a939c21ce

SHA256
dc54e5c0c24242bb128e2242a449a3a0c769dbb75b78ac15b3527413adf02072

SHA512
c6e386bc4778d146cc682df6ba149f69972befb24a641a36771b54af6b3763bebd1ff40e17559e12eda9ff4b3dd0d81ed11757381aad136fc7a6102c6f3b8f91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
Filesize
184KB

MD5
15b1c09c81f458a837eb1da23ae1d80e

SHA1
60cfe9eeb417ae0afa2940a32b008c10546b4620

SHA256
91efae0e2dcf9ad424aa3afac6deb0cc360ced5a3e13b6ce4a78cda4a787917f

SHA512
4d6382b11ccd066a9d4278c4d7cc0a807976e80651f9d963c197dae643d1d8905a1b1b49e31d5bfd35fa2791e2423c641b4b1c2fffb9f4577bdf4578f5dd7cad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
Filesize
184KB

MD5
0bcf046fe94e372bc1c09150f928d4f3

SHA1
94a6e0d8901b58fd85cfda00c0f9f7e5204b1584

SHA256
50d15d381cf8041b73e6e505fc977002a5b214ac092171a89fe4b98ff734f698

SHA512
c47d19f308fb74a34e496cfce755f634d32dc158c867a046e72647af15c512470020ec7afa38ef222107bbab01bd24e6e80dff730d2ed5806b4d2b40d1ac12fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
Filesize
184KB

MD5
d4581d09aad05e59f6f8050038812234

SHA1
2291d6a3140e99332e4d38714417f98e5bd273e3

SHA256
63cadec7971a4caa4e449833b232557c57af3dba98662a02aaea7abb040056ea

SHA512
69cfc979ebe547305a73871299866b1d779a37f72f8cd64375d4cd039631a210d00b58e5fb6f8b960489d974aacc53fcaca436a304a25791f8c4b2fed851e09c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
Filesize
184KB

MD5
9387b679f2f7af3f58d4cbe89f160b87

SHA1
44533e9d9c2f247207a63a129d7c68164474b557

SHA256
8186dd46a9d131fbd1bd1d21dca41cbf04b1eb63f45fa415a9292b9c220dc0c4

SHA512
823a423f32baa0e71792085b0e9cb3642c66927b573d25df2a6df4effd75aa7bc214fae5c2c2d215c67e4a0124d315f3c2ec5255602ae987bb6c54ce3d84f485

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
Filesize
184KB

MD5
6b555c76a41c1d98236199acba8328c4

SHA1
779a2da524174a3bff2124e83348a19d3d3e8a74

SHA256
2ef2138c0a58b4e72c4e4f01338ed68edb8857a26887d74b7f81fb47228b9774

SHA512
3e98f0f05372bd52a1f6437df837bf2d050b2ed5f652e3d2f7fbcf52bcf317c8d4ebef666d19b4665b4533ba605a8140d0cacbd494f021bfac07744c6facad98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
Filesize
184KB

MD5
3cf38869dfc4524b8f81471c2188b47d

SHA1
f33e52f9c6cd2144014d654e5fd7e87ba85536e0

SHA256
48475dd5f733dbfe9053db903baa89306f653f16ccf52cd9412a8039d750e3c4

SHA512
2437187a828e7d649e7106b186978a5134fd3f185bcca67852222ab559aac8b4b55f00215426d41fb1bd1984a9d2e4e4d453b4191464ce83f4ec29d613204b23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
Filesize
184KB

MD5
524945b9384885b7f16e705e0cd20185

SHA1
06478a1adc28326d4c555bef5de5d9dfa60fc639

SHA256
344dd948f2436acb475697db712c43c9a065f11890c25906283bfad457866c79

SHA512
9cf5c219cdbc1d375af3561e74c7bb19254906104b6c5243271a35ca1b2818e4ed8fa4fea7dfbfdbe88b33e242c1291f85e5d2cd31f7eb901adb9439c52d3cf3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
Filesize
184KB

MD5
316e229f4355f78001bc08cda8b992f0

SHA1
fedc7e8e2ec4b58b8eff033642c594848bb35b2c

SHA256
ec226be6b1e31fc18884849fa7f1f22abe0a7fe084c845324278b64909cf4ae2

SHA512
dd103059d58b53487e44da12ac4c91724e37bc13ae1e8c2783128987c94617386b183681efc57fbdb6f059888aa137ff891dd72febe51cb7dd7f83fb889e88c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
Filesize
184KB

MD5
de5e9e353e4d9b7f2bb69b383ab7fcd5

SHA1
33872d908746784f06c549a9c5d965e44823c5ce

SHA256
be9923208dd31f960cbf01ac5da317c28ea0eb7f6eb557b920713ae280926067

SHA512
3741a60322f920bef245db6234e28a449867f467d2ad678317610e92f05da1bd20430a995c51015f4dc6fe6e45e02825cf9181e1fff26d502e04df70b2130712

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
Filesize
184KB

MD5
b4bb07528d092aa3cf969fc238b0d7d9

SHA1
f119f953f067832cac85bfaaed985779595d44de

SHA256
36a5f2af6cc88fd42f447e450d3e38f12680a6c1cfcb502951e930314f4852c7

SHA512
634081be6a2eebbf848ac13886dd02a7bf1e7f03be05cb78c63628cf685707b07139f75cc702bbcecb83d63bc6631149fa4956a1d7b8a6080caa656aa2f8839d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
Filesize
184KB

MD5
bcbf3768f524ef5770460df0cfd4606f

SHA1
8c439f48a01a49e80206f764bafb62e52d5b4e2c

SHA256
793254196dd03b301ab34d59aa1c47928e1bd7cf2dd94d721fe6a9f2766b03b2

SHA512
a4edf52f4921f9f4f74836d357fe5c20c0d68477fd4f4a7c812a5c0fc434039b6f9d0c0463ac037099bb3e4b65a5d719efa9d879793a7d46ded0daa15cb4c6b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
Filesize
184KB

MD5
7b7e4386df51e593300f7d42eda6cd7b

SHA1
292dcaaec1cc99d2267d8f21dca0b2f021dcd865

SHA256
44994a818ad5ce8ad2f37a7ea92b549396301ee017f77c941f57c85c7063f540

SHA512
6cf07b7eb3f72a5c1e91c180d9965b4febce74c278b37014b77e1d21ee26452e8ab9a15ee9f7934825d02b6f9f05a1a822a2f050c5b6f16b4970cccd4a9a3270

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
Filesize
184KB

MD5
f7e394ffdc4cd0770b8fb3338198c789

SHA1
a29bc4ffb8fbc7f077972bfda2971cd8fc313801

SHA256
e0a0b98830f7fc7247379849ca48a0190d87a82a833f8518eb959a07713f4ce4

SHA512
86ef4b397e12b309e5673a27833c28c9f8b876b71d297f9f529ae502465017412eebcf7541f72a745edb13cc7fa41318b03fda7d49db569c6e04b4b1d2186634

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
Filesize
184KB

MD5
99e7e63cefdd4ccf0e1494ae2bcaa80f

SHA1
376feb302ecb350d369de5ee3d8f04e7d3ae1249

SHA256
9d11b146a4ead03bb710deaddb4a543f7e318926231f1e2fc300610376e5b609

SHA512
572f05fef4f6edab3f31a519b20cb44edbf53fedac04f88c5ff681d62e3e1138578688e7447596fcbb567761ac48084ddd84d7f28910acb0f2851279a899284b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54793.exe
Filesize
184KB

MD5
07b92b59c2b7068b51b06788d0a33600

SHA1
5eee3878b1600237d2c068b4512c05bc63bbe7ff

SHA256
8026a423c3a289774457a361eea71ef1350d0ac4c760caf79b9f3473a35e7283

SHA512
e2ebe36725a2437ed01667621031b864128b299e73351c6f0f8df73583d1e090ec324e82cb1db041a3fbb6b9371ed4706328e6e728e5761146ecc07c9ffd0788

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
Filesize
184KB

MD5
246eb14c7b798df51190b8d2c32efafa

SHA1
d84eaff64c8ceebf776bed280d8fda621b24fc87

SHA256
8e1c9cf15368b55c589efd2076d1e8175428e478c998691be346a0604521329d

SHA512
861406e321917579a2042374fdc79291a58f415266a093eeab1140865e91f78e76638ba1620f3bfd3277d57d0259cfa551acfe6242ca8c7f3c0df6e7121e8ada

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
Filesize
184KB

MD5
57ee5dbe2a9ec216c66db08730323253

SHA1
e149ade81c10b8bf1c301966a185cbe58cdabe2b

SHA256
936c7ecf90dd28772d45d936e28a06bae18e15e2986809c0c0ae0fa8b16ea260

SHA512
842855d84a6f3720447887a07ee84c882260804cbecb20f048542bb0f84deb4f374aa45c713761933a3eedc79b09c189fa135826a0d4d40c7d9d7c7243e19839

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads