2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe
Size

184KB
MD5

43653f1497435d0219367236416cdd91
SHA1

4a5288911ff816d348cf7da2e7c8e494067fc70f
SHA256

2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c
SHA512

cf8099a48f18da891441f166348b73bdbdfe977a2a97f25c1d1bb483022a8a736a9ea59361e5730378899226191bba536625f79074bfc5863ff73cc2b592fb55
SSDEEP

3072:8Ia3XxoTb1OTHGnWeAOLRnsjhlnViFzn3:8IAo0jGnhL5sjhlnViFz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-44934.exeUnicorn-42556.exeUnicorn-27612.exeUnicorn-43995.exeUnicorn-54856.exeUnicorn-9184.exeUnicorn-50300.exeUnicorn-54939.exeUnicorn-1099.exeUnicorn-45401.exeUnicorn-65266.exeUnicorn-52007.exeUnicorn-6335.exeUnicorn-31608.exeUnicorn-7658.exeUnicorn-64280.exeUnicorn-7186.exeUnicorn-19439.exeUnicorn-34383.exeUnicorn-54249.exeUnicorn-28161.exeUnicorn-17301.exeUnicorn-54804.exeUnicorn-39859.exeUnicorn-35858.exeUnicorn-42634.exeUnicorn-29636.exeUnicorn-29636.exeUnicorn-5686.exeUnicorn-60362.exeUnicorn-21468.exeUnicorn-1602.exeUnicorn-56278.exeUnicorn-30190.exeUnicorn-50056.exeUnicorn-36974.exeUnicorn-63616.exeUnicorn-43750.exeUnicorn-4109.exeUnicorn-51727.exeUnicorn-53886.exeUnicorn-29936.exeUnicorn-10907.exeUnicorn-8769.exeUnicorn-31328.exeUnicorn-11462.exeUnicorn-46273.exeUnicorn-7378.exeUnicorn-601.exeUnicorn-62054.exeUnicorn-62054.exeUnicorn-62054.exeUnicorn-31882.exeUnicorn-2246.exeUnicorn-41141.exeUnicorn-47918.exeUnicorn-17191.exeUnicorn-63699.exeUnicorn-45225.exeUnicorn-19137.exeUnicorn-20529.exeUnicorn-23243.exeUnicorn-38187.exeUnicorn-15074.exe

pid	process
2036	Unicorn-44934.exe
1168	Unicorn-42556.exe
3032	Unicorn-27612.exe
2644	Unicorn-43995.exe
2316	Unicorn-54856.exe
240	Unicorn-9184.exe
2740	Unicorn-50300.exe
2760	Unicorn-54939.exe
760	Unicorn-1099.exe
1660	Unicorn-45401.exe
2128	Unicorn-65266.exe
1048	Unicorn-52007.exe
2228	Unicorn-6335.exe
1636	Unicorn-31608.exe
2088	Unicorn-7658.exe
768	Unicorn-64280.exe
1108	Unicorn-7186.exe
3064	Unicorn-19439.exe
2824	Unicorn-34383.exe
1652	Unicorn-54249.exe
1264	Unicorn-28161.exe
948	Unicorn-17301.exe
1880	Unicorn-54804.exe
2104	Unicorn-39859.exe
1664	Unicorn-35858.exe
352	Unicorn-42634.exe
2140	Unicorn-29636.exe
1924	Unicorn-29636.exe
2192	Unicorn-5686.exe
2360	Unicorn-60362.exe
2328	Unicorn-21468.exe
1216	Unicorn-1602.exe
2588	Unicorn-56278.exe
2536	Unicorn-30190.exe
2512	Unicorn-50056.exe
2712	Unicorn-36974.exe
2772	Unicorn-63616.exe
2880	Unicorn-43750.exe
2648	Unicorn-4109.exe
1224	Unicorn-51727.exe
1972	Unicorn-53886.exe
1896	Unicorn-29936.exe
1648	Unicorn-10907.exe
2484	Unicorn-8769.exe
2232	Unicorn-31328.exe
1640	Unicorn-11462.exe
1836	Unicorn-46273.exe
780	Unicorn-7378.exe
676	Unicorn-601.exe
1708	Unicorn-62054.exe
2340	Unicorn-62054.exe
2092	Unicorn-62054.exe
500	Unicorn-31882.exe
692	Unicorn-2246.exe
1696	Unicorn-41141.exe
3024	Unicorn-47918.exe
2352	Unicorn-17191.exe
1512	Unicorn-63699.exe
1580	Unicorn-45225.exe
2816	Unicorn-19137.exe
2728	Unicorn-20529.exe
1860	Unicorn-23243.exe
1776	Unicorn-38187.exe
988	Unicorn-15074.exe

Loads dropped DLL 64 IoCs

Processes:

2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exeUnicorn-44934.exeUnicorn-42556.exeUnicorn-27612.exeWerFault.exeUnicorn-43995.exeUnicorn-54856.exeUnicorn-9184.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-50300.exeUnicorn-54939.exeUnicorn-45401.exeWerFault.exeWerFault.exeUnicorn-52007.exe

pid	process
2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe
2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe
2036	Unicorn-44934.exe
2036	Unicorn-44934.exe
2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe
2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe
1168	Unicorn-42556.exe
1168	Unicorn-42556.exe
2036	Unicorn-44934.exe
2036	Unicorn-44934.exe
3032	Unicorn-27612.exe
3032	Unicorn-27612.exe
1212	WerFault.exe
1212	WerFault.exe
1212	WerFault.exe
1212	WerFault.exe
1212	WerFault.exe
2644	Unicorn-43995.exe
2644	Unicorn-43995.exe
1168	Unicorn-42556.exe
1168	Unicorn-42556.exe
2316	Unicorn-54856.exe
2316	Unicorn-54856.exe
3032	Unicorn-27612.exe
240	Unicorn-9184.exe
3032	Unicorn-27612.exe
240	Unicorn-9184.exe
280	WerFault.exe
280	WerFault.exe
280	WerFault.exe
280	WerFault.exe
280	WerFault.exe
1016	WerFault.exe
1016	WerFault.exe
1016	WerFault.exe
1016	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1016	WerFault.exe
1692	WerFault.exe
2644	Unicorn-43995.exe
2644	Unicorn-43995.exe
2740	Unicorn-50300.exe
2740	Unicorn-50300.exe
2760	Unicorn-54939.exe
2760	Unicorn-54939.exe
2316	Unicorn-54856.exe
2316	Unicorn-54856.exe
1660	Unicorn-45401.exe
1660	Unicorn-45401.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1048	Unicorn-52007.exe
1048	Unicorn-52007.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2516	2012	WerFault.exe	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe
1212	2036	WerFault.exe	Unicorn-44934.exe
280	2128	WerFault.exe	Unicorn-65266.exe
1016	1168	WerFault.exe	Unicorn-42556.exe
1692	3032	WerFault.exe	Unicorn-27612.exe
1412	2644	WerFault.exe	Unicorn-43995.exe
1752	2316	WerFault.exe	Unicorn-54856.exe
1960	1108	WerFault.exe	Unicorn-7186.exe
2236	2740	WerFault.exe	Unicorn-50300.exe
2292	2760	WerFault.exe	Unicorn-54939.exe
960	1660	WerFault.exe	Unicorn-45401.exe
2440	240	WerFault.exe	Unicorn-9184.exe
2496	1636	WerFault.exe	Unicorn-31608.exe
2548	2228	WerFault.exe	Unicorn-6335.exe
2900	2088	WerFault.exe	Unicorn-7658.exe
2280	768	WerFault.exe	Unicorn-64280.exe
1864	3064	WerFault.exe	Unicorn-19439.exe
2028	1880	WerFault.exe	Unicorn-54804.exe
864	2104	WerFault.exe	Unicorn-39859.exe
2000	948	WerFault.exe	Unicorn-17301.exe
1948	1264	WerFault.exe	Unicorn-28161.exe
2908	1652	WerFault.exe	Unicorn-54249.exe
1844	2824	WerFault.exe	Unicorn-34383.exe
2348	1048	WerFault.exe	Unicorn-52007.exe
1596	1664	WerFault.exe	Unicorn-35858.exe
760	352	WerFault.exe	Unicorn-42634.exe
2372	1924	WerFault.exe	Unicorn-29636.exe
2436	2140	WerFault.exe	Unicorn-29636.exe
296	2192	WerFault.exe	Unicorn-5686.exe
344	2360	WerFault.exe	Unicorn-60362.exe
2100	2588	WerFault.exe	Unicorn-56278.exe
2264	2328	WerFault.exe	Unicorn-21468.exe
1424	1216	WerFault.exe	Unicorn-1602.exe
1044	2536	WerFault.exe	Unicorn-30190.exe
1444	2512	WerFault.exe	Unicorn-50056.exe
3268	2712	WerFault.exe	Unicorn-36974.exe
3292	2880	WerFault.exe	Unicorn-43750.exe
3364	2772	WerFault.exe	Unicorn-63616.exe
3412	1224	WerFault.exe	Unicorn-51727.exe
3760	1972	WerFault.exe	Unicorn-53886.exe
3772	1836	WerFault.exe	Unicorn-46273.exe
3784	676	WerFault.exe	Unicorn-601.exe
3796	500	WerFault.exe	Unicorn-31882.exe
4052	2340	WerFault.exe	Unicorn-62054.exe
4072	1896	WerFault.exe	Unicorn-29936.exe
3352	2232	WerFault.exe	Unicorn-31328.exe
3356	1648	WerFault.exe	Unicorn-10907.exe
3484	2484	WerFault.exe	Unicorn-8769.exe
3588	1708	WerFault.exe	Unicorn-62054.exe
3152	780	WerFault.exe	Unicorn-7378.exe
3172	2648	WerFault.exe	Unicorn-4109.exe
3528	1640	WerFault.exe	Unicorn-11462.exe
3688	988	WerFault.exe	Unicorn-15074.exe
3840	1892	WerFault.exe	Unicorn-64659.exe
3852	2472	WerFault.exe	Unicorn-46356.exe
3896	1680	WerFault.exe	Unicorn-57046.exe
4020	1792	WerFault.exe	Unicorn-14067.exe
3148	3028	WerFault.exe	Unicorn-42101.exe
3304	1532	WerFault.exe	Unicorn-58437.exe
3632	488	WerFault.exe	Unicorn-16829.exe
3620	2848	WerFault.exe	Unicorn-58437.exe
3748	1548	WerFault.exe	Unicorn-15458.exe
4228	1900	WerFault.exe	Unicorn-35495.exe
4256	2816	WerFault.exe	Unicorn-19137.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exeUnicorn-44934.exeUnicorn-42556.exeUnicorn-27612.exeUnicorn-43995.exeUnicorn-54856.exeUnicorn-9184.exeUnicorn-50300.exeUnicorn-54939.exeUnicorn-65266.exeUnicorn-45401.exeUnicorn-52007.exeUnicorn-6335.exeUnicorn-31608.exeUnicorn-7658.exeUnicorn-64280.exeUnicorn-19439.exeUnicorn-28161.exeUnicorn-17301.exeUnicorn-34383.exeUnicorn-54249.exeUnicorn-54804.exeUnicorn-39859.exeUnicorn-35858.exeUnicorn-42634.exeUnicorn-29636.exeUnicorn-29636.exeUnicorn-5686.exeUnicorn-60362.exeUnicorn-1602.exeUnicorn-30190.exeUnicorn-21468.exeUnicorn-56278.exeUnicorn-50056.exeUnicorn-36974.exeUnicorn-63616.exeUnicorn-43750.exeUnicorn-4109.exeUnicorn-51727.exeUnicorn-53886.exeUnicorn-29936.exeUnicorn-10907.exeUnicorn-8769.exeUnicorn-31328.exeUnicorn-11462.exeUnicorn-46273.exeUnicorn-7378.exeUnicorn-601.exeUnicorn-62054.exeUnicorn-62054.exeUnicorn-62054.exeUnicorn-31882.exeUnicorn-2246.exeUnicorn-41141.exeUnicorn-47918.exeUnicorn-17191.exeUnicorn-63699.exeUnicorn-45225.exeUnicorn-19137.exeUnicorn-20529.exeUnicorn-23243.exeUnicorn-38187.exeUnicorn-15074.exeUnicorn-35495.exe

pid	process
2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe
2036	Unicorn-44934.exe
1168	Unicorn-42556.exe
3032	Unicorn-27612.exe
2644	Unicorn-43995.exe
2316	Unicorn-54856.exe
240	Unicorn-9184.exe
2740	Unicorn-50300.exe
2760	Unicorn-54939.exe
2128	Unicorn-65266.exe
1660	Unicorn-45401.exe
1048	Unicorn-52007.exe
2228	Unicorn-6335.exe
1636	Unicorn-31608.exe
2088	Unicorn-7658.exe
768	Unicorn-64280.exe
3064	Unicorn-19439.exe
1264	Unicorn-28161.exe
948	Unicorn-17301.exe
2824	Unicorn-34383.exe
1652	Unicorn-54249.exe
1880	Unicorn-54804.exe
2104	Unicorn-39859.exe
1664	Unicorn-35858.exe
352	Unicorn-42634.exe
2140	Unicorn-29636.exe
1924	Unicorn-29636.exe
2192	Unicorn-5686.exe
2360	Unicorn-60362.exe
1216	Unicorn-1602.exe
2536	Unicorn-30190.exe
2328	Unicorn-21468.exe
2588	Unicorn-56278.exe
2512	Unicorn-50056.exe
2712	Unicorn-36974.exe
2772	Unicorn-63616.exe
2880	Unicorn-43750.exe
2648	Unicorn-4109.exe
1224	Unicorn-51727.exe
1972	Unicorn-53886.exe
1896	Unicorn-29936.exe
1648	Unicorn-10907.exe
2484	Unicorn-8769.exe
2232	Unicorn-31328.exe
1640	Unicorn-11462.exe
1836	Unicorn-46273.exe
780	Unicorn-7378.exe
676	Unicorn-601.exe
2340	Unicorn-62054.exe
1708	Unicorn-62054.exe
2092	Unicorn-62054.exe
500	Unicorn-31882.exe
692	Unicorn-2246.exe
1696	Unicorn-41141.exe
3024	Unicorn-47918.exe
2352	Unicorn-17191.exe
1512	Unicorn-63699.exe
1580	Unicorn-45225.exe
2816	Unicorn-19137.exe
2728	Unicorn-20529.exe
1860	Unicorn-23243.exe
1776	Unicorn-38187.exe
988	Unicorn-15074.exe
1900	Unicorn-35495.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exeUnicorn-44934.exeUnicorn-42556.exeUnicorn-27612.exeUnicorn-43995.exeUnicorn-54856.exeUnicorn-9184.exeUnicorn-65266.exe

description	pid	process	target process
PID 2012 wrote to memory of 2036	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	Unicorn-44934.exe
PID 2012 wrote to memory of 2036	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	Unicorn-44934.exe
PID 2012 wrote to memory of 2036	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	Unicorn-44934.exe
PID 2012 wrote to memory of 2036	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	Unicorn-44934.exe
PID 2012 wrote to memory of 1168	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	Unicorn-42556.exe
PID 2012 wrote to memory of 1168	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	Unicorn-42556.exe
PID 2012 wrote to memory of 1168	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	Unicorn-42556.exe
PID 2012 wrote to memory of 1168	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	Unicorn-42556.exe
PID 2036 wrote to memory of 3032	2036	Unicorn-44934.exe	Unicorn-27612.exe
PID 2036 wrote to memory of 3032	2036	Unicorn-44934.exe	Unicorn-27612.exe
PID 2036 wrote to memory of 3032	2036	Unicorn-44934.exe	Unicorn-27612.exe
PID 2036 wrote to memory of 3032	2036	Unicorn-44934.exe	Unicorn-27612.exe
PID 2012 wrote to memory of 2516	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	WerFault.exe
PID 2012 wrote to memory of 2516	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	WerFault.exe
PID 2012 wrote to memory of 2516	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	WerFault.exe
PID 2012 wrote to memory of 2516	2012	2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe	WerFault.exe
PID 1168 wrote to memory of 2644	1168	Unicorn-42556.exe	Unicorn-43995.exe
PID 1168 wrote to memory of 2644	1168	Unicorn-42556.exe	Unicorn-43995.exe
PID 1168 wrote to memory of 2644	1168	Unicorn-42556.exe	Unicorn-43995.exe
PID 1168 wrote to memory of 2644	1168	Unicorn-42556.exe	Unicorn-43995.exe
PID 2036 wrote to memory of 2316	2036	Unicorn-44934.exe	Unicorn-54856.exe
PID 2036 wrote to memory of 2316	2036	Unicorn-44934.exe	Unicorn-54856.exe
PID 2036 wrote to memory of 2316	2036	Unicorn-44934.exe	Unicorn-54856.exe
PID 2036 wrote to memory of 2316	2036	Unicorn-44934.exe	Unicorn-54856.exe
PID 3032 wrote to memory of 240	3032	Unicorn-27612.exe	Unicorn-9184.exe
PID 3032 wrote to memory of 240	3032	Unicorn-27612.exe	Unicorn-9184.exe
PID 3032 wrote to memory of 240	3032	Unicorn-27612.exe	Unicorn-9184.exe
PID 3032 wrote to memory of 240	3032	Unicorn-27612.exe	Unicorn-9184.exe
PID 2036 wrote to memory of 1212	2036	Unicorn-44934.exe	WerFault.exe
PID 2036 wrote to memory of 1212	2036	Unicorn-44934.exe	WerFault.exe
PID 2036 wrote to memory of 1212	2036	Unicorn-44934.exe	WerFault.exe
PID 2036 wrote to memory of 1212	2036	Unicorn-44934.exe	WerFault.exe
PID 2644 wrote to memory of 2740	2644	Unicorn-43995.exe	Unicorn-50300.exe
PID 2644 wrote to memory of 2740	2644	Unicorn-43995.exe	Unicorn-50300.exe
PID 2644 wrote to memory of 2740	2644	Unicorn-43995.exe	Unicorn-50300.exe
PID 2644 wrote to memory of 2740	2644	Unicorn-43995.exe	Unicorn-50300.exe
PID 1168 wrote to memory of 2760	1168	Unicorn-42556.exe	Unicorn-54939.exe
PID 1168 wrote to memory of 2760	1168	Unicorn-42556.exe	Unicorn-54939.exe
PID 1168 wrote to memory of 2760	1168	Unicorn-42556.exe	Unicorn-54939.exe
PID 1168 wrote to memory of 2760	1168	Unicorn-42556.exe	Unicorn-54939.exe
PID 2316 wrote to memory of 760	2316	Unicorn-54856.exe	Unicorn-1099.exe
PID 2316 wrote to memory of 760	2316	Unicorn-54856.exe	Unicorn-1099.exe
PID 2316 wrote to memory of 760	2316	Unicorn-54856.exe	Unicorn-1099.exe
PID 2316 wrote to memory of 760	2316	Unicorn-54856.exe	Unicorn-1099.exe
PID 3032 wrote to memory of 1660	3032	Unicorn-27612.exe	Unicorn-45401.exe
PID 3032 wrote to memory of 1660	3032	Unicorn-27612.exe	Unicorn-45401.exe
PID 3032 wrote to memory of 1660	3032	Unicorn-27612.exe	Unicorn-45401.exe
PID 3032 wrote to memory of 1660	3032	Unicorn-27612.exe	Unicorn-45401.exe
PID 240 wrote to memory of 2128	240	Unicorn-9184.exe	Unicorn-65266.exe
PID 240 wrote to memory of 2128	240	Unicorn-9184.exe	Unicorn-65266.exe
PID 240 wrote to memory of 2128	240	Unicorn-9184.exe	Unicorn-65266.exe
PID 240 wrote to memory of 2128	240	Unicorn-9184.exe	Unicorn-65266.exe
PID 2128 wrote to memory of 280	2128	Unicorn-65266.exe	WerFault.exe
PID 2128 wrote to memory of 280	2128	Unicorn-65266.exe	WerFault.exe
PID 2128 wrote to memory of 280	2128	Unicorn-65266.exe	WerFault.exe
PID 2128 wrote to memory of 280	2128	Unicorn-65266.exe	WerFault.exe
PID 1168 wrote to memory of 1016	1168	Unicorn-42556.exe	WerFault.exe
PID 1168 wrote to memory of 1016	1168	Unicorn-42556.exe	WerFault.exe
PID 1168 wrote to memory of 1016	1168	Unicorn-42556.exe	WerFault.exe
PID 1168 wrote to memory of 1016	1168	Unicorn-42556.exe	WerFault.exe
PID 3032 wrote to memory of 1692	3032	Unicorn-27612.exe	WerFault.exe
PID 3032 wrote to memory of 1692	3032	Unicorn-27612.exe	WerFault.exe
PID 3032 wrote to memory of 1692	3032	Unicorn-27612.exe	WerFault.exe
PID 3032 wrote to memory of 1692	3032	Unicorn-27612.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe
"C:\Users\Admin\AppData\Local\Temp\2b8e64d8bc764c742bd907911e57793a169b4d35f73fa1030d0bfa8d6a358f1c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 200
6⤵
- Loads dropped DLL
- Program crash
PID:280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
5⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-39859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39859.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-23243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23243.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
10⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
11⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
12⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
13⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
14⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
15⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
15⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
14⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
13⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
12⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
11⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
10⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-38671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38671.exe
11⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
12⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
13⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
14⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 220
14⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
13⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
12⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
11⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
9⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
10⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
11⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
12⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
13⤵
PID:10916

C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
14⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
14⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
13⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
12⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
11⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
10⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
9⤵
- Program crash
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
9⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
10⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
11⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
12⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
13⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
14⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
14⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
13⤵
PID:1184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
12⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
11⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
10⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-42615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42615.exe
11⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
12⤵
PID:10600

C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
13⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
12⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
11⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
9⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
8⤵
- Program crash
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-15074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15074.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-56382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56382.exe
9⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
10⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
11⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
12⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
13⤵
PID:10628

C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
14⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10628 -s 216
14⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
13⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 220
12⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
11⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
10⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
9⤵
- Program crash
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
8⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
10⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
11⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-26134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26134.exe
12⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
13⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
12⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
11⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
10⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
9⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
8⤵
- Program crash
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
7⤵
- Program crash
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
8⤵
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
9⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
11⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
12⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
13⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
13⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 236
12⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 236
11⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
10⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
9⤵
- Program crash
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
8⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
11⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
12⤵
PID:10412

C:\Users\Admin\AppData\Local\Temp\Unicorn-46806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46806.exe
13⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 220
13⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
12⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
10⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 216
9⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
8⤵
- Program crash
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-46356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46356.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-33824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33824.exe
8⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
10⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
11⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
12⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
13⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
11⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
10⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
9⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
8⤵
- Program crash
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
7⤵
- Program crash
PID:296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
6⤵
- Program crash
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
9⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
10⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
11⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
12⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
13⤵
PID:10036

C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
14⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 216
14⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
13⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
11⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-55770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55770.exe
11⤵
PID:6688

C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
12⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
13⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 236
13⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
12⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
8⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe
10⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
11⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
12⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
13⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
12⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
11⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
10⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
9⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
10⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
11⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
12⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 236
11⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 236
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
9⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
8⤵
- Program crash
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
7⤵
- Program crash
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
8⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
9⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
10⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
11⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
12⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
13⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
13⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
12⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
11⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
10⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
11⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-43542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43542.exe
12⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
12⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
11⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
9⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
8⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
7⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
10⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
11⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
12⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
11⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
10⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
8⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
7⤵
- Program crash
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 220
6⤵
- Program crash
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
5⤵
- Program crash
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
4⤵
- Executes dropped EXE
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
8⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
9⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
10⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
12⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
13⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
14⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 216
14⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 220
13⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
12⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
11⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 216
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
11⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
12⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
13⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 216
12⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
11⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
10⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 220
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
8⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
9⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
11⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
12⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe
13⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
13⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 236
12⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
10⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
9⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
8⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
7⤵
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
8⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35251.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-12687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12687.exe
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
11⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
12⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
13⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10564 -s 216
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
12⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
11⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
10⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-48058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48058.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
11⤵
PID:10788

C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
12⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10788 -s 216
12⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
11⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
10⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
8⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
7⤵
- Program crash
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
7⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
10⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
11⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
12⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
11⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
9⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 236
8⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52397.exe
9⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
10⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
11⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 236
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
10⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
9⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
8⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
7⤵
- Program crash
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
6⤵
- Program crash
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
8⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
11⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-26134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26134.exe
12⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
13⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
12⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
11⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
10⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
9⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
8⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
7⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
8⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
9⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
10⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
11⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 236
11⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 236
10⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 236
9⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
8⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
7⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
6⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
7⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
10⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
11⤵
PID:10440

C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
12⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 216
12⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
11⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
9⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
8⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
7⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
8⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-18111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18111.exe
9⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
10⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
11⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10396 -s 216
11⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
10⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
9⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
8⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
7⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
6⤵
- Program crash
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
5⤵
- Program crash
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-31328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31328.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-16829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16829.exe
9⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
10⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-19299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19299.exe
11⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-64218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64218.exe
12⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
13⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
14⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
14⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
13⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
12⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
11⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 236
10⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
10⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
11⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
12⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-23262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23262.exe
13⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
14⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
13⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
12⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
11⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
10⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
9⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
8⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
9⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-59994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59994.exe
10⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-3196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3196.exe
11⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
12⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
13⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 236
13⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 236
12⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
11⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
10⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
9⤵
- Program crash
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
8⤵
- Program crash
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-18234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18234.exe
8⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
11⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
12⤵
PID:11108

C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
13⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11108 -s 216
13⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
11⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
10⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
9⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
8⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
7⤵
- Program crash
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
8⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
9⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
10⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
11⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
12⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
13⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
14⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 220
14⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
13⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
12⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 216
11⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
10⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
9⤵
- Program crash
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
8⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
10⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
11⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
12⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10828 -s 220
13⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
11⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
10⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 216
9⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
8⤵
- Program crash
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
7⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
8⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-20965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20965.exe
10⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
11⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
12⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
13⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10388 -s 216
13⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
12⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
11⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43589.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
9⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
10⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
11⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-31840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31840.exe
12⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 216
12⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
11⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
10⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
9⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
8⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
7⤵
- Program crash
PID:1044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
6⤵
- Program crash
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-28161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28161.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
8⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
10⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
11⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-12080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12080.exe
12⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
13⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
14⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
14⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 220
13⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 220
12⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
11⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
9⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-39038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39038.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
11⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
12⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
13⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 236
13⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 236
12⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
11⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
10⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
9⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 220
8⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
7⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
8⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
10⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
11⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
12⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-1736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1736.exe
13⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
12⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
11⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
10⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
9⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
8⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
7⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
7⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
8⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-62277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62277.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
10⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
11⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
12⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
13⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
13⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
12⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
9⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
8⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
7⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-63502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63502.exe
8⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
9⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
10⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-22032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22032.exe
11⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
11⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
10⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 220
9⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
8⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
7⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
6⤵
- Program crash
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
5⤵
- Program crash
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
5⤵
- Executes dropped EXE
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 148
6⤵
- Program crash
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
5⤵
- Program crash
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-35858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35858.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
9⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
11⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
12⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
13⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
13⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
12⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
11⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
10⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
8⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
11⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
12⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
13⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
12⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
9⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
8⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
8⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
9⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
11⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
12⤵
PID:9792

C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
13⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 216
13⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 236
12⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
11⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
10⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
9⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
10⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
11⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
12⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
12⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
11⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
10⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
8⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
7⤵
- Program crash
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
8⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
10⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
11⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
12⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
13⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
13⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 236
12⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 236
11⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
10⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
10⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
11⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
12⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
11⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
10⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
9⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 220
8⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-1322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1322.exe
7⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-30508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30508.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
10⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-3990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3990.exe
11⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
12⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
12⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
11⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
8⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
6⤵
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
8⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
11⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
12⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
13⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
13⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 220
12⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
10⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-544.exe
9⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
10⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-47877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47877.exe
10⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-43298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43298.exe
11⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
12⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
11⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 220
10⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
9⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
8⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
7⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
8⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
10⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
11⤵
PID:9852

C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
12⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
12⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
11⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 236
10⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
8⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
7⤵
- Program crash
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
7⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
8⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
9⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
10⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
11⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
12⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 236
11⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
10⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
9⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-3585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3585.exe
8⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
9⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
10⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 236
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
10⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
9⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
8⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 220
7⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
6⤵
- Program crash
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
5⤵
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
7⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
10⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
11⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
12⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
13⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 236
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 236
12⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 220
11⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
9⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
8⤵
- Program crash
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
7⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
8⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
9⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
10⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
11⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 220
11⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 220
10⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
8⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 220
7⤵
- Program crash
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
6⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
7⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
8⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
9⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
10⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
11⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
11⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
10⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
9⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
8⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
7⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
6⤵
- Program crash
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:500

C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
6⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
8⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
9⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-18568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18568.exe
10⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-64066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64066.exe
11⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
11⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
10⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
9⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
8⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 216
7⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 500 -s 236
6⤵
- Program crash
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
5⤵
- Program crash
PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
4⤵
- Program crash
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
2⤵
- Program crash
PID:2516

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
Filesize
184KB

MD5
047480786b77d3ade8a14c318c4d975b

SHA1
52361d518eb312f9d82061516d5d200ee3631fae

SHA256
0e5e3303ab27b135b585b882597a842bccd36b588d8a0ac4d8d51b65116fbfcf

SHA512
c33b312afd5e403d8643e34d62ab359803afd896fdf248a0b069922c9350db0a11daa6c8bf95de97adbb8bd7b9a8e45ded35de7d70042bb8618f178761f1eaa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
Filesize
184KB

MD5
0193933513fb122aa4b9c5ad6cff68a5

SHA1
e32617bc98adc4b22aefe429e75e136a068ac3d1

SHA256
64305d552f9317233a6b54986643ac3fe82ee5af8e41703003a06870b74ebb7a

SHA512
a2976d35f56186c0540d5ce46c0b39c42b32c9dc97fa4aabe4424dfad9272524ef7fd1d436ec31e22132c316934757a15f92135301cfff44d28ae444c183f753

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
Filesize
184KB

MD5
f203eb8bc6bcd40f86803d419ecbb557

SHA1
1fef34651adf044d25d57d4ff1d66292b226e209

SHA256
2d6f24eae1ee6d7598021528fc2eacbb2bc3fcbe823b5a7672129521c32b8766

SHA512
cdd2e1f70a5e668e99f49b477f33b7a431cf728b77bd9748ed8c51f92703909f37107d514290eb85b2664dc703aca7144110347ec9777b754b4191f9caa9aa43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
Filesize
184KB

MD5
6dc8123d34357885ff69218c2d4c09e6

SHA1
86735775928394579d1a9c285a1e949cc8ad63d9

SHA256
42d4e36c77032b75aaaac97cbbb9cc588b3a112ecff6c21a12c695e4369434f8

SHA512
176d2e50fddccdc80dfad2c3de3a3146a762e70572096d0e3e4ee3b0425e5440c557721c3205d9f2830ddd763181cc32e775f96adb6b55bc85c39c8e6de2063e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
Filesize
184KB

MD5
ee451325c75b54547985bd417d6d25ee

SHA1
4321f92b1b9f2f7d4ed324cc4dd2c88a52dd1ec4

SHA256
2bcd512cc40d8bf7b9f43cd075e434d25ab783c96a4f4ed6eea53d625a001e4f

SHA512
ace0123efff1403f8d2e2c217b62dbd80220c7e38bd5449ad3d8687eb18cb8cb21f839dbfff4dcca658e2c33d40aa06d76ed63e68f1c0de850409bc310c85242

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
Filesize
184KB

MD5
d8e7406b2b784bcc323db64d1d570c1d

SHA1
babb32068725f810a114cdea036bb5c2a99aba25

SHA256
e01f9039b8bebcf05e002ca9d7ff2430fe4d42d309362df94b82d049351ff5fe

SHA512
4ff7278b1f1acaf0f31b76620ffc7fa3b873203bcb8924730177d99d83af0d3b3fe9395a2975c853a2bd4ee40ed66822b90782c0e911efec82f74327f3e4fa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
Filesize
184KB

MD5
dc34359f8eda1200d4400663ebdac791

SHA1
ac86f03bd0e09d95424e9fdbb8385cbc424a0668

SHA256
ad0a12b418431e3bfc3fe7de4bdaa2b62e56731953c43bcf2a9e357cc6e032df

SHA512
49bc196226307b6e8ad24abf1393b65dfcbc6a7148b744088406b42b82c550af49a6e2a01f2491546fa767a13e5ed6795771a0d691ca2ca1fe2aea6d1586bf88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
Filesize
184KB

MD5
de46f615f029b868dcc4613f045fb07c

SHA1
3a85ae6beaeeccd11d15c3496844c8e9acedebd4

SHA256
137e535b7d1f6e15ab9a39eed3797e7523d7381ee3a482ddff98f6929c82958f

SHA512
2716450e4ff9230cb7eb21ecfd331161707b44e4aa577e3b333669cc45d8de824a94522fd0ba7cb3f14bed83ebc7554e913926ae81ded5b693714eb69f17e302

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
Filesize
184KB

MD5
ff72a8bf5b38f5a9787cbbb14c8b5dcb

SHA1
b5a22524a2e2ac272b3def25f02aa05866c0d76b

SHA256
10e22925941b945047b209e30592b698385c5a86765ad3e317b4f0ae87c8aad5

SHA512
056ecd4ed5c8c9c99a4ba1e6f6a294ae53d3103541ebea6cf1aa2aa5a9fdd9773a4a0e0eca959c36ce80f1334ad4a0314d7e92800a178db583abc7329c2222ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
Filesize
184KB

MD5
eac795efdbdfd18ad495fe58262cc3da

SHA1
7043c27eb117a8bebb1a4e0fc22e730debe74900

SHA256
53aa5c233fd692cf8d050ce44438f3555edd17ad603af95dd9bab00faccd1261

SHA512
e68b3b4d4b048363de755f2a0a94e98a7835f232045f5335f0de9516de0fe745ef34a7ebb5ce0d9e200133397a84a0cc82f88c8e86c9b7ebcab24a333165e8d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
Filesize
184KB

MD5
52e7cb9ad176558b1abd251dd1727623

SHA1
8c321b944c707d80c08c85d7e6a9c72e26030ce2

SHA256
97bec90a73c37dadf19454268bcf6f53d363c8b2c8d9540f2998f945d8a60174

SHA512
98ec6ed3688c78069b5a3c44962ee16d69f904cea1e35b16dcf82d741ea883187c1046bc134cdefcd79fcf8a4de7cd58e48fd0820f2ad870d5c9e318c04b8bfe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
Filesize
184KB

MD5
821bf9069fecfeaf66753f2ff4d61e5f

SHA1
b8e0829a51b26aeec45fbed060e6a19f7ddbad49

SHA256
3033d9c7fb0b75640669382593610b6c3bd72d06f3b8a51dbc2f30d4896474bd

SHA512
a22b30c8649a0d8ceb287f122021f8842f250f395f65aecb260a998ee0336d754f2a1fcf66091cd70cd4d30dd64766c7fce74e0e8ff10057ec61a1003b564fb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
Filesize
184KB

MD5
632a5689ffdcc5c25cb984b59c00dec6

SHA1
555f6e3e514965fa3763a1fd882c684c242a901c

SHA256
01c4e666e13b42b663f3db6e8ed0782eb2e6727098bb19cd2957b48a1ba4a9eb

SHA512
52ee00b057aa9e751bc803bf0d1f776db04476b44cfe855c7dec3eabd1ca1c49f5376b2acf29f2f499fa795d485dfddaf1e01af45371cd7df11e7dd2e69a2f42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
Filesize
184KB

MD5
a8c73b6d80b1941ef0b839298e6bb744

SHA1
eab112634e1348ea768da4cba6c0d405d9c57b1b

SHA256
008ca1f41e01eee93d924eeb62ff6c5f51882f6d08ffe604517058726b1e69b1

SHA512
3c89c6bb843a9a5158609982af1e32ed5ca74cb0f3027094c5af490c151bc4cd96608346b8f20fad7ffdd051e5a3dd1ac57f085f9f61a2fba05f0e9aa3e20183

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
Filesize
184KB

MD5
d50d0434e144657d77e8aa5838f495db

SHA1
bd15858c9ad71d51b5025f15022344294cb5ad53

SHA256
167dda3144a67953c9cd5c4b6e93d20e77878528751497ff6cff5260064a7ec3

SHA512
786edc5e8e2dc07858eaa5b1939cd333479bff0879a94da4a77b9dad15094d79af76269f1b9369a5ace9de8d84c4f2f4c5c2f4207aaeaa8d4c947a07e63b03b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
Filesize
184KB

MD5
5549772ef2fb011d292e7ccb06b0439c

SHA1
faad4aa4846e7ae85e130eb233a2e5eb8aa79ecb

SHA256
3c8a6bd91308531f2dee0222c14785ac17191f7ae95d8c7cefd9e13d8b90a546

SHA512
6b32c90848242feb0ff6941b6b68681d560c59a73a0ef34c62e7b446ae753a32b64f4ccf99ee9b8635cb7b24103e5fecc58505bdafcb8da7923c0067b32e596d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
Filesize
184KB

MD5
6395d00342dbf3fc10bc5f086a73c5b1

SHA1
674eed252f1917bebff40e63e63f8ebe84fed5c7

SHA256
233fda248059f02885d9b47672dfe92a6ee30deaec6eb0583756cbdc0795fd65

SHA512
c4a6d651080bf56da18098300678fdc0fca8b464e6d343213a342a0b8245541eb3549faf571149c1ffa591761da55414bd4bda59d0cf8fa4763dfd9ebec31ad4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
Filesize
184KB

MD5
497f47303b0a7b12d2a698944d4e1f0e

SHA1
12d5c489231fb9e043cc54eb0bcc3f707de42fc3

SHA256
1cca01af3a00b9aaf26aacd4eebf7af2c8770ca41af7378d814c80a66466314a

SHA512
4a4f99b187d6f7923e3e3202e4e2f8093547fe6bc806d4c44e6e28da5e3bb1c8093392aa38f9e4cd48aaf52b404b0a7a542a2392e341379c1450e2cf8927b296

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads