bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe
Size

184KB
MD5

3b63cea15a80130f00ced20fc19768c3
SHA1

73997ef1c8b1b88268f5e5e9db39e891c2f0efd0
SHA256

bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62
SHA512

7d94a2c01999cb331c06bc8b932ed9a2edcb3f02003ca0ab27658258dd96993ca7ed48c565a62bad8aadf5a67a40bd93c917deea373bd9acba4f382fd9b3002f
SSDEEP

3072:kDqrY3ofP0RsfnaWefwL8tsi2lnViFFn3:kDloyGnamLEsi2lnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-44863.exeUnicorn-5527.exeUnicorn-1998.exeUnicorn-1132.exeUnicorn-34874.exeUnicorn-31344.exeUnicorn-25125.exeUnicorn-44607.exeUnicorn-11742.exeUnicorn-40885.exeUnicorn-38520.exeUnicorn-24104.exeUnicorn-4238.exeUnicorn-1223.exeUnicorn-40632.exeUnicorn-48541.exeUnicorn-48027.exeUnicorn-14643.exeUnicorn-34618.exeUnicorn-31088.exeUnicorn-18090.exeUnicorn-30896.exeUnicorn-1561.exeUnicorn-53642.exeUnicorn-9205.exeUnicorn-9205.exeUnicorn-25084.exeUnicorn-11701.exeUnicorn-43606.exeUnicorn-20533.exeUnicorn-30607.exeUnicorn-63279.exeUnicorn-10549.exeUnicorn-10549.exeUnicorn-46751.exeUnicorn-59558.exeUnicorn-22107.exeUnicorn-2049.exeUnicorn-39128.exeUnicorn-1665.exeUnicorn-5879.exeUnicorn-2350.exeUnicorn-5038.exeUnicorn-24712.exeUnicorn-20798.exeUnicorn-36942.exeUnicorn-7607.exeUnicorn-33735.exeUnicorn-6896.exeUnicorn-9911.exeUnicorn-55905.exeUnicorn-36039.exeUnicorn-23041.exeUnicorn-55713.exeUnicorn-52184.exeUnicorn-61821.exeUnicorn-28442.exeUnicorn-28573.exeUnicorn-64260.exeUnicorn-57716.exeUnicorn-28189.exeUnicorn-1087.exeUnicorn-786.exeUnicorn-46266.exe

pid	process
2496	Unicorn-44863.exe
2608	Unicorn-5527.exe
2860	Unicorn-1998.exe
1884	Unicorn-1132.exe
2408	Unicorn-34874.exe
3040	Unicorn-31344.exe
2844	Unicorn-25125.exe
2956	Unicorn-44607.exe
2764	Unicorn-11742.exe
1548	Unicorn-40885.exe
1384	Unicorn-38520.exe
1824	Unicorn-24104.exe
2376	Unicorn-4238.exe
2268	Unicorn-1223.exe
1944	Unicorn-40632.exe
2236	Unicorn-48541.exe
852	Unicorn-48027.exe
108	Unicorn-14643.exe
412	Unicorn-34618.exe
1220	Unicorn-31088.exe
1696	Unicorn-18090.exe
1004	Unicorn-30896.exe
1940	Unicorn-1561.exe
1236	Unicorn-53642.exe
1592	Unicorn-9205.exe
2368	Unicorn-9205.exe
1504	Unicorn-25084.exe
900	Unicorn-11701.exe
2336	Unicorn-43606.exe
1628	Unicorn-20533.exe
2120	Unicorn-30607.exe
2232	Unicorn-63279.exe
2700	Unicorn-10549.exe
2696	Unicorn-10549.exe
2540	Unicorn-46751.exe
2032	Unicorn-59558.exe
2468	Unicorn-22107.exe
2292	Unicorn-2049.exe
2488	Unicorn-39128.exe
2944	Unicorn-1665.exe
1540	Unicorn-5879.exe
2180	Unicorn-2350.exe
1900	Unicorn-5038.exe
2812	Unicorn-24712.exe
2212	Unicorn-20798.exe
2880	Unicorn-36942.exe
1912	Unicorn-7607.exe
604	Unicorn-33735.exe
1104	Unicorn-6896.exe
800	Unicorn-9911.exe
1708	Unicorn-55905.exe
2288	Unicorn-36039.exe
1168	Unicorn-23041.exe
848	Unicorn-55713.exe
1012	Unicorn-52184.exe
1116	Unicorn-61821.exe
1576	Unicorn-28442.exe
2100	Unicorn-28573.exe
2316	Unicorn-64260.exe
2604	Unicorn-57716.exe
2524	Unicorn-28189.exe
2476	Unicorn-1087.exe
1484	Unicorn-786.exe
1892	Unicorn-46266.exe

Loads dropped DLL 64 IoCs

Processes:

bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exeUnicorn-44863.exeUnicorn-5527.exeUnicorn-1998.exeWerFault.exeUnicorn-31344.exeUnicorn-34874.exeWerFault.exeWerFault.exeUnicorn-25125.exeUnicorn-44607.exeUnicorn-40885.exeWerFault.exeWerFault.exeUnicorn-38520.exeUnicorn-11742.exeUnicorn-24104.exe

pid	process
2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe
2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe
2496	Unicorn-44863.exe
2496	Unicorn-44863.exe
2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe
2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe
2608	Unicorn-5527.exe
2860	Unicorn-1998.exe
2608	Unicorn-5527.exe
2860	Unicorn-1998.exe
2496	Unicorn-44863.exe
2496	Unicorn-44863.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2608	Unicorn-5527.exe
2608	Unicorn-5527.exe
3040	Unicorn-31344.exe
2408	Unicorn-34874.exe
3040	Unicorn-31344.exe
2408	Unicorn-34874.exe
2860	Unicorn-1998.exe
2860	Unicorn-1998.exe
2668	WerFault.exe
2668	WerFault.exe
2668	WerFault.exe
2668	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
2668	WerFault.exe
2844	Unicorn-25125.exe
2844	Unicorn-25125.exe
2408	Unicorn-34874.exe
2956	Unicorn-44607.exe
3040	Unicorn-31344.exe
1548	Unicorn-40885.exe
3040	Unicorn-31344.exe
1548	Unicorn-40885.exe
2408	Unicorn-34874.exe
2956	Unicorn-44607.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe
2888	WerFault.exe
2888	WerFault.exe
2888	WerFault.exe
2888	WerFault.exe
2888	WerFault.exe
1384	Unicorn-38520.exe
2844	Unicorn-25125.exe
1384	Unicorn-38520.exe
2844	Unicorn-25125.exe
2764	Unicorn-11742.exe
2764	Unicorn-11742.exe
1824	Unicorn-24104.exe
1824	Unicorn-24104.exe
1548	Unicorn-40885.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2568	2196	WerFault.exe	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe
2392	2496	WerFault.exe	Unicorn-44863.exe
2668	2608	WerFault.exe	Unicorn-5527.exe
3004	2860	WerFault.exe	Unicorn-1998.exe
112	3040	WerFault.exe	Unicorn-31344.exe
2888	2408	WerFault.exe	Unicorn-34874.exe
2244	2844	WerFault.exe	Unicorn-25125.exe
1080	2956	WerFault.exe	Unicorn-44607.exe
3044	2764	WerFault.exe	Unicorn-11742.exe
780	1548	WerFault.exe	Unicorn-40885.exe
1780	1384	WerFault.exe	Unicorn-38520.exe
2992	1824	WerFault.exe	Unicorn-24104.exe
2684	1944	WerFault.exe	Unicorn-40632.exe
2380	2268	WerFault.exe	Unicorn-1223.exe
2504	2376	WerFault.exe	Unicorn-4238.exe
932	2236	WerFault.exe	Unicorn-48541.exe
920	852	WerFault.exe	Unicorn-48027.exe
1332	108	WerFault.exe	Unicorn-14643.exe
2560	412	WerFault.exe	Unicorn-34618.exe
2716	1220	WerFault.exe	Unicorn-31088.exe
2076	1940	WerFault.exe	Unicorn-1561.exe
1596	1696	WerFault.exe	Unicorn-18090.exe
2984	1004	WerFault.exe	Unicorn-30896.exe
2832	1236	WerFault.exe	Unicorn-53642.exe
1980	1592	WerFault.exe	Unicorn-9205.exe
2204	1504	WerFault.exe	Unicorn-25084.exe
2004	2368	WerFault.exe	Unicorn-9205.exe
1084	900	WerFault.exe	Unicorn-11701.exe
2868	2336	WerFault.exe	Unicorn-43606.exe
1448	1628	WerFault.exe	Unicorn-20533.exe
336	2540	WerFault.exe	Unicorn-46751.exe
832	2696	WerFault.exe	Unicorn-10549.exe
1100	2700	WerFault.exe	Unicorn-10549.exe
1524	2232	WerFault.exe	Unicorn-63279.exe
2552	2120	WerFault.exe	Unicorn-30607.exe
1884	2032	WerFault.exe	Unicorn-59558.exe
1380	2468	WerFault.exe	Unicorn-22107.exe
3112	2292	WerFault.exe	Unicorn-2049.exe
3536	1540	WerFault.exe	Unicorn-5879.exe
3628	604	WerFault.exe	Unicorn-33735.exe
3644	896	WerFault.exe	Unicorn-8567.exe
3636	2212	WerFault.exe	Unicorn-20798.exe
3732	1912	WerFault.exe	Unicorn-7607.exe
3740	1168	WerFault.exe	Unicorn-23041.exe
3768	800	WerFault.exe	Unicorn-9911.exe
3888	2180	WerFault.exe	Unicorn-2350.exe
3912	2488	WerFault.exe	Unicorn-39128.exe
3192	1116	WerFault.exe	Unicorn-61821.exe
3228	1576	WerFault.exe	Unicorn-28442.exe
3332	2100	WerFault.exe	Unicorn-28573.exe
3324	2316	WerFault.exe	Unicorn-64260.exe
3468	1104	WerFault.exe	Unicorn-6896.exe
3524	2944	WerFault.exe	Unicorn-1665.exe
3564	2604	WerFault.exe	Unicorn-57716.exe
3596	1484	WerFault.exe	Unicorn-786.exe
3992	2272	WerFault.exe	Unicorn-53697.exe
4008	2288	WerFault.exe	Unicorn-36039.exe
4060	1708	WerFault.exe	Unicorn-55905.exe
3076	2532	WerFault.exe	Unicorn-3427.exe
3236	2172	WerFault.exe	Unicorn-37818.exe
3252	1744	WerFault.exe	Unicorn-8025.exe
3288	2572	WerFault.exe	Unicorn-23293.exe
3388	2512	WerFault.exe	Unicorn-53697.exe
3464	1820	WerFault.exe	Unicorn-5337.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exeUnicorn-44863.exeUnicorn-5527.exeUnicorn-1998.exeUnicorn-34874.exeUnicorn-31344.exeUnicorn-25125.exeUnicorn-44607.exeUnicorn-11742.exeUnicorn-40885.exeUnicorn-38520.exeUnicorn-24104.exeUnicorn-40632.exeUnicorn-1223.exeUnicorn-4238.exeUnicorn-48541.exeUnicorn-48027.exeUnicorn-14643.exeUnicorn-34618.exeUnicorn-31088.exeUnicorn-18090.exeUnicorn-1561.exeUnicorn-30896.exeUnicorn-53642.exeUnicorn-9205.exeUnicorn-9205.exeUnicorn-25084.exeUnicorn-11701.exeUnicorn-20533.exeUnicorn-30607.exeUnicorn-63279.exeUnicorn-46751.exeUnicorn-10549.exeUnicorn-10549.exeUnicorn-59558.exeUnicorn-22107.exeUnicorn-2049.exeUnicorn-39128.exeUnicorn-1665.exeUnicorn-5879.exeUnicorn-2350.exeUnicorn-5038.exeUnicorn-8567.exeUnicorn-24712.exeUnicorn-20798.exeUnicorn-36942.exeUnicorn-7607.exeUnicorn-33735.exeUnicorn-9911.exeUnicorn-6896.exeUnicorn-55905.exeUnicorn-36039.exeUnicorn-23041.exeUnicorn-55713.exeUnicorn-52184.exeUnicorn-61821.exeUnicorn-28442.exeUnicorn-28573.exeUnicorn-64260.exeUnicorn-57716.exeUnicorn-28189.exeUnicorn-786.exeUnicorn-46266.exeUnicorn-52291.exe

pid	process
2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe
2496	Unicorn-44863.exe
2608	Unicorn-5527.exe
2860	Unicorn-1998.exe
2408	Unicorn-34874.exe
3040	Unicorn-31344.exe
2844	Unicorn-25125.exe
2956	Unicorn-44607.exe
2764	Unicorn-11742.exe
1548	Unicorn-40885.exe
1384	Unicorn-38520.exe
1824	Unicorn-24104.exe
1944	Unicorn-40632.exe
2268	Unicorn-1223.exe
2376	Unicorn-4238.exe
2236	Unicorn-48541.exe
852	Unicorn-48027.exe
108	Unicorn-14643.exe
412	Unicorn-34618.exe
1220	Unicorn-31088.exe
1696	Unicorn-18090.exe
1940	Unicorn-1561.exe
1004	Unicorn-30896.exe
1236	Unicorn-53642.exe
1592	Unicorn-9205.exe
2368	Unicorn-9205.exe
1504	Unicorn-25084.exe
900	Unicorn-11701.exe
1628	Unicorn-20533.exe
2120	Unicorn-30607.exe
2232	Unicorn-63279.exe
2540	Unicorn-46751.exe
2700	Unicorn-10549.exe
2696	Unicorn-10549.exe
2032	Unicorn-59558.exe
2468	Unicorn-22107.exe
2292	Unicorn-2049.exe
2488	Unicorn-39128.exe
2944	Unicorn-1665.exe
1540	Unicorn-5879.exe
2180	Unicorn-2350.exe
1900	Unicorn-5038.exe
896	Unicorn-8567.exe
2812	Unicorn-24712.exe
2212	Unicorn-20798.exe
2880	Unicorn-36942.exe
1912	Unicorn-7607.exe
604	Unicorn-33735.exe
800	Unicorn-9911.exe
1104	Unicorn-6896.exe
1708	Unicorn-55905.exe
2288	Unicorn-36039.exe
1168	Unicorn-23041.exe
848	Unicorn-55713.exe
1012	Unicorn-52184.exe
1116	Unicorn-61821.exe
1576	Unicorn-28442.exe
2100	Unicorn-28573.exe
2316	Unicorn-64260.exe
2604	Unicorn-57716.exe
2524	Unicorn-28189.exe
1484	Unicorn-786.exe
1892	Unicorn-46266.exe
1264	Unicorn-52291.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exeUnicorn-44863.exeUnicorn-5527.exeUnicorn-1998.exeUnicorn-31344.exeUnicorn-34874.exeUnicorn-25125.exe

description	pid	process	target process
PID 2196 wrote to memory of 2496	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	Unicorn-44863.exe
PID 2196 wrote to memory of 2496	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	Unicorn-44863.exe
PID 2196 wrote to memory of 2496	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	Unicorn-44863.exe
PID 2196 wrote to memory of 2496	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	Unicorn-44863.exe
PID 2496 wrote to memory of 2608	2496	Unicorn-44863.exe	Unicorn-5527.exe
PID 2496 wrote to memory of 2608	2496	Unicorn-44863.exe	Unicorn-5527.exe
PID 2496 wrote to memory of 2608	2496	Unicorn-44863.exe	Unicorn-5527.exe
PID 2496 wrote to memory of 2608	2496	Unicorn-44863.exe	Unicorn-5527.exe
PID 2196 wrote to memory of 2860	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	Unicorn-1998.exe
PID 2196 wrote to memory of 2860	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	Unicorn-1998.exe
PID 2196 wrote to memory of 2860	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	Unicorn-1998.exe
PID 2196 wrote to memory of 2860	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	Unicorn-1998.exe
PID 2196 wrote to memory of 2568	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	WerFault.exe
PID 2196 wrote to memory of 2568	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	WerFault.exe
PID 2196 wrote to memory of 2568	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	WerFault.exe
PID 2196 wrote to memory of 2568	2196	bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe	WerFault.exe
PID 2608 wrote to memory of 1884	2608	Unicorn-5527.exe	Unicorn-1132.exe
PID 2608 wrote to memory of 1884	2608	Unicorn-5527.exe	Unicorn-1132.exe
PID 2608 wrote to memory of 1884	2608	Unicorn-5527.exe	Unicorn-1132.exe
PID 2608 wrote to memory of 1884	2608	Unicorn-5527.exe	Unicorn-1132.exe
PID 2860 wrote to memory of 2408	2860	Unicorn-1998.exe	Unicorn-34874.exe
PID 2860 wrote to memory of 2408	2860	Unicorn-1998.exe	Unicorn-34874.exe
PID 2860 wrote to memory of 2408	2860	Unicorn-1998.exe	Unicorn-34874.exe
PID 2860 wrote to memory of 2408	2860	Unicorn-1998.exe	Unicorn-34874.exe
PID 2496 wrote to memory of 3040	2496	Unicorn-44863.exe	Unicorn-31344.exe
PID 2496 wrote to memory of 3040	2496	Unicorn-44863.exe	Unicorn-31344.exe
PID 2496 wrote to memory of 3040	2496	Unicorn-44863.exe	Unicorn-31344.exe
PID 2496 wrote to memory of 3040	2496	Unicorn-44863.exe	Unicorn-31344.exe
PID 2496 wrote to memory of 2392	2496	Unicorn-44863.exe	WerFault.exe
PID 2496 wrote to memory of 2392	2496	Unicorn-44863.exe	WerFault.exe
PID 2496 wrote to memory of 2392	2496	Unicorn-44863.exe	WerFault.exe
PID 2496 wrote to memory of 2392	2496	Unicorn-44863.exe	WerFault.exe
PID 2608 wrote to memory of 2844	2608	Unicorn-5527.exe	Unicorn-25125.exe
PID 2608 wrote to memory of 2844	2608	Unicorn-5527.exe	Unicorn-25125.exe
PID 2608 wrote to memory of 2844	2608	Unicorn-5527.exe	Unicorn-25125.exe
PID 2608 wrote to memory of 2844	2608	Unicorn-5527.exe	Unicorn-25125.exe
PID 3040 wrote to memory of 2956	3040	Unicorn-31344.exe	Unicorn-44607.exe
PID 3040 wrote to memory of 2956	3040	Unicorn-31344.exe	Unicorn-44607.exe
PID 3040 wrote to memory of 2956	3040	Unicorn-31344.exe	Unicorn-44607.exe
PID 3040 wrote to memory of 2956	3040	Unicorn-31344.exe	Unicorn-44607.exe
PID 2408 wrote to memory of 2764	2408	Unicorn-34874.exe	Unicorn-11742.exe
PID 2408 wrote to memory of 2764	2408	Unicorn-34874.exe	Unicorn-11742.exe
PID 2408 wrote to memory of 2764	2408	Unicorn-34874.exe	Unicorn-11742.exe
PID 2408 wrote to memory of 2764	2408	Unicorn-34874.exe	Unicorn-11742.exe
PID 2860 wrote to memory of 1548	2860	Unicorn-1998.exe	Unicorn-40885.exe
PID 2860 wrote to memory of 1548	2860	Unicorn-1998.exe	Unicorn-40885.exe
PID 2860 wrote to memory of 1548	2860	Unicorn-1998.exe	Unicorn-40885.exe
PID 2860 wrote to memory of 1548	2860	Unicorn-1998.exe	Unicorn-40885.exe
PID 2608 wrote to memory of 2668	2608	Unicorn-5527.exe	WerFault.exe
PID 2608 wrote to memory of 2668	2608	Unicorn-5527.exe	WerFault.exe
PID 2608 wrote to memory of 2668	2608	Unicorn-5527.exe	WerFault.exe
PID 2608 wrote to memory of 2668	2608	Unicorn-5527.exe	WerFault.exe
PID 2860 wrote to memory of 3004	2860	Unicorn-1998.exe	WerFault.exe
PID 2860 wrote to memory of 3004	2860	Unicorn-1998.exe	WerFault.exe
PID 2860 wrote to memory of 3004	2860	Unicorn-1998.exe	WerFault.exe
PID 2860 wrote to memory of 3004	2860	Unicorn-1998.exe	WerFault.exe
PID 2844 wrote to memory of 1384	2844	Unicorn-25125.exe	Unicorn-38520.exe
PID 2844 wrote to memory of 1384	2844	Unicorn-25125.exe	Unicorn-38520.exe
PID 2844 wrote to memory of 1384	2844	Unicorn-25125.exe	Unicorn-38520.exe
PID 2844 wrote to memory of 1384	2844	Unicorn-25125.exe	Unicorn-38520.exe
PID 3040 wrote to memory of 2376	3040	Unicorn-31344.exe	Unicorn-4238.exe
PID 3040 wrote to memory of 2376	3040	Unicorn-31344.exe	Unicorn-4238.exe
PID 3040 wrote to memory of 2376	3040	Unicorn-31344.exe	Unicorn-4238.exe
PID 3040 wrote to memory of 2376	3040	Unicorn-31344.exe	Unicorn-4238.exe

C:\Users\Admin\AppData\Local\Temp\bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe
"C:\Users\Admin\AppData\Local\Temp\bc3edae5da79ebb755601911011b3205c7fc71c7143987ed8ddc02bd5e267a62.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
4⤵
- Executes dropped EXE
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
10⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
11⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
12⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
13⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-39865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39865.exe
14⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
15⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
15⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
14⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
13⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
12⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
11⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 236
10⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
9⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
10⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
11⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-35579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35579.exe
12⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
13⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
14⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
15⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 236
14⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 236
13⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
12⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
11⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
10⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
9⤵
- Program crash
PID:1380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
8⤵
- Program crash
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
9⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
10⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-27615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27615.exe
11⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
12⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
13⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
14⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
14⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
13⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
12⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
11⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
10⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
9⤵
- Program crash
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
8⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
10⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-37883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37883.exe
11⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
12⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
13⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
14⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
13⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
12⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
11⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
9⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
8⤵
- Program crash
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
7⤵
- Program crash
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-25084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25084.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
9⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
10⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
11⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-11308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11308.exe
12⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
13⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\Unicorn-50988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50988.exe
14⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
14⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
13⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
12⤵
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
11⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
10⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
9⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
8⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
11⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
12⤵
PID:9288

C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
13⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 216
13⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
12⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 236
11⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
10⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
9⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
8⤵
- Program crash
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
8⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
10⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
11⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
12⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
13⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
12⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
10⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
9⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
8⤵
- Program crash
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
7⤵
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
6⤵
- Program crash
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
8⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-60671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60671.exe
10⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
11⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-39865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39865.exe
12⤵
PID:8764

C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
13⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 216
13⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
12⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
11⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
9⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
8⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
7⤵
- Program crash
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-28189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28189.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
8⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
9⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
10⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
11⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-2324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2324.exe
12⤵
PID:8892

C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
13⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
14⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 216
13⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
12⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
11⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
10⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
10⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
11⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
12⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
13⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
12⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
11⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
10⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
9⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
8⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
7⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
9⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
10⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
11⤵
PID:9324

C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
12⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 216
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
11⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
8⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
7⤵
- Program crash
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
6⤵
- Program crash
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
5⤵
- Program crash
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
9⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
10⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
11⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
12⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
13⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-33418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33418.exe
14⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-27136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27136.exe
15⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 216
15⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
14⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
13⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
12⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
11⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
10⤵
- Program crash
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
10⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-44517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44517.exe
11⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
12⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
13⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
14⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 216
14⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
13⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
12⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
11⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
10⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
8⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
9⤵
PID:724

C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
11⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-5351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5351.exe
12⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
13⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
14⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 236
14⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
13⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
12⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
11⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 216
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
9⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
8⤵
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
8⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
11⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
12⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
13⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
14⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
13⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
12⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
11⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
10⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
10⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
11⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
12⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
13⤵
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
13⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
12⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
11⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
10⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
9⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 220
8⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 220
7⤵
- Program crash
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
8⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
9⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
10⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
11⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
12⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
13⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
14⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
14⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
13⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
12⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 236
11⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
10⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
9⤵
- Program crash
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
8⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
9⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
10⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
11⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-13313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13313.exe
12⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 220
13⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 236
12⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 236
10⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
9⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
8⤵
- Program crash
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-3427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3427.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
8⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-20793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20793.exe
9⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-34875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34875.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
11⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
12⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
13⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 236
13⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
12⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
10⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
9⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
8⤵
- Program crash
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
7⤵
- Program crash
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
6⤵
- Program crash
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-30896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30896.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-46751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46751.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
11⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
12⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
13⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
13⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
11⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
9⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
8⤵
- Program crash
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
7⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
8⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
10⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
12⤵
PID:9640

C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
13⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 216
13⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
12⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 236
11⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
10⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
9⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
8⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
7⤵
- Program crash
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
7⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-17035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17035.exe
8⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
10⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
10⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
11⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
12⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
13⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 216
13⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 236
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
11⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 220
10⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
9⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
8⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
7⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
9⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
10⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
11⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\Unicorn-51235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51235.exe
12⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
11⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
9⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
8⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
7⤵
- Program crash
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
6⤵
- Program crash
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
5⤵
- Program crash
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
7⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
9⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
10⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
11⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
12⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
13⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
13⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
12⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
11⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
10⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
9⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
8⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
7⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
8⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
10⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
11⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
12⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
12⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
11⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
10⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
9⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
8⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 220
7⤵
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
6⤵
- Program crash
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-59558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59558.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
7⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
10⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
11⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
12⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
13⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
12⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
11⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
10⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
8⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 236
7⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
6⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
7⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
8⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
9⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
10⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
11⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
12⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
11⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
10⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
9⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
8⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
7⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
6⤵
- Program crash
PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
5⤵
- Program crash
PID:2504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
9⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
10⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
11⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
12⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
13⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-32540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32540.exe
14⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 216
14⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
13⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
12⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
11⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
10⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
9⤵
- Program crash
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
8⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
10⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 240
11⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
9⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
8⤵
- Program crash
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
8⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
9⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
10⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
11⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
12⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-61335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61335.exe
13⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
14⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
13⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 236
12⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
11⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
10⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-60117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60117.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
10⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
11⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
12⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 236
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
11⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
10⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
8⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
7⤵
- Program crash
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
7⤵
- Executes dropped EXE
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
7⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
8⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-12721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12721.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
10⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
11⤵
PID:9500

C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
12⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
11⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
10⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
9⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 216
8⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
7⤵
- Program crash
PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
6⤵
- Program crash
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
5⤵
- Program crash
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
7⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
10⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
11⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
12⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-4338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4338.exe
13⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
13⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
12⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
11⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
10⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 236
8⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
7⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 220
7⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
6⤵
- Program crash
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
8⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
9⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
10⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
11⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
12⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
13⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 236
13⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
12⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
11⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
10⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
9⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
8⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
11⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
12⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
12⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
11⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
10⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
9⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
8⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
7⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
10⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-8103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8103.exe
11⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
12⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
12⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
11⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
10⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
9⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
8⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
7⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
6⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
7⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-40322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40322.exe
9⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
10⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
11⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 236
11⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
10⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
9⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
8⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
7⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
6⤵
- Program crash
PID:832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
5⤵
- Program crash
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:412

C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
6⤵
- Executes dropped EXE
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
8⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-221.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-56810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56810.exe
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
11⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
12⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-7469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7469.exe
13⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 216
13⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
12⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
11⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
10⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 236
9⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 236
8⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
7⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-63739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63739.exe
8⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
11⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
12⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
13⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 236
13⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
12⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
11⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 236
10⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 216
9⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 216
8⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
7⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
7⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
10⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
11⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
12⤵
PID:10484

C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
13⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 236
12⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
11⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
8⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
8⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
9⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-42412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42412.exe
10⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
11⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
12⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 236
11⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
10⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
9⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
8⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
7⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 240
6⤵
- Program crash
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
7⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
11⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
12⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-21356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21356.exe
13⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
12⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
11⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 236
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
9⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
8⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
7⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
8⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
9⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
10⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
11⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
12⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
11⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
10⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 236
9⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
8⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
7⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
6⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
7⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
8⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
10⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
11⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
12⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
11⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
10⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
8⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
7⤵
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
6⤵
- Program crash
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
5⤵
- Program crash
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
7⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-27069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27069.exe
10⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
11⤵
PID:9360

C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
12⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 216
12⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 236
11⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 236
10⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
9⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
8⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 216
7⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
6⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
7⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
9⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
10⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
11⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
12⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
12⤵
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
11⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
10⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 216
7⤵
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
6⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-33735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33735.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
6⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
7⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
8⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
9⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
10⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe
11⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 236
11⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 236
10⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
8⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
7⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 216
6⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
5⤵
- Program crash
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
4⤵
- Program crash
PID:780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
2⤵
- Program crash
PID:2568

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
Filesize
184KB

MD5
1cabe64cb52633633cf11657c18bbfc4

SHA1
a1648eaad63c71e16a81b45bbd9190e9d0f64343

SHA256
b227de6f6151a43a19759b4a8eb7e60d3a517a3eb30726427ce15e303afb0140

SHA512
633f326850a679e761aeae8aa1a69d65e56c2e7ba0e0ff3249e0a0dc2c04e2656246fcab5c46c78a82e74bdcfd255b380955f530e5e3d4403a4a704578d80599

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
Filesize
184KB

MD5
e985cd5f2c955e5f197127862fdc41ea

SHA1
50b1860fa00427504da8fbf9b3d4db2da6c19619

SHA256
af77d156a1a376b76e760a6b5edfd85faa3ba849577c7633ff75857db2f878c6

SHA512
20f60939311fa016757076c447398dd4c26b7a66ffb4380a829518cab2b4f1592616bee5ac7947396bf122a23add1d8b4abf7752b64459e59c55de2c75716525

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
Filesize
184KB

MD5
323e27dff45caff52ad6e22766a7ea92

SHA1
a9760dba198577f5ef61fe316e395bcfc7356366

SHA256
bb3277c65b0f7dd823b9ab65e4efe575c32a71b7a2094f1581bb8f3bfd8ddb94

SHA512
91e00699d454c9f095872e0e4c54a1a5d3f40fcf8a3ae9ac55a6ebc7d8661f8e8b8f40f23bb2b9b47a28e1cdcc45c7ea0bbf67ed92da249ec5889af503077124

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
Filesize
184KB

MD5
b23c30b8fb4299a05bfc21a3f5dac49a

SHA1
a85a81f8f46d1440b7e9eae02e1f95cdd95ad01d

SHA256
465ceea829417c457e5f8f4b08af5b1fff5b6aa7161166832777b44b197f422c

SHA512
bf4d02358f1bd8a38a3feb52f3dd8e56e947815b589823ef1aecf623e984b1e622002cba3d2c13c262c35c5f552aac410858daa9deaba2659f57e3a2701ce597

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
Filesize
184KB

MD5
3807ab64ab2283d9dd4ac7a43c86da0c

SHA1
89e14942373ea4f57c0e8cb3d8a1c9bb7224a229

SHA256
373ffb8e5afe4b153f2f123e7d72b2ccd319c07fe5d44f5d4bbbe28437e0358f

SHA512
bb130c4a822824a44180f4e9ae66e0c5c87aace58ef35a3fd725501c99e72b4c2a3db3eb91706e0ebde98484e35d319649813ca394350c1a66970585bd27e02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
Filesize
184KB

MD5
8063944191419adef465c967ccf67e83

SHA1
3babaa29e43fafbe8dbec9f34cb3d40a09eb5330

SHA256
1eafe49adf3bd07801906107239f5a99bd036d5d4a960d3e55173824aaeb65cd

SHA512
5a5d3020ba48e2579a931f27cc9d1ad01a2316ba32909aa356d802acd4c48347a74b8aae0c2ab12be42d6a9a536b6c440d54d1d3bd966f50609cc269ca8c7164

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
Filesize
184KB

MD5
bf79565d290a98b0ce3b755fc4a54afd

SHA1
0048250701065d952429c55d51e4f532d3a93a9d

SHA256
a9dcd6488fabc36f968e1ead5bf38c388973c667fdaff8ea2b55a4cc3e9113f6

SHA512
ee9c0a0217d017c826b3c047f01fe3369213e31134bdbb2a86d0cfaa00b5213e3d6a559a8c331fb0c58dcf5aa59a092465df2dc6df62e8acdd5a6d3ac8fd6c1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
Filesize
184KB

MD5
6212ae32e33aabbba065056a387418c8

SHA1
848fe1b6c72562b4194a351a2c469f9adcfccd9a

SHA256
5cdd9a459824b91593f82a9f5a12dc5f404e2be99128c34e2106a71558976768

SHA512
1de0f7e9acaa3dbfcf7938ed83110a226ab318939a5c4772b4de9248911057010b7b6851be035d61d245da83561ff4f3eeb9f0ec5aa61e58ae2b9a173b78c7c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
Filesize
184KB

MD5
8cd881923d70504c298e4b52fe957b55

SHA1
12f42b5b9e1587aedc64bbe93392ea2c617b02b3

SHA256
ebf797d51bbdfa228b63ce3428ff8d5c1828545590da13e7f6ab04307e9cfd68

SHA512
e032f771709ec6c18f7891dbbf9c2e2c613a8388ea410e1f338bf896fac34f6d0cebd79b87b650955143f54d7381bbcd93f2bef92520a6288516b2f7ecbf0781

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
Filesize
184KB

MD5
cae9bf787a539a1524233f42e547451c

SHA1
75459297dd519c8218bbdfc2969df5f7b379d79c

SHA256
2b0daba6956170282c37ef344e38152342cbf92aff349c1a84ad6485b9e69b97

SHA512
2cbfdab033312248cd08aa701146729062b6b6cf76a6d1f48ec85c399ca11ddbd07f95122d4b7051468ece36b46b03e39474c83a897f1028da97b492f7be5967

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
Filesize
184KB

MD5
94504ebb3a81f2e7b716b79bf96fb6a3

SHA1
753166a1d188702fbeb9749aa5f5e4051b132112

SHA256
0c865b2812c3044800856c7bf62b2b9cde185ba7a5be12d5fd6b476785178d77

SHA512
ebfbb78014aa641741ffa2921bfafd63263338e44cdbad91ea9bcbb048f9662043c8a927028a4135de635fbb307828efb971bd5a542fe5cd6c61ff5097617286

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
Filesize
184KB

MD5
43cbb3e49186134c843ce3976b4a5f99

SHA1
2891814a14c7d0af177af6d407b992882a1cb0be

SHA256
c44a94e4e69f825dd480f1a5da363b2b64c8e3956a13f6de6cbe4f1634692da5

SHA512
831cac4307a92505e28166d750d529f8099ab8a7523b424198a615aa07cdeec0a33a022bfc3bb3c7b79398c8deeec527c82c23e076aa9d7f58ff98efae92f7ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
Filesize
184KB

MD5
f6c38deeea1d50cc51d092612b14be74

SHA1
52d8a3a7bba6db964d16b9eb8d9d0796a037a64f

SHA256
7c8aee9547cfe8041b24e77af37e79b65873be69fa544b0bcfe0856b24202838

SHA512
5e5f4aa9e79f76670fcabaff18c90a0cb0429f207f17426ea1808d9bdaa34ef319199b5ebe7c0459b2cfb2e5b2ab6ecac2f90dbfd3940982b1464cc575da41f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
Filesize
184KB

MD5
9f6d2574f30a5fac7090a02f465a469f

SHA1
10a99e0190fa822337052ca00526f859cb818619

SHA256
e13d127e30edd7fc7e14f464d7181345f1459f7a7ac4e37b6dc38b9f69ca0108

SHA512
6a37cdd3ff0d657a3026262d2c5ce222cbb68cb8409a00d84502e5c30062e7a2979fc965d02435ba9af759229605879ca51916c7a03fcfe239d993d84700b052

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
Filesize
184KB

MD5
491c2be37d8476236ae2500b2571b0f4

SHA1
e5fd47f0a0441a44c79e69508787620fd39a5a9f

SHA256
1a8d1f7b4dd6c6166511e45dac854b169708141cecabea7c8c996b19cc3c9002

SHA512
ccb48ef59b3c12fb5ce43df61855089d362a4f79b99893c0b5a9a63ea9d51ba5cba8c4cd4ef079f168b0494335c7ce303d16ffd53ed79be37dfdc744a9e53517

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
Filesize
184KB

MD5
e1305155e7629caae53a16feec27fed8

SHA1
04af313f88f9bb2b523960a74c13e203622e839b

SHA256
f545abbba27c572b7da7cd705a622c7173f4a53b22753dca553dc3a3da06b1bc

SHA512
0e5b87615b5c03a0006bdecc59360fe153c16d33d3777671e218433c8abeb61a5b96bbc77dd68c64109ce86dfb0487bfb4cdc7893909692eb7e67c1e8aa49795

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
Filesize
184KB

MD5
d0bb58dfc178e86fd83af73eea19dda9

SHA1
ad22907df434fd8c395709194abc6c77b11c46df

SHA256
8a198a73b3afc2d89fdb56f3bf42b4cc40a7cf25a3387615495cf500f3eccb21

SHA512
bf06fb0d9106b762ac821fce60fdc5262d2a3d40e4d92fa15434e751d9feaf2eccac0ad66513fa63eb864f58a2ab292de656b4292e98ddbeaa6816b61e2b2259

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
Filesize
184KB

MD5
f5725d5535be0d54dbf8a2bd75bc07ca

SHA1
feb60f6d617ef45894190e96deabb1d42146c398

SHA256
ff2f625f21e6aebbf2f524a353f46df571436a1eeb5aa0e9671f5a7356be8a3c

SHA512
baab0af3e84bf8b2dc4823a8d166deb0dff92faae7fdd195fcf38cff200c3b1d72eb41bcbc136276ed342287c5d6f7b5d75e4c930d611e837ffca670eb5d854f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
Filesize
184KB

MD5
49b395a54d0ea1243b592be7620bc8ec

SHA1
8eb1025d7a34bccf18052047c0f852254e2c3a82

SHA256
d9f9f7d35b72faaa0e5933553f6771d837442cd21aa6e4dcd80189c806d7b54d

SHA512
f9fe2bfc8d27eb721705a7a7f15e20bbf62228e80dab1c582318319c4385cb1f3e0b77ccf39c44ba3c2ec142219dc8749e62b71c0795c23fc66221cf43b79cec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
Filesize
184KB

MD5
5704b8cbce53f5f3bd5184e6ee9c0215

SHA1
627696371aba275612bd0f2c525b32d1102d55b0

SHA256
ed62d3552f860db0dfaae708ba78178fe25f3406ac74d35c407078fd4c04da57

SHA512
2a3abbfd8c23ccb8b61d75e9c7564b2649442d205657ee0782f492228579245655c357851fefc62b1c8f49d40ed7e11ae053d4308aa83f5b66ac5fca50902924

Download Submit
memory/2336-705-0x00000000028E0000-0x0000000002A3C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads