bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe
Size

184KB
MD5

cc3effab3b7dbaba9a54509aecff692f
SHA1

351a9992fffca35dcaa2624bd7ed68f62a57e719
SHA256

bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b
SHA512

27e6e8f862093ad3af14d637558d72b2574875ee569b4eb05633c21d41ceb5d42dc5b32b1a21276844cb573bd6371d59a333421421f8fea68fdd029c984e443b
SSDEEP

3072:hOb3a2oTKaODdj4WrJDVRKssvGnViF7n3:hOjo25j4SVYssvGnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-8965.exeUnicorn-49557.exeUnicorn-46028.exeUnicorn-12131.exeUnicorn-61332.exeUnicorn-57803.exeUnicorn-20147.exeUnicorn-39881.exeUnicorn-23353.exeUnicorn-43219.exeUnicorn-35186.exeUnicorn-31656.exeUnicorn-31464.exeUnicorn-17013.exeUnicorn-34226.exeUnicorn-29627.exeUnicorn-292.exeUnicorn-46769.exeUnicorn-29172.exeUnicorn-9306.exeUnicorn-61460.exeUnicorn-28596.exeUnicorn-28138.exeUnicorn-44475.exeUnicorn-31476.exeUnicorn-27946.exeUnicorn-47812.exeUnicorn-2342.exeUnicorn-53811.exeUnicorn-50282.exeUnicorn-54496.exeUnicorn-33561.exeUnicorn-53427.exeUnicorn-39587.exeUnicorn-19337.exeUnicorn-39011.exeUnicorn-34412.exeUnicorn-55155.exeUnicorn-4885.exeUnicorn-53894.exeUnicorn-2233.exeUnicorn-21030.exeUnicorn-34905.exeUnicorn-32914.exeUnicorn-2161.exeUnicorn-33765.exeUnicorn-63977.exeUnicorn-30043.exeUnicorn-1585.exeUnicorn-32731.exeUnicorn-20802.exeUnicorn-52213.exeUnicorn-32155.exeUnicorn-48492.exeUnicorn-18965.exeUnicorn-51637.exeUnicorn-47039.exeUnicorn-35109.exeUnicorn-17512.exeUnicorn-47724.exeUnicorn-2052.exeUnicorn-16862.exeUnicorn-21269.exeUnicorn-21269.exe

pid	process
2096	Unicorn-8965.exe
2128	Unicorn-49557.exe
1984	Unicorn-46028.exe
2408	Unicorn-12131.exe
1820	Unicorn-61332.exe
2828	Unicorn-57803.exe
2820	Unicorn-20147.exe
2940	Unicorn-39881.exe
2388	Unicorn-23353.exe
2196	Unicorn-43219.exe
1728	Unicorn-35186.exe
1040	Unicorn-31656.exe
2072	Unicorn-31464.exe
2088	Unicorn-17013.exe
2856	Unicorn-34226.exe
324	Unicorn-29627.exe
612	Unicorn-292.exe
452	Unicorn-46769.exe
2308	Unicorn-29172.exe
696	Unicorn-9306.exe
1940	Unicorn-61460.exe
780	Unicorn-28596.exe
304	Unicorn-28138.exe
320	Unicorn-44475.exe
2880	Unicorn-31476.exe
1980	Unicorn-27946.exe
1072	Unicorn-47812.exe
2236	Unicorn-2342.exe
1684	Unicorn-53811.exe
3056	Unicorn-50282.exe
1628	Unicorn-54496.exe
2668	Unicorn-33561.exe
2120	Unicorn-53427.exe
2476	Unicorn-39587.exe
2524	Unicorn-19337.exe
2520	Unicorn-39011.exe
2028	Unicorn-34412.exe
2792	Unicorn-55155.exe
2944	Unicorn-4885.exe
2756	Unicorn-53894.exe
1944	Unicorn-2233.exe
760	Unicorn-21030.exe
2748	Unicorn-34905.exe
1292	Unicorn-32914.exe
488	Unicorn-2161.exe
1324	Unicorn-33765.exe
1156	Unicorn-63977.exe
2288	Unicorn-30043.exe
1808	Unicorn-1585.exe
956	Unicorn-32731.exe
1360	Unicorn-20802.exe
656	Unicorn-52213.exe
572	Unicorn-32155.exe
564	Unicorn-48492.exe
1744	Unicorn-18965.exe
2240	Unicorn-51637.exe
2156	Unicorn-47039.exe
2348	Unicorn-35109.exe
2552	Unicorn-17512.exe
2660	Unicorn-47724.exe
2560	Unicorn-2052.exe
2640	Unicorn-16862.exe
2512	Unicorn-21269.exe
3032	Unicorn-21269.exe

Loads dropped DLL 64 IoCs

Processes:

bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exeUnicorn-8965.exeUnicorn-49557.exeUnicorn-46028.exeWerFault.exeUnicorn-61332.exeUnicorn-57803.exeWerFault.exeWerFault.exeUnicorn-20147.exeUnicorn-12131.exeUnicorn-23353.exeUnicorn-43219.exeUnicorn-39881.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe
2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe
2096	Unicorn-8965.exe
2096	Unicorn-8965.exe
2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe
2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe
2096	Unicorn-8965.exe
2128	Unicorn-49557.exe
2128	Unicorn-49557.exe
1984	Unicorn-46028.exe
2096	Unicorn-8965.exe
1984	Unicorn-46028.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
1820	Unicorn-61332.exe
1820	Unicorn-61332.exe
2128	Unicorn-49557.exe
2128	Unicorn-49557.exe
1984	Unicorn-46028.exe
1984	Unicorn-46028.exe
2828	Unicorn-57803.exe
2828	Unicorn-57803.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1952	WerFault.exe
1820	Unicorn-61332.exe
2820	Unicorn-20147.exe
2820	Unicorn-20147.exe
1820	Unicorn-61332.exe
2408	Unicorn-12131.exe
2408	Unicorn-12131.exe
2388	Unicorn-23353.exe
2388	Unicorn-23353.exe
2196	Unicorn-43219.exe
2196	Unicorn-43219.exe
2828	Unicorn-57803.exe
2828	Unicorn-57803.exe
2940	Unicorn-39881.exe
2940	Unicorn-39881.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
824	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2604	2836	WerFault.exe	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe
2152	2096	WerFault.exe	Unicorn-8965.exe
1952	2128	WerFault.exe	Unicorn-49557.exe
1928	1984	WerFault.exe	Unicorn-46028.exe
584	1820	WerFault.exe	Unicorn-61332.exe
1864	2408	WerFault.exe	Unicorn-12131.exe
824	2828	WerFault.exe	Unicorn-57803.exe
1972	2820	WerFault.exe	Unicorn-20147.exe
1680	2388	WerFault.exe	Unicorn-23353.exe
1696	2196	WerFault.exe	Unicorn-43219.exe
1956	2940	WerFault.exe	Unicorn-39881.exe
2652	1728	WerFault.exe	Unicorn-35186.exe
288	2072	WerFault.exe	Unicorn-31464.exe
1380	1040	WerFault.exe	Unicorn-31656.exe
1108	2088	WerFault.exe	Unicorn-17013.exe
992	2856	WerFault.exe	Unicorn-34226.exe
2868	612	WerFault.exe	Unicorn-292.exe
2740	324	WerFault.exe	Unicorn-29627.exe
1724	452	WerFault.exe	Unicorn-46769.exe
2680	2308	WerFault.exe	Unicorn-29172.exe
2076	696	WerFault.exe	Unicorn-9306.exe
2996	780	WerFault.exe	Unicorn-28596.exe
2416	1940	WerFault.exe	Unicorn-61460.exe
2776	1980	WerFault.exe	Unicorn-27946.exe
1336	304	WerFault.exe	Unicorn-28138.exe
1004	320	WerFault.exe	Unicorn-44475.exe
3048	1072	WerFault.exe	Unicorn-47812.exe
1272	2880	WerFault.exe	Unicorn-31476.exe
2380	956	WerFault.exe	Unicorn-32731.exe
2168	2236	WerFault.exe	Unicorn-2342.exe
1816	1684	WerFault.exe	Unicorn-53811.exe
1256	2668	WerFault.exe	Unicorn-33561.exe
1608	1628	WerFault.exe	Unicorn-54496.exe
2000	2120	WerFault.exe	Unicorn-53427.exe
3028	3056	WerFault.exe	Unicorn-50282.exe
1600	2792	WerFault.exe	Unicorn-55155.exe
2224	2748	WerFault.exe	Unicorn-34905.exe
2816	1944	WerFault.exe	Unicorn-2233.exe
3488	2476	WerFault.exe	Unicorn-39587.exe
3792	760	WerFault.exe	Unicorn-21030.exe
3952	1292	WerFault.exe	Unicorn-32914.exe
4008	2520	WerFault.exe	Unicorn-39011.exe
3616	2156	WerFault.exe	Unicorn-47039.exe
3632	2552	WerFault.exe	Unicorn-17512.exe
3696	564	WerFault.exe	Unicorn-48492.exe
3716	2560	WerFault.exe	Unicorn-2052.exe
3832	2936	WerFault.exe	Unicorn-33006.exe
3944	2616	WerFault.exe	Unicorn-20200.exe
4060	2524	WerFault.exe	Unicorn-19337.exe
3156	2944	WerFault.exe	Unicorn-4885.exe
3228	2028	WerFault.exe	Unicorn-34412.exe
3240	2640	WerFault.exe	Unicorn-16862.exe
2756	2688	WerFault.exe	Unicorn-47556.exe
3480	2160	WerFault.exe	Unicorn-11738.exe
3556	2736	WerFault.exe	Unicorn-47831.exe
3052	2872	WerFault.exe	Unicorn-42657.exe
3976	2456	WerFault.exe	Unicorn-33332.exe
3080	1156	WerFault.exe	Unicorn-63977.exe
3184	2960	WerFault.exe	Unicorn-44110.exe
3340	1808	WerFault.exe	Unicorn-1585.exe
3448	1704	WerFault.exe	Unicorn-64660.exe
3652	2288	WerFault.exe	Unicorn-30043.exe
3772	2772	WerFault.exe	Unicorn-32538.exe
3728	2924	WerFault.exe	Unicorn-33006.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exeUnicorn-8965.exeUnicorn-49557.exeUnicorn-46028.exeUnicorn-61332.exeUnicorn-12131.exeUnicorn-57803.exeUnicorn-20147.exeUnicorn-23353.exeUnicorn-43219.exeUnicorn-39881.exeUnicorn-31656.exeUnicorn-35186.exeUnicorn-31464.exeUnicorn-17013.exeUnicorn-34226.exeUnicorn-29627.exeUnicorn-292.exeUnicorn-46769.exeUnicorn-29172.exeUnicorn-9306.exeUnicorn-61460.exeUnicorn-28596.exeUnicorn-28138.exeUnicorn-44475.exeUnicorn-27946.exeUnicorn-31476.exeUnicorn-47812.exeUnicorn-2342.exeUnicorn-53811.exeUnicorn-50282.exeUnicorn-54496.exeUnicorn-33561.exeUnicorn-53427.exeUnicorn-39587.exeUnicorn-19337.exeUnicorn-39011.exeUnicorn-34412.exeUnicorn-55155.exeUnicorn-4885.exeUnicorn-53894.exeUnicorn-2233.exeUnicorn-21030.exeUnicorn-34905.exeUnicorn-32914.exeUnicorn-2161.exeUnicorn-33765.exeUnicorn-63977.exeUnicorn-30043.exeUnicorn-1585.exeUnicorn-32731.exeUnicorn-20802.exeUnicorn-52213.exeUnicorn-48492.exeUnicorn-32155.exeUnicorn-18965.exeUnicorn-35109.exeUnicorn-47039.exeUnicorn-17512.exeUnicorn-47724.exeUnicorn-2052.exeUnicorn-21269.exeUnicorn-16862.exeUnicorn-21269.exe

pid	process
2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe
2096	Unicorn-8965.exe
2128	Unicorn-49557.exe
1984	Unicorn-46028.exe
1820	Unicorn-61332.exe
2408	Unicorn-12131.exe
2828	Unicorn-57803.exe
2820	Unicorn-20147.exe
2388	Unicorn-23353.exe
2196	Unicorn-43219.exe
2940	Unicorn-39881.exe
1040	Unicorn-31656.exe
1728	Unicorn-35186.exe
2072	Unicorn-31464.exe
2088	Unicorn-17013.exe
2856	Unicorn-34226.exe
324	Unicorn-29627.exe
612	Unicorn-292.exe
452	Unicorn-46769.exe
2308	Unicorn-29172.exe
696	Unicorn-9306.exe
1940	Unicorn-61460.exe
780	Unicorn-28596.exe
304	Unicorn-28138.exe
320	Unicorn-44475.exe
1980	Unicorn-27946.exe
2880	Unicorn-31476.exe
1072	Unicorn-47812.exe
2236	Unicorn-2342.exe
1684	Unicorn-53811.exe
3056	Unicorn-50282.exe
1628	Unicorn-54496.exe
2668	Unicorn-33561.exe
2120	Unicorn-53427.exe
2476	Unicorn-39587.exe
2524	Unicorn-19337.exe
2520	Unicorn-39011.exe
2028	Unicorn-34412.exe
2792	Unicorn-55155.exe
2944	Unicorn-4885.exe
2756	Unicorn-53894.exe
1944	Unicorn-2233.exe
760	Unicorn-21030.exe
2748	Unicorn-34905.exe
1292	Unicorn-32914.exe
488	Unicorn-2161.exe
1324	Unicorn-33765.exe
1156	Unicorn-63977.exe
2288	Unicorn-30043.exe
1808	Unicorn-1585.exe
956	Unicorn-32731.exe
1360	Unicorn-20802.exe
656	Unicorn-52213.exe
564	Unicorn-48492.exe
572	Unicorn-32155.exe
1744	Unicorn-18965.exe
2348	Unicorn-35109.exe
2156	Unicorn-47039.exe
2552	Unicorn-17512.exe
2660	Unicorn-47724.exe
2560	Unicorn-2052.exe
2512	Unicorn-21269.exe
2640	Unicorn-16862.exe
2368	Unicorn-21269.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exeUnicorn-8965.exeUnicorn-49557.exeUnicorn-46028.exeUnicorn-61332.exeUnicorn-57803.exeUnicorn-20147.exe

description	pid	process	target process
PID 2836 wrote to memory of 2096	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	Unicorn-8965.exe
PID 2836 wrote to memory of 2096	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	Unicorn-8965.exe
PID 2836 wrote to memory of 2096	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	Unicorn-8965.exe
PID 2836 wrote to memory of 2096	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	Unicorn-8965.exe
PID 2096 wrote to memory of 2128	2096	Unicorn-8965.exe	Unicorn-49557.exe
PID 2096 wrote to memory of 2128	2096	Unicorn-8965.exe	Unicorn-49557.exe
PID 2096 wrote to memory of 2128	2096	Unicorn-8965.exe	Unicorn-49557.exe
PID 2096 wrote to memory of 2128	2096	Unicorn-8965.exe	Unicorn-49557.exe
PID 2836 wrote to memory of 1984	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	Unicorn-46028.exe
PID 2836 wrote to memory of 1984	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	Unicorn-46028.exe
PID 2836 wrote to memory of 1984	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	Unicorn-46028.exe
PID 2836 wrote to memory of 1984	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	Unicorn-46028.exe
PID 2836 wrote to memory of 2604	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	WerFault.exe
PID 2836 wrote to memory of 2604	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	WerFault.exe
PID 2836 wrote to memory of 2604	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	WerFault.exe
PID 2836 wrote to memory of 2604	2836	bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe	WerFault.exe
PID 2128 wrote to memory of 1820	2128	Unicorn-49557.exe	Unicorn-61332.exe
PID 2128 wrote to memory of 1820	2128	Unicorn-49557.exe	Unicorn-61332.exe
PID 2128 wrote to memory of 1820	2128	Unicorn-49557.exe	Unicorn-61332.exe
PID 2128 wrote to memory of 1820	2128	Unicorn-49557.exe	Unicorn-61332.exe
PID 2096 wrote to memory of 2828	2096	Unicorn-8965.exe	Unicorn-57803.exe
PID 2096 wrote to memory of 2828	2096	Unicorn-8965.exe	Unicorn-57803.exe
PID 2096 wrote to memory of 2828	2096	Unicorn-8965.exe	Unicorn-57803.exe
PID 2096 wrote to memory of 2828	2096	Unicorn-8965.exe	Unicorn-57803.exe
PID 1984 wrote to memory of 2408	1984	Unicorn-46028.exe	Unicorn-12131.exe
PID 1984 wrote to memory of 2408	1984	Unicorn-46028.exe	Unicorn-12131.exe
PID 1984 wrote to memory of 2408	1984	Unicorn-46028.exe	Unicorn-12131.exe
PID 1984 wrote to memory of 2408	1984	Unicorn-46028.exe	Unicorn-12131.exe
PID 2096 wrote to memory of 2152	2096	Unicorn-8965.exe	WerFault.exe
PID 2096 wrote to memory of 2152	2096	Unicorn-8965.exe	WerFault.exe
PID 2096 wrote to memory of 2152	2096	Unicorn-8965.exe	WerFault.exe
PID 2096 wrote to memory of 2152	2096	Unicorn-8965.exe	WerFault.exe
PID 1820 wrote to memory of 2820	1820	Unicorn-61332.exe	Unicorn-20147.exe
PID 1820 wrote to memory of 2820	1820	Unicorn-61332.exe	Unicorn-20147.exe
PID 1820 wrote to memory of 2820	1820	Unicorn-61332.exe	Unicorn-20147.exe
PID 1820 wrote to memory of 2820	1820	Unicorn-61332.exe	Unicorn-20147.exe
PID 2128 wrote to memory of 2940	2128	Unicorn-49557.exe	Unicorn-39881.exe
PID 2128 wrote to memory of 2940	2128	Unicorn-49557.exe	Unicorn-39881.exe
PID 2128 wrote to memory of 2940	2128	Unicorn-49557.exe	Unicorn-39881.exe
PID 2128 wrote to memory of 2940	2128	Unicorn-49557.exe	Unicorn-39881.exe
PID 1984 wrote to memory of 2388	1984	Unicorn-46028.exe	Unicorn-23353.exe
PID 1984 wrote to memory of 2388	1984	Unicorn-46028.exe	Unicorn-23353.exe
PID 1984 wrote to memory of 2388	1984	Unicorn-46028.exe	Unicorn-23353.exe
PID 1984 wrote to memory of 2388	1984	Unicorn-46028.exe	Unicorn-23353.exe
PID 2828 wrote to memory of 2196	2828	Unicorn-57803.exe	Unicorn-43219.exe
PID 2828 wrote to memory of 2196	2828	Unicorn-57803.exe	Unicorn-43219.exe
PID 2828 wrote to memory of 2196	2828	Unicorn-57803.exe	Unicorn-43219.exe
PID 2828 wrote to memory of 2196	2828	Unicorn-57803.exe	Unicorn-43219.exe
PID 2128 wrote to memory of 1952	2128	Unicorn-49557.exe	WerFault.exe
PID 2128 wrote to memory of 1952	2128	Unicorn-49557.exe	WerFault.exe
PID 2128 wrote to memory of 1952	2128	Unicorn-49557.exe	WerFault.exe
PID 2128 wrote to memory of 1952	2128	Unicorn-49557.exe	WerFault.exe
PID 1984 wrote to memory of 1928	1984	Unicorn-46028.exe	WerFault.exe
PID 1984 wrote to memory of 1928	1984	Unicorn-46028.exe	WerFault.exe
PID 1984 wrote to memory of 1928	1984	Unicorn-46028.exe	WerFault.exe
PID 1984 wrote to memory of 1928	1984	Unicorn-46028.exe	WerFault.exe
PID 2820 wrote to memory of 1728	2820	Unicorn-20147.exe	Unicorn-35186.exe
PID 2820 wrote to memory of 1728	2820	Unicorn-20147.exe	Unicorn-35186.exe
PID 2820 wrote to memory of 1728	2820	Unicorn-20147.exe	Unicorn-35186.exe
PID 2820 wrote to memory of 1728	2820	Unicorn-20147.exe	Unicorn-35186.exe
PID 1820 wrote to memory of 1040	1820	Unicorn-61332.exe	Unicorn-31656.exe
PID 1820 wrote to memory of 1040	1820	Unicorn-61332.exe	Unicorn-31656.exe
PID 1820 wrote to memory of 1040	1820	Unicorn-61332.exe	Unicorn-31656.exe
PID 1820 wrote to memory of 1040	1820	Unicorn-61332.exe	Unicorn-31656.exe

C:\Users\Admin\AppData\Local\Temp\bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe
"C:\Users\Admin\AppData\Local\Temp\bb1f07ca520d2f530baf0e9444ffaa80052ac2c48f76a1d7f37a95864f81a25b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-61332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61332.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-2342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2342.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-32914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32914.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe
9⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
10⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
11⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
12⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
13⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
14⤵
PID:10360

C:\Users\Admin\AppData\Local\Temp\Unicorn-8325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8325.exe
15⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
14⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 236
13⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
12⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
11⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
10⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
11⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
12⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
13⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
14⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
14⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 236
13⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
12⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
11⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 240
10⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-3046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3046.exe
9⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
10⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
11⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe
12⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
13⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
14⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
14⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
13⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
12⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
11⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
10⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
9⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
8⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-39056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39056.exe
9⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
10⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
11⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
12⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
13⤵
PID:9396

C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
14⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 216
14⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
13⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
12⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
11⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
11⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
12⤵
PID:9328

C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
13⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 236
13⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
12⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
11⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
10⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
9⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
8⤵
- Program crash
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
7⤵
- Program crash
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
9⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
10⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
11⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
12⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
13⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
14⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
15⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
14⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
13⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
12⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
11⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
10⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
10⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
11⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-54589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54589.exe
12⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
13⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
13⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
12⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
11⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
9⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
8⤵
- Program crash
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
10⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
11⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
12⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 216
11⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
10⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
8⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
7⤵
- Program crash
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
6⤵
- Program crash
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-31656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31656.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
9⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
10⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
11⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
12⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
13⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
14⤵
PID:10776

C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
15⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 216
14⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
13⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
12⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
11⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
10⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-11106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11106.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
11⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
12⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
13⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
14⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
13⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
12⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
11⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
10⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
9⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-44110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44110.exe
8⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
11⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
12⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
13⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
14⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
13⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
12⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 236
11⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
9⤵
- Program crash
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
8⤵
- Program crash
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 220
8⤵
- Program crash
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
7⤵
- Program crash
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-64660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64660.exe
8⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
9⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
11⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
12⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
13⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
12⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
11⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
10⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
9⤵
- Program crash
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
10⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
11⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
12⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
12⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 236
11⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
10⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
7⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-50084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50084.exe
9⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-47628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47628.exe
10⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
11⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
12⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
13⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
12⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
11⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
10⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
9⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
8⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
7⤵
- Program crash
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
6⤵
- Program crash
PID:1380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-2052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2052.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
9⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
10⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
11⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-26184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26184.exe
12⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
13⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
14⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 236
14⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
13⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
12⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
11⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 216
10⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
9⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
8⤵
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
11⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
12⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
13⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 236
13⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
12⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
11⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 216
9⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
8⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
8⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
9⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
9⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
8⤵
- Program crash
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
8⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-62076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62076.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-46636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46636.exe
10⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
11⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-15975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15975.exe
12⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
13⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
13⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
12⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
11⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
10⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
11⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
12⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
12⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 240
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 236
11⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
10⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 220
8⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
7⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
10⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
11⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
12⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
11⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
10⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
8⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 220
7⤵
- Program crash
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
6⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
7⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
11⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
12⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-1766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1766.exe
13⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
12⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
11⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
9⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
8⤵
- Program crash
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
7⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
8⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
9⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
10⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
11⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
11⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
10⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
8⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
7⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
6⤵
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
5⤵
- Program crash
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-34226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34226.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-39587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39587.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:656

C:\Users\Admin\AppData\Local\Temp\Unicorn-15818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15818.exe
9⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
10⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-54005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54005.exe
11⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
12⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
13⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
14⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
14⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 236
13⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 236
12⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
11⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
10⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
10⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-20387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20387.exe
11⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
12⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
13⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
13⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 236
12⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
11⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 240
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
8⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
10⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
11⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
12⤵
PID:9360

C:\Users\Admin\AppData\Local\Temp\Unicorn-31077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31077.exe
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 216
13⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
12⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
11⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
10⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 216
9⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
8⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
8⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
10⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
11⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 200
12⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
11⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
10⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 216
9⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
8⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
7⤵
- Program crash
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
8⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-35429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35429.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
11⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
12⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
13⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 236
12⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 236
11⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
9⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
10⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
11⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
12⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
11⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
9⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
8⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
7⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
9⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
10⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
11⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
12⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
11⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
10⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 216
8⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
7⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
6⤵
- Program crash
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
8⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
11⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
12⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
13⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
13⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
12⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
11⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
10⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-47769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47769.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
11⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
12⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
11⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 236
10⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
8⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-29091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29091.exe
7⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
10⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
11⤵
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
11⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
10⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 240
9⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
8⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
7⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
6⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
7⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-41553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41553.exe
11⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
12⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
12⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
11⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 236
10⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
8⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
7⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
10⤵
PID:8236

C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
11⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
12⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
11⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
9⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
8⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
7⤵
- Program crash
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
6⤵
- Program crash
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
5⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
7⤵
- Executes dropped EXE
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
10⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
11⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
12⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
11⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
10⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
7⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
9⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
10⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
11⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
11⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
8⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
7⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
9⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
10⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-45553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45553.exe
11⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
12⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
12⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
11⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
10⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
8⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
7⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
6⤵
- Program crash
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-2233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2233.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
6⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
7⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
7⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-61598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61598.exe
9⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
10⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
11⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 236
11⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
10⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
9⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
8⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
7⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
6⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
7⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
9⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
10⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
11⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
10⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
9⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
8⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
7⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
6⤵
- Program crash
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
5⤵
- Program crash
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-46769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46769.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
8⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
9⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
10⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-33378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33378.exe
11⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
12⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
13⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
14⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
13⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
12⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
11⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
10⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
9⤵
- Program crash
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
11⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
12⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 236
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
11⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
10⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
8⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
7⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
8⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
10⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
11⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\Unicorn-27747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27747.exe
12⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 220
12⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
11⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
9⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
8⤵
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
7⤵
- Program crash
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
7⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
10⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
11⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
12⤵
PID:11008

C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
13⤵
PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
12⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
10⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
9⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
8⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
7⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-56341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56341.exe
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
10⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
11⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
12⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
11⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
10⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
8⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
7⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
6⤵
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
7⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
7⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
8⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
9⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
10⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
11⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 220
11⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
10⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
9⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
8⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 220
7⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
6⤵
- Program crash
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
5⤵
- Program crash
PID:288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
7⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
8⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
10⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 220
11⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
10⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
8⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
7⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
9⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
10⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
11⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
12⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
11⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
10⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
9⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
8⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
7⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
6⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
7⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
9⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
10⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
11⤵
PID:9256

C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
12⤵
PID:1068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 236
11⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
10⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 216
8⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
7⤵
- Program crash
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
6⤵
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
6⤵
- Executes dropped EXE
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
7⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
11⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
12⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
11⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
10⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
8⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
7⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
8⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
9⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
10⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 220
11⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
10⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
9⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
8⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
7⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
6⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
7⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
8⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
9⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
10⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
11⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
10⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
9⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
8⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
7⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 220
6⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
5⤵
- Program crash
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
7⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-264.exe
9⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
10⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
11⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
11⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
10⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
9⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
8⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
7⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
6⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
6⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
7⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
8⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
9⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
9⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
10⤵
PID:10572

C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
11⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
10⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 240
9⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
8⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
7⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
5⤵
- Program crash
PID:1336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
4⤵
- Program crash
PID:1680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
2⤵
- Program crash
PID:2604

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
Filesize
184KB

MD5
0ccaf9af88c1719d269816b5e54cc52d

SHA1
635e779085777a3c3dbfb8217e1abf015e91bb31

SHA256
ee8801c585ef826c1dc630f42e53aa7c387dd9fd99c618425f96322293a8c163

SHA512
96a8973dee63e76d551b4f9b011d9ed53a22f3d4edf230d1446c5fc240b4a44afdbf5f4cdcc76c030834765339d1bd2a7e94dc23f9b6f6918f2df73dbd2af961

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
Filesize
184KB

MD5
e2f1638bf79ffc6815897ae2c10b4a21

SHA1
16a385858911a4a141b22114e05498b9c68b2e81

SHA256
afaa334a96a7fef9ecd3c249e76329a9fb35586e66f62217b5cd7365292c3ab2

SHA512
cc4e10258426d2a18e4fa012e5b04b5ff4c053c3c20fced532ef333b79764ebff1c1914632410374d61e2e57ecb62c16633e2a244f9477f56991ab9e59539310

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
Filesize
184KB

MD5
ca94a672cdde056cec4a4f6e9e816c71

SHA1
9e6c3b7912df9ff954c95be6e762028e5cd176ff

SHA256
ad5599c1a7c66dbd06b195b4c8ade0691f48b3cc198285f4f77683480f72d11e

SHA512
5b43d870a27295674f42816caea2c8eb4974ed0068e7532445a46a662f536ba0bdd99d58374afbaf2260473b6c18c1d1af622b8c76410b048dea166ed135246d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
Filesize
184KB

MD5
c56b4f00afd7eb24eacb6cc2ff4a7419

SHA1
b9585af6e500f3c59f0ca902fc3bf62553ba71d5

SHA256
537ba0060c7154eb19d53bb5b9eeae3e87150201f98ffdd678f30525aaa32165

SHA512
93bf6158e2fa2ef32efe6189adada035c43f9da56ab33a2175be65cd9fb45c56eb65c32623735ad7e274ec6886e5f56ef9fee5b78bb3ffd1686fbbdd3495e03a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
Filesize
184KB

MD5
de9c6a67305a86d1aba19da9c70ed44f

SHA1
63adbbe147c5486395dcad50e76637effe17f1a4

SHA256
4729de93ab8876eea295defe45f6eb1f45a6ca79355deff077052191d01c2796

SHA512
ca1c5ec14c5a2f6a69468f424e77c0d4e1229fba40ebf7449fdacf749287969886f6936a93775b660f6dc2c8f7bcbd9337f5589ec2965cf3dc381571d43d30a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
Filesize
184KB

MD5
d0c1f4c4c2ec6449cd47f2cbec56bc3e

SHA1
fe7a9b67c896554dc4cbe68788c71a5839342f89

SHA256
43749e457202356b8977c2062f9a95118686be63a783d16068e9f98fd07bce0b

SHA512
3888466fcd007ab8acc5565d77bcf2fee44100b2649fd91f92330a770cd9e36eab5083bfeabd4c0328af39e920db3173e3052dd7fa704ecac499c75541fece36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
Filesize
184KB

MD5
a05abd7cb510b4c827947b77e04bd94f

SHA1
ce740addcb23fe25c3b63ecd902dfae3c757652c

SHA256
64babb8c57febefcf9b61444c1e83940d03c3e1f0bd99e3d91c8b817c21fd46f

SHA512
45a9543313a5c95ceca5149f9f7bb3b21b6beb12fc13e82718562891010edf49444ddc1b52cb2aca33c5312a42f2c3f3d42609433d789af421917f31c040bea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
Filesize
184KB

MD5
a8e0416b0bc28afed1912454c5af0f74

SHA1
0d10b9e8765dc903c0a11792a48627a89cdd25b9

SHA256
3af2e1a953436ec688b5fee077031ab72b84d540cc7bed385d529a4e5ddc61ec

SHA512
76d36e562cec4f52c0200d4f3a492ce54f06239a40c9c1c9a6c7ffe9091785ff2fb9f3ffa7ee15b2ae1a2e3ebc1f81457ced6eee4aab0e1a3a7079d479728460

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
Filesize
184KB

MD5
0765b5f37c758b07d4814ebff85e84a2

SHA1
517af218e020c734eecfc2e7a4428fd273820824

SHA256
d31374023724676ee1f834357c2e713e5dbd1e85a162f3e1071e9aa571121df1

SHA512
1406b7705f887e6f7389064ce8fc47ce14a9f4e4a68fe22c0ec3642e16ebedf4c27bc37e2559fd3f2d475c1894bc5ef71a00eb7fbd090809ca5f021ec3b4a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
Filesize
184KB

MD5
21e034e3ca799bdffae1309150f9ed09

SHA1
bbae5b334ec8a83bcccb3058a719baba22de408b

SHA256
e5f063aede7f5c23ed7cf4b87282beb060c61b95b586c6dafc31c317c39a76fb

SHA512
4ee4bdf23b74d867219a59ba4478a751d8fd83bd98c63eb7e390bb1e4c6f3228caf48b558b2baa6e44caf30e6f348eee5e70f3499480567fc4ab55f71187bcd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
Filesize
184KB

MD5
7a43fcbc79b6c08c20bad2eff8027928

SHA1
e7d1ac20e3ecbdafc098064e05f74d70b966b88a

SHA256
5a0ab36e44eaee8d0d7a5e145382c2ccd4fe3447a95b195e927aaa9048d0684d

SHA512
2d55f9b38592d8e30b1be73cc4f1d9c9c1298622d823cb7fbd6f481a53e2806bc54b71db5dd89f08712dce07ecd4002f460e80f4c1426635dbdc8c72a4b69d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
Filesize
184KB

MD5
d44fb9a348346548c88ec3742eeb408e

SHA1
b946e0df15c1f43ac9fc568846adb8e1824b3d69

SHA256
61a820c25d9ec9945bc7220efbc2b435510d81d1af51e025f19074e888e19b76

SHA512
0787109c8ef634bd8ba371246633c58a8d58272a5135815374db17b578186e1544637de613e8488eb0289d35287710c2d4346de80e97b47a3b3ae2870ac890b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
Filesize
184KB

MD5
20431328394b25bbc0acf1d237813f7d

SHA1
8ec7f1134c5d35cdd3f83c1f17a2feb3ca69ad4a

SHA256
9a44e34abf87a45b800643a4f39fb69c898368bd7ef37b7d1e28309c63e17f11

SHA512
bd7092acea14f675e5385bf972775511a34331de5bae0ca5e2489924dd0feb3de0fdc08e7930a69aef0731b75e7a56c2347326f0f08fa26937ba963eedc6824c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
Filesize
184KB

MD5
d4b7d71376719ac36f3958cae8aba0c6

SHA1
89c01171a6a8835db26e3f778d0ad8b689e2028d

SHA256
a949a67c68291fd33e6582fd0a38d04d086cbf8a3548ee9ae031c3d0bb71a6be

SHA512
5699f5a37ed8776fa4c6f93d9f6b6a3777672776f2c1dcce0ac5c7eff5c7582ca6d0bd0d8ac0f772f900b7b614642075367b4bde991298164fb66de6af30f818

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
Filesize
184KB

MD5
348c92c1b4de2ee1608ceb01ad6bcb74

SHA1
4e6e7f245dd8a119b0f5b25359a71045f952ed33

SHA256
fefc9c868df5c2423c3a58a252d7c2b2d7777dee20cb3c3a62c7068776d339de

SHA512
78240eea790610df822ed8ce82b24264bfd01a3f90fa625ac14268080bf34dd66e2faa974e130e2c1ae60236ce4f3383ea363179d57cc31182b832c578519b5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31656.exe
Filesize
184KB

MD5
f004bdc7f07568102b5647831cdc8613

SHA1
2998de1bc45f022967f2d28ba18fa24184752515

SHA256
be218a65a22088bdfd0d26441b5ac20350a6b99f9a412df3a02936907a922d4b

SHA512
fb30409fd015e1a6d0b3b7501bb1193a19e9820f57e09347b431e3265efca7e7442a9e95181dbed889057765c86fff9a32bbff1883d0a24acd08e090dd9441fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
Filesize
184KB

MD5
3b5f0ee3376c146dff3f13ffe455a326

SHA1
42aea83242282766a01f77151ae060646bd0a614

SHA256
a06cbd92cc4d5bb52ad785a83e5ad9a745a195970c40f58ca90d195be6099ed0

SHA512
ea44e8ad8d0500b4e3fddd438b2a3a87d73722975d0bec7ac6450f5452cd3d5056f790c3bdf710d5c3beb961d041c0006d006d232f5fe1463bd7a9a325f32804

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
Filesize
184KB

MD5
e7fe86862b41907217fd5a5f7cfcf14c

SHA1
2c37fe756bcd8f42b61493f5a335cbe9f5a0196f

SHA256
953b56496620df04b101f473122e05b0d5cfedaa1fdafa9918255197ad884695

SHA512
09328a3be54fc8787d154a578ccff712f98a46d14f9bbc843c6f23e32047e5549efb8e5cd540cf5398913463d6dff217beedbe10cda9ed5cbc0158a7249c9707

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
Filesize
184KB

MD5
c582790d11cc704c8cb42b0168e3d254

SHA1
d01037746ef098e3d492b46152867f120716c000

SHA256
2f65bdfd8f5c00003fa7be272f9b3fba9a64a8ffce02ab8f9787a585e55f401e

SHA512
11daf72ee9e40f992ba6e937d26ac13a27a7a52b466f546d017370b6cde52fbc22dc966bd8ef674609bdfd4e60f92e2b532f7f7b13d963d39a86b93f35151baf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
Filesize
184KB

MD5
9fac2e49d931abd7c00d4f1b5c970cd7

SHA1
402a26eac1222d3af12476751aaf693869689c1f

SHA256
91aced6fac8b96ffc806521fde66f206870b25cfe7aca8a1062a321e7c1160b7

SHA512
083b7ee2f013c74ab8726fc875e431e3df2442e0a55d462cca6b3012d8884c3a7237045be5d2c09a3e8330a908c9a5083c2193cd39f37fd430fbfcfecae34233

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61332.exe
Filesize
184KB

MD5
fe4d4d6895d2a667a04a36d0bcf3c523

SHA1
93977ba180eee983a1a2c6daae95589b7bc7f02b

SHA256
6ac0b129b3c45e1b99fa3a6b08b606fa4796fc399d832bef156aa169cc3e21f6

SHA512
c8206fa6a742c038b44ffbeabca230bd0ec0ccb88add04b77937c9044c63868ba9be5143cab31c7c27581e00b61bf7d14b7263b141a7ce0e27d425d25b78fd5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
Filesize
184KB

MD5
a2b06e193038d2e4c9d4db7bbaae376d

SHA1
2fe66911ee552170661ed781aa28271133c08c44

SHA256
013c2b4a049d13b92a102bc6bb75a8f413bef27c865985fb5238904e7c97965c

SHA512
8b826532d68c8094d848e334a9c1cf8324511d908abf46eb01375b32c6d2c44fdc76b6c6a110b2f85188049722c34382bfcb45680ebaadb7dd2b1e0981983c1c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads