4739cbd6f5f7aeace7a5c7c33f92fcc496a3d82588193096223f6e4fd9b87fb3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

752286944275317b5c70e042c139a571.exe
Size

184KB
MD5

752286944275317b5c70e042c139a571
SHA1

cff7ee6face5a0f223ba09799dd07bb5fad2bd23
SHA256

4739cbd6f5f7aeace7a5c7c33f92fcc496a3d82588193096223f6e4fd9b87fb3
SHA512

6bd18ac3a637c650caf6b7d066c528cb4d8a6a802af699628e7571fdfd28d33669ca73bb6de0050028dced328cd23a04eeb1cc92b5cae22ce07424f54bba8e95
SSDEEP

3072:MKbao+UfRhilnjGd/GMG3zlbRbz6G/oIbyYxTle4b7l6dpF1:MKGoHXiladOMG3z3VVB7l6dpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-35033.exeUnicorn-19055.exeUnicorn-48390.exeUnicorn-57217.exeUnicorn-15630.exeUnicorn-56662.exeUnicorn-37524.exeUnicorn-21188.exeUnicorn-58691.exeUnicorn-54607.exeUnicorn-17104.exeUnicorn-34867.exeUnicorn-2173.exeUnicorn-9786.exeUnicorn-1618.exeUnicorn-58987.exeUnicorn-51566.exeUnicorn-35443.exeUnicorn-15577.exeUnicorn-31406.exeUnicorn-60741.exeUnicorn-35765.exeUnicorn-47633.exeUnicorn-35381.exeUnicorn-52464.exeUnicorn-64161.exeUnicorn-43741.exeUnicorn-43741.exeUnicorn-19791.exeUnicorn-43741.exeUnicorn-24835.exeUnicorn-28919.exeUnicorn-53253.exeUnicorn-28426.exeUnicorn-48292.exeUnicorn-49444.exeUnicorn-9158.exeUnicorn-57228.exeUnicorn-8774.exeUnicorn-12303.exeUnicorn-63019.exeUnicorn-37960.exeUnicorn-33300.exeUnicorn-37384.exeUnicorn-53590.exeUnicorn-65287.exeUnicorn-43174.exeUnicorn-29299.exeUnicorn-29299.exeUnicorn-29491.exeUnicorn-34129.exeUnicorn-33191.exeUnicorn-58442.exeUnicorn-38391.exeUnicorn-43221.exeUnicorn-17395.exeUnicorn-13502.exeUnicorn-34669.exeUnicorn-54535.exeUnicorn-54535.exeUnicorn-51966.exeUnicorn-8925.exeUnicorn-8925.exeUnicorn-46621.exe

pid	process
1292	Unicorn-35033.exe
2836	Unicorn-19055.exe
2440	Unicorn-48390.exe
2400	Unicorn-57217.exe
2848	Unicorn-15630.exe
2808	Unicorn-56662.exe
2636	Unicorn-37524.exe
2624	Unicorn-21188.exe
1964	Unicorn-58691.exe
1580	Unicorn-54607.exe
1100	Unicorn-17104.exe
476	Unicorn-34867.exe
652	Unicorn-2173.exe
2044	Unicorn-9786.exe
1400	Unicorn-1618.exe
1920	Unicorn-58987.exe
1556	Unicorn-51566.exe
2248	Unicorn-35443.exe
1160	Unicorn-15577.exe
1524	Unicorn-31406.exe
1680	Unicorn-60741.exe
1380	Unicorn-35765.exe
1612	Unicorn-47633.exe
1820	Unicorn-35381.exe
956	Unicorn-52464.exe
616	Unicorn-64161.exe
2100	Unicorn-43741.exe
3032	Unicorn-43741.exe
2088	Unicorn-19791.exe
2004	Unicorn-43741.exe
2320	Unicorn-24835.exe
3036	Unicorn-28919.exe
2012	Unicorn-53253.exe
1720	Unicorn-28426.exe
2496	Unicorn-48292.exe
2796	Unicorn-49444.exe
1740	Unicorn-9158.exe
2884	Unicorn-57228.exe
2620	Unicorn-8774.exe
2812	Unicorn-12303.exe
1248	Unicorn-63019.exe
2488	Unicorn-37960.exe
2552	Unicorn-33300.exe
1952	Unicorn-37384.exe
1692	Unicorn-53590.exe
2016	Unicorn-65287.exe
892	Unicorn-43174.exe
1836	Unicorn-29299.exe
528	Unicorn-29299.exe
2440	Unicorn-29491.exe
3064	Unicorn-34129.exe
2180	Unicorn-33191.exe
1280	Unicorn-58442.exe
1476	Unicorn-38391.exe
2756	Unicorn-43221.exe
2872	Unicorn-17395.exe
2876	Unicorn-13502.exe
2988	Unicorn-34669.exe
1860	Unicorn-54535.exe
992	Unicorn-54535.exe
2264	Unicorn-51966.exe
1536	Unicorn-8925.exe
832	Unicorn-8925.exe
1552	Unicorn-46621.exe

Loads dropped DLL 64 IoCs

Processes:

pid	process
1740	752286944275317b5c70e042c139a571.exe
1740	752286944275317b5c70e042c139a571.exe
1292	Unicorn-35033.exe
1292	Unicorn-35033.exe
1740	752286944275317b5c70e042c139a571.exe
1740	752286944275317b5c70e042c139a571.exe
1292	Unicorn-35033.exe
2836	Unicorn-19055.exe
1292	Unicorn-35033.exe
2440	Unicorn-48390.exe
2836	Unicorn-19055.exe
2440	Unicorn-48390.exe
2400	Unicorn-57217.exe
2400	Unicorn-57217.exe
2808	Unicorn-56662.exe
2808	Unicorn-56662.exe
2440	Unicorn-48390.exe
2440	Unicorn-48390.exe
2848	Unicorn-15630.exe
2848	Unicorn-15630.exe
2836	Unicorn-19055.exe
2836	Unicorn-19055.exe
2624	Unicorn-21188.exe
2624	Unicorn-21188.exe
2808	Unicorn-56662.exe
2808	Unicorn-56662.exe
2636	Unicorn-37524.exe
2636	Unicorn-37524.exe
1580	Unicorn-54607.exe
1580	Unicorn-54607.exe
1964	Unicorn-58691.exe
1964	Unicorn-58691.exe
2400	Unicorn-57217.exe
2400	Unicorn-57217.exe
2848	Unicorn-15630.exe
2848	Unicorn-15630.exe
1100	Unicorn-17104.exe
1100	Unicorn-17104.exe
476	Unicorn-34867.exe
476	Unicorn-34867.exe
2624	Unicorn-21188.exe
2624	Unicorn-21188.exe
652	Unicorn-2173.exe
652	Unicorn-2173.exe
1160	Unicorn-15577.exe
1160	Unicorn-15577.exe
2044	Unicorn-9786.exe
2044	Unicorn-9786.exe
2636	Unicorn-37524.exe
2636	Unicorn-37524.exe
1920	Unicorn-58987.exe
1920	Unicorn-58987.exe
1556	Unicorn-51566.exe
1556	Unicorn-51566.exe
2248	Unicorn-35443.exe
1400	Unicorn-1618.exe
2248	Unicorn-35443.exe
1400	Unicorn-1618.exe
1964	Unicorn-58691.exe
1964	Unicorn-58691.exe
1580	Unicorn-54607.exe
1580	Unicorn-54607.exe
1100	Unicorn-17104.exe
1100	Unicorn-17104.exe

Program crash 9 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2568	3064	WerFault.exe	Unicorn-34129.exe
2524	2016	WerFault.exe	Unicorn-65287.exe
2060	2560	WerFault.exe	Unicorn-451.exe
2704	2508	WerFault.exe	Unicorn-7138.exe
1612	2668	WerFault.exe	Unicorn-39245.exe
1812	2188	WerFault.exe	Unicorn-47476.exe
436	1384	WerFault.exe	Unicorn-28888.exe
1628	2628	WerFault.exe	Unicorn-65364.exe
868	1484	WerFault.exe	Unicorn-7147.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

752286944275317b5c70e042c139a571.exeUnicorn-35033.exeUnicorn-19055.exeUnicorn-48390.exeUnicorn-57217.exeUnicorn-56662.exeUnicorn-15630.exeUnicorn-21188.exeUnicorn-37524.exeUnicorn-54607.exeUnicorn-58691.exeUnicorn-17104.exeUnicorn-34867.exeUnicorn-9786.exeUnicorn-2173.exeUnicorn-58987.exeUnicorn-1618.exeUnicorn-15577.exeUnicorn-51566.exeUnicorn-35443.exeUnicorn-31406.exeUnicorn-60741.exeUnicorn-35765.exeUnicorn-47633.exeUnicorn-35381.exeUnicorn-52464.exeUnicorn-43741.exeUnicorn-43741.exeUnicorn-24835.exeUnicorn-19791.exeUnicorn-64161.exeUnicorn-43741.exeUnicorn-28919.exeUnicorn-48292.exeUnicorn-28426.exeUnicorn-53253.exeUnicorn-49444.exeUnicorn-9158.exeUnicorn-57228.exeUnicorn-8774.exeUnicorn-12303.exeUnicorn-63019.exeUnicorn-37960.exeUnicorn-33300.exeUnicorn-37384.exeUnicorn-53590.exeUnicorn-65287.exeUnicorn-43174.exeUnicorn-29299.exeUnicorn-29299.exeUnicorn-34129.exeUnicorn-29491.exeUnicorn-58442.exeUnicorn-33191.exeUnicorn-17395.exeUnicorn-43221.exeUnicorn-38391.exeUnicorn-13502.exeUnicorn-54535.exeUnicorn-51966.exeUnicorn-8925.exeUnicorn-34669.exeUnicorn-54535.exeUnicorn-2101.exe

pid	process
1740	752286944275317b5c70e042c139a571.exe
1292	Unicorn-35033.exe
2836	Unicorn-19055.exe
2440	Unicorn-48390.exe
2400	Unicorn-57217.exe
2808	Unicorn-56662.exe
2848	Unicorn-15630.exe
2624	Unicorn-21188.exe
2636	Unicorn-37524.exe
1580	Unicorn-54607.exe
1964	Unicorn-58691.exe
1100	Unicorn-17104.exe
476	Unicorn-34867.exe
2044	Unicorn-9786.exe
652	Unicorn-2173.exe
1920	Unicorn-58987.exe
1400	Unicorn-1618.exe
1160	Unicorn-15577.exe
1556	Unicorn-51566.exe
2248	Unicorn-35443.exe
1524	Unicorn-31406.exe
1680	Unicorn-60741.exe
1380	Unicorn-35765.exe
1612	Unicorn-47633.exe
1820	Unicorn-35381.exe
956	Unicorn-52464.exe
2004	Unicorn-43741.exe
2100	Unicorn-43741.exe
2320	Unicorn-24835.exe
2088	Unicorn-19791.exe
616	Unicorn-64161.exe
3032	Unicorn-43741.exe
3036	Unicorn-28919.exe
2496	Unicorn-48292.exe
1720	Unicorn-28426.exe
2012	Unicorn-53253.exe
2796	Unicorn-49444.exe
1740	Unicorn-9158.exe
2884	Unicorn-57228.exe
2620	Unicorn-8774.exe
2812	Unicorn-12303.exe
1248	Unicorn-63019.exe
2488	Unicorn-37960.exe
2552	Unicorn-33300.exe
1952	Unicorn-37384.exe
1692	Unicorn-53590.exe
2016	Unicorn-65287.exe
892	Unicorn-43174.exe
1836	Unicorn-29299.exe
528	Unicorn-29299.exe
3064	Unicorn-34129.exe
2440	Unicorn-29491.exe
1280	Unicorn-58442.exe
2180	Unicorn-33191.exe
2872	Unicorn-17395.exe
2756	Unicorn-43221.exe
1476	Unicorn-38391.exe
2876	Unicorn-13502.exe
1860	Unicorn-54535.exe
2264	Unicorn-51966.exe
832	Unicorn-8925.exe
2988	Unicorn-34669.exe
992	Unicorn-54535.exe
2072	Unicorn-2101.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 1740 wrote to memory of 1292	1740	752286944275317b5c70e042c139a571.exe	Unicorn-35033.exe
PID 1740 wrote to memory of 1292	1740	752286944275317b5c70e042c139a571.exe	Unicorn-35033.exe
PID 1740 wrote to memory of 1292	1740	752286944275317b5c70e042c139a571.exe	Unicorn-35033.exe
PID 1740 wrote to memory of 1292	1740	752286944275317b5c70e042c139a571.exe	Unicorn-35033.exe
PID 1292 wrote to memory of 2836	1292	Unicorn-35033.exe	Unicorn-19055.exe
PID 1292 wrote to memory of 2836	1292	Unicorn-35033.exe	Unicorn-19055.exe
PID 1292 wrote to memory of 2836	1292	Unicorn-35033.exe	Unicorn-19055.exe
PID 1292 wrote to memory of 2836	1292	Unicorn-35033.exe	Unicorn-19055.exe
PID 1740 wrote to memory of 2440	1740	752286944275317b5c70e042c139a571.exe	Unicorn-48390.exe
PID 1740 wrote to memory of 2440	1740	752286944275317b5c70e042c139a571.exe	Unicorn-48390.exe
PID 1740 wrote to memory of 2440	1740	752286944275317b5c70e042c139a571.exe	Unicorn-48390.exe
PID 1740 wrote to memory of 2440	1740	752286944275317b5c70e042c139a571.exe	Unicorn-48390.exe
PID 1292 wrote to memory of 2400	1292	Unicorn-35033.exe	Unicorn-57217.exe
PID 1292 wrote to memory of 2400	1292	Unicorn-35033.exe	Unicorn-57217.exe
PID 1292 wrote to memory of 2400	1292	Unicorn-35033.exe	Unicorn-57217.exe
PID 1292 wrote to memory of 2400	1292	Unicorn-35033.exe	Unicorn-57217.exe
PID 2836 wrote to memory of 2848	2836	Unicorn-19055.exe	Unicorn-15630.exe
PID 2836 wrote to memory of 2848	2836	Unicorn-19055.exe	Unicorn-15630.exe
PID 2836 wrote to memory of 2848	2836	Unicorn-19055.exe	Unicorn-15630.exe
PID 2836 wrote to memory of 2848	2836	Unicorn-19055.exe	Unicorn-15630.exe
PID 2440 wrote to memory of 2808	2440	Unicorn-48390.exe	Unicorn-56662.exe
PID 2440 wrote to memory of 2808	2440	Unicorn-48390.exe	Unicorn-56662.exe
PID 2440 wrote to memory of 2808	2440	Unicorn-48390.exe	Unicorn-56662.exe
PID 2440 wrote to memory of 2808	2440	Unicorn-48390.exe	Unicorn-56662.exe
PID 2400 wrote to memory of 2636	2400	Unicorn-57217.exe	Unicorn-37524.exe
PID 2400 wrote to memory of 2636	2400	Unicorn-57217.exe	Unicorn-37524.exe
PID 2400 wrote to memory of 2636	2400	Unicorn-57217.exe	Unicorn-37524.exe
PID 2400 wrote to memory of 2636	2400	Unicorn-57217.exe	Unicorn-37524.exe
PID 2808 wrote to memory of 2624	2808	Unicorn-56662.exe	Unicorn-21188.exe
PID 2808 wrote to memory of 2624	2808	Unicorn-56662.exe	Unicorn-21188.exe
PID 2808 wrote to memory of 2624	2808	Unicorn-56662.exe	Unicorn-21188.exe
PID 2808 wrote to memory of 2624	2808	Unicorn-56662.exe	Unicorn-21188.exe
PID 2440 wrote to memory of 1964	2440	Unicorn-48390.exe	Unicorn-58691.exe
PID 2440 wrote to memory of 1964	2440	Unicorn-48390.exe	Unicorn-58691.exe
PID 2440 wrote to memory of 1964	2440	Unicorn-48390.exe	Unicorn-58691.exe
PID 2440 wrote to memory of 1964	2440	Unicorn-48390.exe	Unicorn-58691.exe
PID 2848 wrote to memory of 1100	2848	Unicorn-15630.exe	Unicorn-17104.exe
PID 2848 wrote to memory of 1100	2848	Unicorn-15630.exe	Unicorn-17104.exe
PID 2848 wrote to memory of 1100	2848	Unicorn-15630.exe	Unicorn-17104.exe
PID 2848 wrote to memory of 1100	2848	Unicorn-15630.exe	Unicorn-17104.exe
PID 2836 wrote to memory of 1580	2836	Unicorn-19055.exe	Unicorn-54607.exe
PID 2836 wrote to memory of 1580	2836	Unicorn-19055.exe	Unicorn-54607.exe
PID 2836 wrote to memory of 1580	2836	Unicorn-19055.exe	Unicorn-54607.exe
PID 2836 wrote to memory of 1580	2836	Unicorn-19055.exe	Unicorn-54607.exe
PID 2624 wrote to memory of 476	2624	Unicorn-21188.exe	Unicorn-34867.exe
PID 2624 wrote to memory of 476	2624	Unicorn-21188.exe	Unicorn-34867.exe
PID 2624 wrote to memory of 476	2624	Unicorn-21188.exe	Unicorn-34867.exe
PID 2624 wrote to memory of 476	2624	Unicorn-21188.exe	Unicorn-34867.exe
PID 2808 wrote to memory of 652	2808	Unicorn-56662.exe	Unicorn-2173.exe
PID 2808 wrote to memory of 652	2808	Unicorn-56662.exe	Unicorn-2173.exe
PID 2808 wrote to memory of 652	2808	Unicorn-56662.exe	Unicorn-2173.exe
PID 2808 wrote to memory of 652	2808	Unicorn-56662.exe	Unicorn-2173.exe
PID 2636 wrote to memory of 2044	2636	Unicorn-37524.exe	Unicorn-9786.exe
PID 2636 wrote to memory of 2044	2636	Unicorn-37524.exe	Unicorn-9786.exe
PID 2636 wrote to memory of 2044	2636	Unicorn-37524.exe	Unicorn-9786.exe
PID 2636 wrote to memory of 2044	2636	Unicorn-37524.exe	Unicorn-9786.exe
PID 1580 wrote to memory of 1400	1580	Unicorn-54607.exe	Unicorn-1618.exe
PID 1580 wrote to memory of 1400	1580	Unicorn-54607.exe	Unicorn-1618.exe
PID 1580 wrote to memory of 1400	1580	Unicorn-54607.exe	Unicorn-1618.exe
PID 1580 wrote to memory of 1400	1580	Unicorn-54607.exe	Unicorn-1618.exe
PID 1964 wrote to memory of 1920	1964	Unicorn-58691.exe	Unicorn-58987.exe
PID 1964 wrote to memory of 1920	1964	Unicorn-58691.exe	Unicorn-58987.exe
PID 1964 wrote to memory of 1920	1964	Unicorn-58691.exe	Unicorn-58987.exe
PID 1964 wrote to memory of 1920	1964	Unicorn-58691.exe	Unicorn-58987.exe

C:\Users\Admin\AppData\Local\Temp\752286944275317b5c70e042c139a571.exe
"C:\Users\Admin\AppData\Local\Temp\752286944275317b5c70e042c139a571.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 224
9⤵
- Program crash
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
8⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
9⤵
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
10⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
11⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
12⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
13⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
14⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
15⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
16⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
17⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:528

C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
9⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
9⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
10⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
11⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
12⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-7756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7756.exe
13⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
14⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
15⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
9⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
10⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
11⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
12⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
13⤵
PID:520

C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
14⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
7⤵
- Executes dropped EXE
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
8⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-33267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33267.exe
9⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
10⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
11⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-34171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34171.exe
12⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-19021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19021.exe
13⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
14⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
15⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
7⤵
- Executes dropped EXE
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
8⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
9⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
10⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
11⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
12⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
13⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
14⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
15⤵
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
16⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
8⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
9⤵
PID:436

C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
10⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
11⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
12⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
13⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
8⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
9⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
10⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
11⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
12⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
13⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
7⤵
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
7⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-46035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46035.exe
8⤵
PID:368

C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
9⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
10⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
11⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
12⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
13⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
9⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
10⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
11⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
12⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
13⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
14⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
15⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
16⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
7⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
8⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
9⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
10⤵
PID:2508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 224
11⤵
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
8⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
9⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
10⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
11⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
12⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
13⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
14⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
15⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
16⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
8⤵
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
9⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
10⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
11⤵
PID:528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
12⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
13⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 200
14⤵
- Program crash
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
9⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
10⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
11⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
12⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
7⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
8⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
9⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
10⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-33191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33191.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
7⤵
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
8⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
9⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
10⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
11⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
12⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
13⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
14⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
6⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
7⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
8⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
9⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
10⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
11⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
12⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
9⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
10⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
11⤵
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:476

C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
9⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
10⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
11⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
12⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
13⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
14⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
15⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
8⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
9⤵
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
10⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
11⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
12⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
13⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
14⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
15⤵
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
16⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
17⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
12⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
13⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
14⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
15⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
16⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
9⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-6764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6764.exe
10⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
11⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
12⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
13⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
14⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
8⤵
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
9⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
10⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
11⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
12⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
13⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
14⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-29592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29592.exe
9⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
10⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
11⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
12⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
13⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
11⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
12⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-15357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15357.exe
13⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
8⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
9⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
10⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
11⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
12⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
13⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
14⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
15⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
8⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
9⤵
PID:644

C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
10⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
11⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-13691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13691.exe
12⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
8⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
9⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
10⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
11⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
12⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
13⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
14⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
15⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
16⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-15311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15311.exe
10⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
11⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
12⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
13⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
14⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
15⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
16⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
7⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
8⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
9⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
10⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
11⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
8⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
9⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
10⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
11⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
12⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
13⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
14⤵
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
15⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
7⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
8⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
9⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
10⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
11⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
12⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
13⤵
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
11⤵
- Program crash
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
10⤵
- Program crash
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
9⤵
- Program crash
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
8⤵
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
7⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
8⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
9⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
10⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
11⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
12⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
13⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
14⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
15⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
7⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
9⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
10⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
11⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
12⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
13⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-58987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58987.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
7⤵
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
8⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
9⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
10⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
11⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
12⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
13⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
14⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
15⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
7⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
8⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
9⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
10⤵
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
11⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
12⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
13⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
8⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
9⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
10⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
11⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
12⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
13⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
14⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
15⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
16⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
17⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
9⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
10⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
11⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
12⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
13⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
6⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
7⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-35677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35677.exe
8⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
9⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
10⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
11⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
12⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
13⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
14⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
15⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
12⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
13⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
14⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
15⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
16⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
8⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
9⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
10⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
11⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
12⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
13⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
14⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
8⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
9⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
10⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
11⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
12⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
13⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
14⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
6⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
7⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
8⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
9⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
10⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
11⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
12⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
13⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
14⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
15⤵
PID:644

C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
6⤵
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
7⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
8⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
9⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
10⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
11⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
12⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
13⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
14⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
8⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
9⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
10⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
11⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
12⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
6⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
7⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
8⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
9⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
10⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
11⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
12⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
9⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
10⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
11⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
12⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
13⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
8⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
9⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
10⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
11⤵
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
12⤵
- Program crash
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
5⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
6⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
7⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
8⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
9⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
10⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
11⤵
PID:544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe

Filesize
184KB

MD5
5f00a6db13ce4ead4149209e28c74933

SHA1
ec15ab6481f08e839b25f6088d368d168e6c5af0

SHA256
fb2fc855c57d11a47feb18002d08dd102f40e7a8ebb2db1b71ed20f4c0ddc708

SHA512
95dbfd2af2e40272f4c1f098441951b2471e3cda15a727265899f7c2b45014f862c2308c1edf477682df5f0143bc2d28b0c577c9f99247ac94406f94df39b1c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe

Filesize
184KB

MD5
f3a036f866e36880044a682e1e892937

SHA1
639c3d1fb22891642edc2e7ddb5b0f0f0a8ece5f

SHA256
2334f9e7c42139bac02105d3e7e903fddc820ac79484f106b0dc8aa1cf05aafd

SHA512
991557e9216c33e1bf740ec5a94148e82b8fd91faaa5857e5700f457d44e69914aa8f5dfb51b72f565614079946d5b3302a83c6b676e1e65e663ecb49b7fdb50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe

Filesize
184KB

MD5
4f18c83445adad9aff47c28b9d795016

SHA1
4ac0ff2deecacb426cf274a78f5cc14800a4366b

SHA256
41d6fb6d112d392e4f8b68eca1ffbcb5adf646f5e653c8f630ce4c45ef7db990

SHA512
7f04786707cd8cb7a695d7409cf142cae1c5c3e74d49cba6400a648798c11994aada6e0736de642026e73b802dd7cf4c254a695113cdc4eda7b0bb37beb0ecf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe

Filesize
184KB

MD5
687b2c91356debb3c77fba2d4d39894f

SHA1
5a2caf1f7d2c612a1b33fbb68a3ba655f9eba212

SHA256
50901a59dac29406388d5beba619bd861931b5bb529cf985869f652f447fee0c

SHA512
ee966edbecbe24ac8f504531fb2a02feeedfc33607872e0adc818f5f8f2d51cd0a7f929843024510e043c075cb7698f43c4f9cd244369b374792afe4724e68f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe

Filesize
184KB

MD5
a29cb3f15e0fd512aa4a0a3422c37553

SHA1
0104743eaa4b7ef01da8bbc545297063d00d5298

SHA256
37789feb5d708e55416afcccb3a0a98792c75dc2e19526bca25223668d2aa3d6

SHA512
c9276f0e3f070d8ec51b90258d99e8393055a7d53d2bd2f6e6c6dd8d02222c51da7911dd00c63205991437354ffda196e85aa103d1a122774647855e6fcedba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe

Filesize
184KB

MD5
0d4c3ae4199477a8dd1a4ca9a1652b8a

SHA1
0cc5cd884c98d556540f8b4bff875c0b3d4b527f

SHA256
50dbee84e9402158d02b53d065b5ee1d9c25ddbaa5cf96b4f28562a56928bf94

SHA512
ca49cd6a1fde5b0dda8c95df9a21ffa1a35d6f16bb50d462f5a4f7c72f3c258a1f3d37485a4b0f5bfa6aad181391c8ffb6be9960995f845ad72ab544fdd0424b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe

Filesize
184KB

MD5
edd692bdc7439009a3afa908f4e2c832

SHA1
7b107a3c320c9df8c44636fc8a0859d1a83ce22e

SHA256
319d3fb0f2cc95cb22f7da8f1417e77ce513d1c841ae5419fd5e00409a504cb0

SHA512
f15b063cc8677773f7fad874e7da6b39ce562cb23dd546e1d2879ba42735fe719add78b64a289a61ccfa78eee6d8bdcc429463266e9f0b2164ebee986b406c8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe

Filesize
184KB

MD5
d7f33d016fe3406aafbe8d5e6c44f806

SHA1
d876661aa0058c7cc1948e44665e89af4623b7a1

SHA256
9ca1913aecd003eccf7f6204956595acde82267c4a4c98debb4fb8c44feb0f88

SHA512
b9efd5fcaeb1d712402f328650bf6a7bb228455047a2b62d8db9be0eb5582e291a1b1486e9155b4ab1b8e5f01e4fc8ed08bb86524408e91bcbc4f8dac9b66fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe

Filesize
184KB

MD5
804e7e44f4015e6853b01d2156e515ab

SHA1
405b4a695dff3e6bfcb382ead251ee5ec9f7dc00

SHA256
8739c2e0681de7ca1a6cc541be9389d3feee3d2554bf9ea878ab092d7b769f55

SHA512
d7909e8384964fe39b3af08afaab7c0e2bff1fab393e93c0c3c1d1df211bbb48c00925e89ddcd4932b6e897c2ab25278057405eb73f0289b2e6676f683b9a494

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe

Filesize
184KB

MD5
41f35de6bfd42aff3ac4b233deab0ec0

SHA1
b5e0324985c09a22f36eae47779ba50bfe75d26e

SHA256
e27815edc7bfedbcb1d34a9f2e0b569dfa1f6fd4d358e48a310acc4322baf245

SHA512
5f75e240c462a2e898b779c73d0a9022736922a0f4ed05755ca109000409781d3379a03d51d64e97a56d5bd7df806bd626b00e967bc6ba60d047a3ad8f45a923

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe

Filesize
184KB

MD5
7b512ce3fdc9f1b34c6b6b057c326194

SHA1
50feb94be6b372f4610c5be8d126f6456af138d4

SHA256
4f8503078d40ca54ad170682267e1946cb33a3a9b12cb6b6766c807cd1700172

SHA512
6f56ca26f27e3e850f98fd20227d7065f4a9ee620ef6f146a1f15150902e1a5935803ba76e68c9a7c329199f7efdde3194b915cde1ad8dbc1fded14caa5e943a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe

Filesize
184KB

MD5
7041a05d7eb762d323a2b85176c34b09

SHA1
a18838ad82b5e6c9f4fda720172b59ea075b0000

SHA256
77eda1e29152bc66214c6ee0888d15153a2403839fb2ded9aca28d41e879bfa9

SHA512
925ae1a391384b867175f40492d5df9fd57de300707a8e75325bdd147d2af51b0a10c6435a19927eea2cada4f5dd063544726538a11c5f3a727ec77c1eae1465

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58987.exe

Filesize
184KB

MD5
b11440f48f60e01cbce90c91ea17fb12

SHA1
bc73fac7f2b7379f0ac54d5e003728b935483807

SHA256
6726b3173e95e77f69b0c9ca34713c900842a422b8e2673488bbe2f15c3642a8

SHA512
c17624e96eef10e82d2ebcf913ec53200d59e2d636b45e2ad386a870a3f978f3cf8292b103a20c9014ac40cc4ff892755687b09748c19d4a79410925c173dcd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe

Filesize
184KB

MD5
eab078b4cf5a271ba07dd0572e714df2

SHA1
e4f56372266124a8adafffcc261042cf920ed9f7

SHA256
14e61dd3c2ed69e353bd714870ac255e611b35035795ba1ea454ffade528df2d

SHA512
e9050e9f2561c3ae98e898599940b805b0b0a663294e3d7fc5cb978d98e3b3909b4b3bfc19c031a727d36e103578d27f650516abb690edeef227eb406f9c809c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe

Filesize
184KB

MD5
f340950ed8a68dc73c064c5fae179436

SHA1
54afc08d2a660df0e3ba1e5809b35153c916c833

SHA256
8510e9b04c91641527c0662d9203f5d1ea24f0bd737635c086035c58b54856fc

SHA512
809995f3cb2f969214c38e4ac3a8445b0d86146fad826e86268ed55cb01107bfa19edfb2a348c0be8242d872604e385ad2401bd57eb9277ef0c237b5898bd7df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe

Filesize
184KB

MD5
c0f5e9a6fe0326c527c2a9f77ac41d6c

SHA1
5a83445f57c08d1446fc9c288cadebe96f5520d6

SHA256
362361b515127256e7f6b075c1d6210e58fb1507c4d093c988c87f726ec37899

SHA512
42866bc6d22583cad192a4736903238d9e86c0cd994c0f749ff42c39b5dac3cb0f42cc04437b2806199fc450b27cffc2b38fe9f8590bf9a2b25d1ed9f50e468c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe

Filesize
184KB

MD5
60aae5570984283bfa2a5104d44e1b65

SHA1
726667166cf61b8d8e5e09525bfe7f3c72272f0a

SHA256
504f2875db3d3b5c653bf57ae621c55fde189d71f0beeff21c9d5700000b1983

SHA512
002f34980220d83e1287c5754eb1dd66990d2c4ea91c04c60d8a798c65046370174790e1947f9b06142709316c09aea2aabc2a6c52ecc84fdbfa6fe3a846f524

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe

Filesize
184KB

MD5
f802d47b99fc6f96ab1a668947eddabb

SHA1
10132ca45d8d54ead0a94be96faa1b20d5c6a0f8

SHA256
8e37bb38e098f0b09b21bc9a4865cceced640ae4cdfb5651b76b6874b58fe3c8

SHA512
e1f6dbb4828aa324aa94a06e1b930fc1ac6a73c8b19ad5c0388846996ee391e5235d4126e82bc532567381ba549b619b1e90dbb73f9c064debd9754f9a82e8db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe

Filesize
184KB

MD5
f34c689796b60fef780fc3170048d539

SHA1
01457ee34e500ca4718f0ce5e24d5bfc57664d16

SHA256
d2a9a65b28460011a424eb4ead91db89d8fa96da7647095bcf6d61b4ba6fcd45

SHA512
166b258980b38e8e4900d9d7dc6e53fc3541959cdddfd022327ab4d3e2955c0135b6df3170d204cbc0ce51b09190506108115ba2314ca45525ea8ca9aca0611c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe

Filesize
184KB

MD5
b25d5ee456d23a8ffe735cfbb386be7b

SHA1
aa72726489f30eab33d8dc8a99e76ad0ddfd1873

SHA256
afa56c097770f2a0ff3a3f63f6c53f80cd7b57faa73ddf63b71a043ec56f582a

SHA512
aee4a2cfc01a4f8fba566216120c4dfb82f1caa06b451d87157229d67b1ec2e07f5bfc2e1fbedfc3c1efce81546f7f39d549acde3accf872a935bd52dfd51bad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe

Filesize
184KB

MD5
52de4f6491c10920145ed8c5fa8228b1

SHA1
94d01804a18327fe352595bfdb2180f84b325509

SHA256
a1d91a59c27739df38fa1f04fcbc6ca216d339fcf35b0e6753a28fca1a9c16ec

SHA512
bc771500f84779118c8a6ffb845a6d29e90a8a95c7461dfc746c2cc4b47f5cf6c7c182c48f47597be68b2ef28df9ff0511f7ef93bb470eab5c9cc7f6dcd3ded9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe

Filesize
184KB

MD5
56e6177e839ce312ff4c4f7758c117f4

SHA1
08e810f7a108096f169aab9387d4c340e754cfa2

SHA256
1fa5d4f191d160e2ed81d8670e764f5adf304a9d78c2dd43f3658066b03a409d

SHA512
255cbd03c2233ac208d9733152673f452b0b898e1067bd63112e5bb00e038040d5a80fdb93eaa45447215cd088baa64f936d2bc9eddd4b9daf5592a0d8cbb014

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe

Filesize
184KB

MD5
bb068220bc381bcdebeae8c77d40be72

SHA1
44690708fc0f1018475e17be0738fe9a7fa3daa2

SHA256
41ea3629d7a0814446656d32d3199027f66203a4d4eb69c325c550f6ae8c033c

SHA512
4cfbd73660883f3fed9ec9cda900eedaa75fca8ab948a5c240a29824b3e13d1f34b226642e37346e8516f2f3f79d98e4cd846f02a9c069cd76de56bd831ed2a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe

Filesize
184KB

MD5
f00d66f2fa4956d19b524cff285d9f57

SHA1
c4add1899fdd17d76dd6f43b94e3438ed737a57b

SHA256
6d5244f9e619a3637061b4a389a9255623400e45dd16bfda4f21ac2b4652e966

SHA512
852753f9aa6203dfbd86d68cd5f8cb1f63058c9b6f9a77056b4003d3c4d4270e45c16fe684eff423042f4c44913009b0ee963856badee7c1772e4df97151555f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe

Filesize
184KB

MD5
e52c65589867d8b07bf36d0da2aef4fe

SHA1
969d9947d8c161cc63227a8bb3f0e9eede4a45cc

SHA256
d2cba3be7e90ace290b7410953c29b3f4034b09fc888a25c1275dec336ca0550

SHA512
6c0a8875bf8a4cb367364a2f97040589165608a63583c332b20256514e1a4adda36219270ec4ea3b91b3e9aa4ab3f6f7eb7ecab0f663a80585b0c1c0beabe682

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe

Filesize
184KB

MD5
7bb1a78139526ebd4bf766aeb1b26a4d

SHA1
b4752ff08a04be9800d72e1bd5b9b4e71c0e5dc3

SHA256
bdaf5a06c2bf86feaa04bfdc37ff47486a7f623d1728f6809de6d327ac01a0aa

SHA512
c5026231f605c1c38d193b62e6c55d536d7c04a13ab794c6f2bac6e1fc759477407d64ebd9f184ce92e22398f52f8e728449ac35fd6215c0e66fb9657b98ee5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe

Filesize
184KB

MD5
843621fa0012a829d3dda467e2a49aa0

SHA1
20ebc88c7dcc3d9ed7c46927d998e178a1e937d5

SHA256
6ca071a489004f3becc870af013133a96191fea5e5a5f97d77e7f8cb78fa0e7c

SHA512
44b91814c8f4ad83812a6ed906109b33e55dedcacd8c169f3a445c98db108f238b94d0fb1a08f68bd7e8538ac9e975e8bd43cc74aa624d44f482aaa1af6bd037

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe

Filesize
184KB

MD5
de5b7e46d0d0e9fd827318777eddb5fb

SHA1
28b5f8290834491a963bde10104fef00c113591c

SHA256
f47493ce2806de987ca12548d2f7df639c810fc05fdb24cd3514d1c92d340008

SHA512
b52e909f94b7ccb7c62ba42564f0bf33e5727ccb8e582f125f9120bf1b8e41df117d255fb3c7fe9a315d11dd55fddb023a60c14aefe5f34e89d2016578adff43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe

Filesize
184KB

MD5
0efe6df21f15e97b6fd21bbdc5c13515

SHA1
9e5a684e999e23e07fc470bc03a2f433f6bd9db8

SHA256
ccef020dd4a3c1c9437fab5d9711ffd37d57791bbabf67e8256a8b5c2507a264

SHA512
59d26f1d04aae9db2b353d2e5ff472343d7e3ea4ef972733f6d993de621549cd584ba71c58ae68bbd7ee28c6964258bb049585a1bca8dd66e539714d184aec70

Download Submit