Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26-03-2024 09:23
Static task
static1
Behavioral task
behavioral1
Sample
ded2dae5fb60b3025b14d5bca874eb94.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ded2dae5fb60b3025b14d5bca874eb94.exe
Resource
win10v2004-20240226-en
General
-
Target
ded2dae5fb60b3025b14d5bca874eb94.exe
-
Size
184KB
-
MD5
ded2dae5fb60b3025b14d5bca874eb94
-
SHA1
e694ef025b47679e979783670e4f14e4f79a70d5
-
SHA256
943d7aec3fd795e1882dba77e0715382c43e779d91bc4690930b23645a879e9f
-
SHA512
fe21cb3d4286486650fecc36c0d54fe0248477fcbf024d01bb894d989840c0783f1b3231dbd97f50d5222c852e9867a21d2120a1e7a594b367999069bdc44c5a
-
SSDEEP
3072:leHpocgAOA0bOjjMTRc4zFbObV6j/YIcDQx82Py17lPdpFW:leJo2D0bIMNc4zNlkB7lPdpF
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 1900 Unicorn-8020.exe 960 Unicorn-41015.exe 1880 Unicorn-50807.exe 2608 Unicorn-58586.exe 1164 Unicorn-46889.exe 2868 Unicorn-62670.exe 2516 Unicorn-63905.exe 2148 Unicorn-60376.exe 2404 Unicorn-26957.exe 1968 Unicorn-31041.exe 1980 Unicorn-31595.exe 2864 Unicorn-65104.exe 1952 Unicorn-49323.exe 1432 Unicorn-48576.exe 3024 Unicorn-57211.exe 1808 Unicorn-61295.exe 2224 Unicorn-49598.exe 772 Unicorn-24347.exe 2552 Unicorn-12649.exe 2312 Unicorn-53018.exe 2904 Unicorn-37236.exe 1564 Unicorn-65270.exe 1620 Unicorn-38026.exe 1688 Unicorn-22244.exe 1184 Unicorn-62530.exe 2268 Unicorn-54917.exe 1056 Unicorn-46002.exe 2248 Unicorn-42472.exe 2956 Unicorn-13137.exe 760 Unicorn-29474.exe 2888 Unicorn-30028.exe 1664 Unicorn-33558.exe 1964 Unicorn-41965.exe 2128 Unicorn-46604.exe 2732 Unicorn-62385.exe 2692 Unicorn-39779.exe 2696 Unicorn-2276.exe 2620 Unicorn-52032.exe 2564 Unicorn-22697.exe 2500 Unicorn-31419.exe 2252 Unicorn-47201.exe 320 Unicorn-26589.exe 2952 Unicorn-36463.exe 2800 Unicorn-56329.exe 2452 Unicorn-56329.exe 1548 Unicorn-56329.exe 2932 Unicorn-56329.exe 2836 Unicorn-47647.exe 1120 Unicorn-2805.exe 1244 Unicorn-22671.exe 992 Unicorn-36245.exe 588 Unicorn-36245.exe 764 Unicorn-36245.exe 328 Unicorn-56111.exe 564 Unicorn-56111.exe 2556 Unicorn-56111.exe 1132 Unicorn-41673.exe 2124 Unicorn-86.exe 448 Unicorn-58010.exe 768 Unicorn-45758.exe 1992 Unicorn-16423.exe 1692 Unicorn-16423.exe 1168 Unicorn-28675.exe 2900 Unicorn-449.exe -
Loads dropped DLL 64 IoCs
pid Process 948 ded2dae5fb60b3025b14d5bca874eb94.exe 948 ded2dae5fb60b3025b14d5bca874eb94.exe 1900 Unicorn-8020.exe 1900 Unicorn-8020.exe 948 ded2dae5fb60b3025b14d5bca874eb94.exe 948 ded2dae5fb60b3025b14d5bca874eb94.exe 960 Unicorn-41015.exe 960 Unicorn-41015.exe 1900 Unicorn-8020.exe 1900 Unicorn-8020.exe 1880 Unicorn-50807.exe 1880 Unicorn-50807.exe 2608 Unicorn-58586.exe 2608 Unicorn-58586.exe 960 Unicorn-41015.exe 960 Unicorn-41015.exe 1164 Unicorn-46889.exe 1164 Unicorn-46889.exe 2868 Unicorn-62670.exe 2868 Unicorn-62670.exe 1880 Unicorn-50807.exe 1880 Unicorn-50807.exe 2516 Unicorn-63905.exe 2516 Unicorn-63905.exe 2608 Unicorn-58586.exe 2608 Unicorn-58586.exe 2148 Unicorn-60376.exe 2148 Unicorn-60376.exe 2404 Unicorn-26957.exe 2404 Unicorn-26957.exe 1980 Unicorn-31595.exe 1980 Unicorn-31595.exe 1164 Unicorn-46889.exe 1164 Unicorn-46889.exe 1968 Unicorn-31041.exe 1968 Unicorn-31041.exe 2868 Unicorn-62670.exe 2868 Unicorn-62670.exe 2864 Unicorn-65104.exe 2864 Unicorn-65104.exe 2516 Unicorn-63905.exe 2516 Unicorn-63905.exe 1952 Unicorn-49323.exe 1952 Unicorn-49323.exe 1432 Unicorn-48576.exe 1432 Unicorn-48576.exe 2148 Unicorn-60376.exe 2148 Unicorn-60376.exe 3024 Unicorn-57211.exe 3024 Unicorn-57211.exe 2404 Unicorn-26957.exe 2404 Unicorn-26957.exe 1808 Unicorn-61295.exe 1808 Unicorn-61295.exe 1980 Unicorn-31595.exe 1980 Unicorn-31595.exe 2224 Unicorn-49598.exe 2224 Unicorn-49598.exe 2552 Unicorn-12649.exe 2552 Unicorn-12649.exe 1968 Unicorn-31041.exe 1968 Unicorn-31041.exe 772 Unicorn-24347.exe 772 Unicorn-24347.exe -
Program crash 51 IoCs
pid pid_target Process procid_target 2652 1564 WerFault.exe 49 572 2864 WerFault.exe 39 2256 1964 WerFault.exe 60 2404 2312 WerFault.exe 47 1704 2128 WerFault.exe 61 2244 1244 WerFault.exe 78 2800 1120 WerFault.exe 77 2592 2148 WerFault.exe 102 2252 3016 WerFault.exe 114 1880 1856 WerFault.exe 133 1988 3068 WerFault.exe 132 1436 448 WerFault.exe 166 1644 2636 WerFault.exe 146 1080 540 WerFault.exe 176 948 1304 WerFault.exe 190 2704 2460 WerFault.exe 191 1464 1680 WerFault.exe 208 2892 1164 WerFault.exe 207 2284 2996 WerFault.exe 202 1072 1640 WerFault.exe 210 668 2808 WerFault.exe 235 2848 2328 WerFault.exe 211 3408 404 WerFault.exe 229 3816 2428 WerFault.exe 259 3592 1492 WerFault.exe 264 2500 956 WerFault.exe 272 4068 2184 WerFault.exe 257 2544 1536 WerFault.exe 270 3360 2464 WerFault.exe 278 2172 3232 WerFault.exe 299 588 3260 WerFault.exe 317 2700 3680 WerFault.exe 309 3664 3280 WerFault.exe 300 112 3440 WerFault.exe 343 3880 3828 WerFault.exe 332 3780 2092 WerFault.exe 371 3728 3428 WerFault.exe 363 1196 2368 WerFault.exe 381 3304 3024 WerFault.exe 372 4296 3924 WerFault.exe 407 4124 3172 WerFault.exe 408 1580 2964 WerFault.exe 426 4284 1500 WerFault.exe 409 4244 3476 WerFault.exe 424 4160 4328 WerFault.exe 467 3884 3928 WerFault.exe 459 3364 4128 WerFault.exe 462 3276 4920 WerFault.exe 475 3300 3084 WerFault.exe 492 3784 3732 WerFault.exe 524 3888 4324 WerFault.exe 504 -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 948 ded2dae5fb60b3025b14d5bca874eb94.exe 1900 Unicorn-8020.exe 960 Unicorn-41015.exe 1880 Unicorn-50807.exe 2608 Unicorn-58586.exe 1164 Unicorn-46889.exe 2868 Unicorn-62670.exe 2516 Unicorn-63905.exe 2148 Unicorn-60376.exe 2404 Unicorn-26957.exe 1980 Unicorn-31595.exe 1968 Unicorn-31041.exe 2864 Unicorn-65104.exe 1952 Unicorn-49323.exe 1432 Unicorn-48576.exe 3024 Unicorn-57211.exe 1808 Unicorn-61295.exe 2224 Unicorn-49598.exe 2552 Unicorn-12649.exe 772 Unicorn-24347.exe 2312 Unicorn-53018.exe 2904 Unicorn-37236.exe 1564 Unicorn-65270.exe 1620 Unicorn-38026.exe 1688 Unicorn-22244.exe 1184 Unicorn-62530.exe 2268 Unicorn-54917.exe 1056 Unicorn-46002.exe 2956 Unicorn-13137.exe 2248 Unicorn-42472.exe 1664 Unicorn-33558.exe 760 Unicorn-29474.exe 1964 Unicorn-41965.exe 2732 Unicorn-62385.exe 2128 Unicorn-46604.exe 2692 Unicorn-39779.exe 2696 Unicorn-2276.exe 2620 Unicorn-52032.exe 2564 Unicorn-22697.exe 2500 Unicorn-31419.exe 2252 Unicorn-47201.exe 320 Unicorn-26589.exe 1548 Unicorn-56329.exe 2952 Unicorn-36463.exe 2932 Unicorn-56329.exe 2800 Unicorn-56329.exe 2452 Unicorn-56329.exe 2836 Unicorn-47647.exe 1120 Unicorn-2805.exe 1244 Unicorn-22671.exe 588 Unicorn-36245.exe 992 Unicorn-36245.exe 328 Unicorn-56111.exe 764 Unicorn-36245.exe 564 Unicorn-56111.exe 2556 Unicorn-56111.exe 448 Unicorn-58010.exe 1132 Unicorn-41673.exe 2124 Unicorn-86.exe 768 Unicorn-45758.exe 1992 Unicorn-16423.exe 1692 Unicorn-16423.exe 1168 Unicorn-28675.exe 1752 Unicorn-20315.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 948 wrote to memory of 1900 948 ded2dae5fb60b3025b14d5bca874eb94.exe 28 PID 948 wrote to memory of 1900 948 ded2dae5fb60b3025b14d5bca874eb94.exe 28 PID 948 wrote to memory of 1900 948 ded2dae5fb60b3025b14d5bca874eb94.exe 28 PID 948 wrote to memory of 1900 948 ded2dae5fb60b3025b14d5bca874eb94.exe 28 PID 1900 wrote to memory of 960 1900 Unicorn-8020.exe 29 PID 1900 wrote to memory of 960 1900 Unicorn-8020.exe 29 PID 1900 wrote to memory of 960 1900 Unicorn-8020.exe 29 PID 1900 wrote to memory of 960 1900 Unicorn-8020.exe 29 PID 948 wrote to memory of 1880 948 ded2dae5fb60b3025b14d5bca874eb94.exe 30 PID 948 wrote to memory of 1880 948 ded2dae5fb60b3025b14d5bca874eb94.exe 30 PID 948 wrote to memory of 1880 948 ded2dae5fb60b3025b14d5bca874eb94.exe 30 PID 948 wrote to memory of 1880 948 ded2dae5fb60b3025b14d5bca874eb94.exe 30 PID 960 wrote to memory of 2608 960 Unicorn-41015.exe 31 PID 960 wrote to memory of 2608 960 Unicorn-41015.exe 31 PID 960 wrote to memory of 2608 960 Unicorn-41015.exe 31 PID 960 wrote to memory of 2608 960 Unicorn-41015.exe 31 PID 1900 wrote to memory of 1164 1900 Unicorn-8020.exe 32 PID 1900 wrote to memory of 1164 1900 Unicorn-8020.exe 32 PID 1900 wrote to memory of 1164 1900 Unicorn-8020.exe 32 PID 1900 wrote to memory of 1164 1900 Unicorn-8020.exe 32 PID 1880 wrote to memory of 2868 1880 Unicorn-50807.exe 33 PID 1880 wrote to memory of 2868 1880 Unicorn-50807.exe 33 PID 1880 wrote to memory of 2868 1880 Unicorn-50807.exe 33 PID 1880 wrote to memory of 2868 1880 Unicorn-50807.exe 33 PID 2608 wrote to memory of 2516 2608 Unicorn-58586.exe 34 PID 2608 wrote to memory of 2516 2608 Unicorn-58586.exe 34 PID 2608 wrote to memory of 2516 2608 Unicorn-58586.exe 34 PID 2608 wrote to memory of 2516 2608 Unicorn-58586.exe 34 PID 960 wrote to memory of 2148 960 Unicorn-41015.exe 35 PID 960 wrote to memory of 2148 960 Unicorn-41015.exe 35 PID 960 wrote to memory of 2148 960 Unicorn-41015.exe 35 PID 960 wrote to memory of 2148 960 Unicorn-41015.exe 35 PID 1164 wrote to memory of 2404 1164 Unicorn-46889.exe 36 PID 1164 wrote to memory of 2404 1164 Unicorn-46889.exe 36 PID 1164 wrote to memory of 2404 1164 Unicorn-46889.exe 36 PID 1164 wrote to memory of 2404 1164 Unicorn-46889.exe 36 PID 2868 wrote to memory of 1968 2868 Unicorn-62670.exe 37 PID 2868 wrote to memory of 1968 2868 Unicorn-62670.exe 37 PID 2868 wrote to memory of 1968 2868 Unicorn-62670.exe 37 PID 2868 wrote to memory of 1968 2868 Unicorn-62670.exe 37 PID 1880 wrote to memory of 1980 1880 Unicorn-50807.exe 38 PID 1880 wrote to memory of 1980 1880 Unicorn-50807.exe 38 PID 1880 wrote to memory of 1980 1880 Unicorn-50807.exe 38 PID 1880 wrote to memory of 1980 1880 Unicorn-50807.exe 38 PID 2516 wrote to memory of 2864 2516 Unicorn-63905.exe 39 PID 2516 wrote to memory of 2864 2516 Unicorn-63905.exe 39 PID 2516 wrote to memory of 2864 2516 Unicorn-63905.exe 39 PID 2516 wrote to memory of 2864 2516 Unicorn-63905.exe 39 PID 2608 wrote to memory of 1952 2608 Unicorn-58586.exe 40 PID 2608 wrote to memory of 1952 2608 Unicorn-58586.exe 40 PID 2608 wrote to memory of 1952 2608 Unicorn-58586.exe 40 PID 2608 wrote to memory of 1952 2608 Unicorn-58586.exe 40 PID 2148 wrote to memory of 1432 2148 Unicorn-60376.exe 41 PID 2148 wrote to memory of 1432 2148 Unicorn-60376.exe 41 PID 2148 wrote to memory of 1432 2148 Unicorn-60376.exe 41 PID 2148 wrote to memory of 1432 2148 Unicorn-60376.exe 41 PID 2404 wrote to memory of 3024 2404 Unicorn-26957.exe 42 PID 2404 wrote to memory of 3024 2404 Unicorn-26957.exe 42 PID 2404 wrote to memory of 3024 2404 Unicorn-26957.exe 42 PID 2404 wrote to memory of 3024 2404 Unicorn-26957.exe 42 PID 1980 wrote to memory of 1808 1980 Unicorn-31595.exe 43 PID 1980 wrote to memory of 1808 1980 Unicorn-31595.exe 43 PID 1980 wrote to memory of 1808 1980 Unicorn-31595.exe 43 PID 1980 wrote to memory of 1808 1980 Unicorn-31595.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\ded2dae5fb60b3025b14d5bca874eb94.exe"C:\Users\Admin\AppData\Local\Temp\ded2dae5fb60b3025b14d5bca874eb94.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:948 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:960 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-58586.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58586.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2864 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1244 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe10⤵PID:2148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe11⤵PID:3068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe12⤵PID:540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe13⤵PID:1640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48673.exe14⤵PID:2808
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe15⤵PID:2184
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49275.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49275.exe16⤵PID:3280
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe17⤵PID:3428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe18⤵PID:3172
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe19⤵PID:3928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe20⤵PID:4324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe21⤵PID:5104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe22⤵PID:4796
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 37621⤵
- Program crash
PID:3888
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 38020⤵
- Program crash
PID:3884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 37619⤵
- Program crash
PID:4124
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 37618⤵
- Program crash
PID:3728
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 38017⤵
- Program crash
PID:3664
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 38016⤵
- Program crash
PID:4068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 37615⤵
- Program crash
PID:668
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe14⤵PID:2428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe15⤵PID:2464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe16⤵PID:3260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe17⤵PID:3920
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe18⤵PID:3420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32805.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32805.exe19⤵PID:3920
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe20⤵PID:3972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe21⤵PID:2680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe22⤵PID:4260
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 37617⤵
- Program crash
PID:588
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 38016⤵
- Program crash
PID:3360
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 38015⤵
- Program crash
PID:3816
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 37614⤵
- Program crash
PID:1072
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 38013⤵
- Program crash
PID:1080
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 37612⤵
- Program crash
PID:1988
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 37611⤵
- Program crash
PID:2592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 37610⤵
- Program crash
PID:2244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 3689⤵
- Program crash
PID:2256
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe9⤵PID:3016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe10⤵PID:2636
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe11⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe12⤵PID:1768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe13⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe14⤵PID:3460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe15⤵PID:1784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe16⤵PID:3516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe17⤵PID:4500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe18⤵PID:1556
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe19⤵PID:2068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe20⤵PID:1832
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe18⤵PID:4812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe19⤵PID:4628
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 38011⤵
- Program crash
PID:1644
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 37610⤵
- Program crash
PID:2252
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 3769⤵
- Program crash
PID:2800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 3768⤵
- Program crash
PID:2404
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1726.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1726.exe9⤵PID:2876
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe10⤵PID:1068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe11⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe12⤵PID:1432
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59908.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59908.exe13⤵PID:1592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe14⤵PID:3908
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe15⤵PID:2960
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe16⤵PID:3168
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe17⤵PID:3884
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe18⤵PID:4988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe19⤵PID:4888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe20⤵PID:4612
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 3808⤵
- Program crash
PID:1704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 3687⤵
- Program crash
PID:572
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe8⤵PID:1748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31637.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31637.exe9⤵PID:2972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe10⤵PID:1000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6524.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6524.exe11⤵PID:2932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe12⤵PID:2624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe13⤵PID:3744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe14⤵PID:4000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe15⤵PID:3952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22639.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22639.exe16⤵PID:4620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe17⤵PID:4944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe18⤵PID:1768
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:764 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe8⤵PID:2092
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe9⤵PID:1540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe10⤵PID:880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe11⤵PID:2504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe12⤵PID:108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe13⤵PID:3480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe14⤵PID:3320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe15⤵PID:3056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16744.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16744.exe16⤵PID:4200
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe17⤵PID:4100
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe18⤵PID:3528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe19⤵PID:3864
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe16⤵PID:1724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41287.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41287.exe17⤵PID:4852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe18⤵PID:4880
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe10⤵PID:2572
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-131.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-131.exe11⤵PID:2824
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1952 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 2407⤵
- Program crash
PID:2652
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe7⤵PID:2488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52188.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52188.exe8⤵PID:2464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe9⤵PID:2328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe10⤵PID:1492
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe11⤵PID:3232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe12⤵PID:3828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe13⤵PID:2368
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26121.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26121.exe14⤵PID:1500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe15⤵PID:4128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe16⤵PID:2260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe17⤵PID:4052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 37616⤵
- Program crash
PID:3364
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 37615⤵
- Program crash
PID:4284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 37614⤵
- Program crash
PID:1196
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 37613⤵
- Program crash
PID:3880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 37212⤵
- Program crash
PID:2172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 37611⤵
- Program crash
PID:3592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 36810⤵
- Program crash
PID:2848
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1432 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe7⤵PID:880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe8⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11394.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11394.exe9⤵PID:2648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe10⤵PID:2036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe11⤵PID:944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16468.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16468.exe12⤵PID:1584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe13⤵PID:2700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe14⤵PID:3948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe15⤵PID:3656
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe16⤵PID:3600
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe17⤵PID:3316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe18⤵PID:5096
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe19⤵PID:2476
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe20⤵PID:1612
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe7⤵
- Suspicious use of SetWindowsHookEx
PID:1752 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe8⤵PID:2340
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe9⤵PID:1140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25051.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25051.exe10⤵PID:3056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe11⤵PID:2880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe12⤵PID:3524
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe13⤵PID:3340
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exe14⤵PID:2496
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe15⤵PID:2108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe16⤵PID:5060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe17⤵PID:4152
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe18⤵PID:1192
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe8⤵PID:2700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe9⤵PID:3052
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41112.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41112.exe10⤵PID:1168
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe11⤵PID:2108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe12⤵PID:2292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe13⤵PID:3516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe14⤵PID:3860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exe15⤵PID:3344
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe16⤵PID:3276
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe17⤵PID:4528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe18⤵PID:5024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe19⤵PID:2908
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe14⤵PID:3564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe15⤵PID:828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe16⤵PID:3784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe17⤵PID:4224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13731.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13731.exe18⤵PID:5008
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:588 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe7⤵PID:2596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe8⤵PID:2480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe9⤵PID:2744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe10⤵PID:984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe11⤵PID:1728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe12⤵PID:3364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe13⤵PID:3224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe14⤵PID:3788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe15⤵PID:3576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe16⤵PID:4476
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35937.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35937.exe17⤵PID:900
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe8⤵PID:404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11228.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11228.exe9⤵PID:772
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18886.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18886.exe10⤵PID:1600
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe11⤵PID:1168
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe12⤵PID:3712
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe13⤵PID:4036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe14⤵PID:1592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe15⤵PID:4744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe16⤵PID:4404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe17⤵PID:1600
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-437.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-437.exe11⤵PID:3420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe12⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe13⤵PID:2644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe14⤵PID:3904
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe15⤵PID:4260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36429.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36429.exe16⤵PID:4856
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe17⤵PID:4476
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe7⤵PID:2912
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe8⤵PID:2820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe9⤵PID:2500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe10⤵PID:1580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe11⤵PID:4020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1875.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1875.exe12⤵PID:1676
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe13⤵PID:2924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe14⤵PID:4460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe15⤵PID:4828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24443.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24443.exe16⤵PID:4540
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1164 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26957.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26957.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3024 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1184 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe9⤵PID:2140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11394.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11394.exe10⤵PID:2812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe11⤵PID:1472
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe12⤵PID:988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe13⤵PID:2684
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe14⤵PID:1612
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe15⤵PID:3752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe16⤵PID:3936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe17⤵PID:3348
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe18⤵PID:1604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe19⤵PID:4092
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe20⤵PID:2664
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe21⤵PID:3612
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe9⤵PID:2284
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe10⤵PID:896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe11⤵PID:1192
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe12⤵PID:2832
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe13⤵PID:3576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17828.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17828.exe14⤵PID:3304
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24263.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24263.exe15⤵PID:1284
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe16⤵PID:3300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe17⤵PID:936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe18⤵PID:3772
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe19⤵PID:4908
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe14⤵PID:2584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe15⤵PID:3544
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe16⤵PID:5076
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe17⤵PID:3100
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe18⤵PID:4316
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1132 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe8⤵PID:896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62489.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62489.exe9⤵PID:2692
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe10⤵PID:2460
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 24011⤵
- Program crash
PID:2704
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe7⤵PID:1312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe8⤵PID:1880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe9⤵PID:3044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5826.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5826.exe10⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe11⤵PID:1164
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 24012⤵
- Program crash
PID:2892
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe7⤵PID:2068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe8⤵PID:3012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe9⤵PID:2780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe10⤵PID:2392
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe11⤵PID:2748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe12⤵PID:2644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38689.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38689.exe13⤵PID:4048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe14⤵PID:2932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe15⤵PID:3512
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe16⤵PID:4020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe17⤵PID:4680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe18⤵PID:4256
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe19⤵PID:4624
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe14⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe15⤵PID:2068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe16⤵PID:3696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe17⤵PID:4208
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe18⤵PID:1992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe19⤵PID:4960
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe17⤵PID:4272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe18⤵PID:4804
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe11⤵PID:956
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 22012⤵
- Program crash
PID:2500
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28586.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28586.exe9⤵PID:1476
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe10⤵PID:2068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe11⤵PID:112
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe12⤵PID:3780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe13⤵PID:2908
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe14⤵PID:2292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe15⤵PID:3616
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe16⤵PID:3224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51412.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51412.exe17⤵PID:4932
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47201.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47201.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe7⤵PID:2044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe8⤵PID:2748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe9⤵PID:2688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe10⤵PID:2064
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe11⤵PID:2236
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe12⤵PID:888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe13⤵PID:2236
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe14⤵PID:3884
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe15⤵PID:1600
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe16⤵PID:3528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe17⤵PID:4316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe18⤵PID:4844
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe19⤵PID:4988
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe9⤵PID:2448
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe10⤵PID:1604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe11⤵PID:1848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe12⤵PID:1896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe13⤵PID:3040
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe14⤵PID:3140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe15⤵PID:3520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe16⤵PID:4648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe17⤵PID:4556
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe18⤵PID:2004
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe19⤵PID:4820
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe16⤵PID:4788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe17⤵PID:2468
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe18⤵PID:2876
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe8⤵PID:1584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe9⤵PID:1132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe10⤵PID:2060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe11⤵PID:2732
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe12⤵PID:3184
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe13⤵PID:1708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe14⤵PID:1992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23246.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23246.exe15⤵PID:3624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe16⤵PID:4836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe17⤵PID:3712
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe18⤵PID:4592
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe7⤵PID:2436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe8⤵PID:1856
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe9⤵PID:448
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe10⤵PID:2996
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31330.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31330.exe11⤵PID:404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe12⤵PID:1536
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe13⤵PID:3680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe14⤵PID:3440
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe15⤵PID:2092
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe16⤵PID:1588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe17⤵PID:3180
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exe18⤵PID:4684
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe19⤵PID:4520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21293.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21293.exe20⤵PID:3516
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 37616⤵
- Program crash
PID:3780
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 37615⤵
- Program crash
PID:112
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe14⤵PID:3024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe15⤵PID:3924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe16⤵PID:3476
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe17⤵PID:4920
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15241.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15241.exe18⤵PID:4728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe19⤵PID:4752
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 38018⤵
- Program crash
PID:3276
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 37617⤵
- Program crash
PID:4244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 37616⤵
- Program crash
PID:4296
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe15⤵PID:2964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53391.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53391.exe16⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe17⤵PID:3084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15215.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15215.exe18⤵PID:4564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe19⤵PID:2292
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 37618⤵
- Program crash
PID:3300
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 37617⤵
- Program crash
PID:4160
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 36816⤵
- Program crash
PID:1580
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 37615⤵
- Program crash
PID:3304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 37214⤵
- Program crash
PID:2700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 38013⤵
- Program crash
PID:2544
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 37612⤵
- Program crash
PID:3408
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 38011⤵
- Program crash
PID:2284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 37610⤵
- Program crash
PID:1436
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 3769⤵
- Program crash
PID:1880
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe7⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe8⤵PID:908
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe9⤵PID:2624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28144.exe10⤵PID:2820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe11⤵PID:1048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38497.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38497.exe12⤵PID:3100
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe13⤵PID:3228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe14⤵PID:3732
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe15⤵PID:1688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe16⤵PID:3196
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe17⤵PID:4088
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe18⤵PID:3548
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2224 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:564 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe8⤵PID:3004
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe9⤵PID:1304
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 22010⤵
- Program crash
PID:948
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1880 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1968 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:772 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe7⤵PID:1900
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20414.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20414.exe8⤵PID:1600
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe9⤵PID:696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe10⤵PID:2964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28061.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28061.exe11⤵PID:2092
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe12⤵PID:2596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe13⤵PID:3476
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe14⤵PID:3084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe15⤵PID:1712
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exe16⤵PID:4108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe17⤵PID:2736
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe18⤵PID:2960
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe9⤵PID:2988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe10⤵PID:2040
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe8⤵PID:108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe9⤵PID:992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe10⤵PID:968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe11⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe12⤵PID:3700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe13⤵PID:4008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe14⤵PID:4232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe15⤵PID:5108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe16⤵PID:2108
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe5⤵
- Executes dropped EXE
PID:2888 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2552 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe7⤵PID:868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe8⤵PID:1084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe9⤵PID:1524
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe10⤵PID:1580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe11⤵PID:1288
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe12⤵PID:2448
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe13⤵PID:2964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe14⤵PID:3180
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe15⤵PID:3208
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50791.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50791.exe16⤵PID:3584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe17⤵PID:3860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe18⤵PID:4716
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe19⤵PID:4436
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe16⤵PID:3480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe17⤵PID:3788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe18⤵PID:2584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32969.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32969.exe19⤵PID:4348
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe9⤵PID:2524
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe10⤵PID:1680
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 24011⤵
- Program crash
PID:1464
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe8⤵PID:2852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe9⤵PID:2948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe10⤵PID:2556
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe11⤵PID:1076
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe12⤵PID:3104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe13⤵PID:3652
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe14⤵PID:968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe15⤵PID:3768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe16⤵PID:3040
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe17⤵PID:2412
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe18⤵PID:3104
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe7⤵PID:2280
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe8⤵PID:1080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe9⤵PID:2384
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe10⤵PID:2980
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe11⤵PID:1472
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe12⤵PID:2412
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe13⤵PID:3372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe14⤵PID:3288
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36681.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36681.exe15⤵PID:1768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe16⤵PID:3212
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe17⤵PID:4588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe18⤵PID:4600
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe19⤵PID:4200
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe17⤵PID:4764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe18⤵PID:4504
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-437.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-437.exe12⤵PID:3428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe13⤵PID:1848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1875.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1875.exe14⤵PID:3916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe15⤵PID:1372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59234.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59234.exe16⤵PID:3224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15316.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15316.exe17⤵PID:3228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe18⤵PID:4188
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe19⤵PID:1764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe20⤵PID:4396
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9047.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9047.exe16⤵PID:3792
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe17⤵PID:4664
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe18⤵PID:4860
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe8⤵PID:2680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe9⤵PID:2164
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe10⤵PID:2516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe11⤵PID:1288
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe12⤵PID:3452
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe13⤵PID:3500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe14⤵PID:3972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe15⤵PID:4004
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe16⤵PID:4508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe17⤵PID:992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe18⤵PID:4464
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe17⤵PID:3792
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1980 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1808 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-46002.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46002.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe8⤵PID:2984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe9⤵PID:668
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe10⤵PID:2872
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe7⤵PID:1976
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe8⤵PID:2272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe9⤵PID:1696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe10⤵PID:1084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe11⤵PID:1708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exe12⤵PID:3200
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe13⤵PID:3624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22535.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22535.exe14⤵PID:2260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe15⤵PID:3340
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe16⤵PID:4516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15215.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15215.exe17⤵PID:4572
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe18⤵PID:4632
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe7⤵PID:2668
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe8⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe9⤵PID:1776
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe10⤵PID:2848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe11⤵PID:1140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe12⤵PID:752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe13⤵PID:1056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe14⤵PID:3132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe15⤵PID:2132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe16⤵PID:3184
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51370.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51370.exe17⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe18⤵PID:4868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe19⤵PID:3480
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe14⤵PID:1580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe15⤵PID:2672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe16⤵PID:4780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe17⤵PID:3732
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 24018⤵
- Program crash
PID:3784
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe7⤵PID:1656
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe8⤵PID:1952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe9⤵PID:768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45139.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45139.exe10⤵PID:2400
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe11⤵PID:3080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe12⤵PID:4004
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe13⤵PID:4016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe14⤵PID:888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe15⤵PID:4432
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe16⤵PID:2496
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe17⤵PID:3420
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe5⤵
- Executes dropped EXE
PID:2900 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe6⤵PID:1760
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe7⤵PID:2516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe8⤵PID:828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe9⤵PID:2648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe10⤵PID:588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe11⤵PID:3900
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe12⤵PID:4088
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe13⤵PID:2412
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe14⤵PID:4036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe15⤵PID:3832
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe16⤵PID:4400
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8166.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8166.exe7⤵PID:1836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exe8⤵PID:1760
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe9⤵PID:1836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe10⤵PID:3608
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe11⤵PID:3864
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe12⤵PID:1124
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe13⤵PID:4960
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe14⤵PID:4984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe15⤵PID:3056
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD5d1c7b7bd5e01dca21309c6bb90096ce1
SHA192fd6bf59e5d5a7da923f36852f2bc3704249a08
SHA256d1197ac34abe8ff7bc74e5d6aa3a747241b89f948eafbc21cc6222142f2aab97
SHA5121ac2cc1dead0d8d2bbff9ae723a24dc942c633f6f1cde4651859f5a79185f838cb2f40e5090d83fdcc5c2ee1b0c3f5018ca405c5b5611054bc0ace0196cfe439
-
Filesize
184KB
MD557a1607a772469676dd3bb1c2d848e4a
SHA1e7b1b9315523e3ce338718f66dd27a2a6ec43d10
SHA2568a8a4ebdfc19f8eddf7f6bbb55b99899cd8246057114eafd40e7a6a239d10e0e
SHA512d3b6356c68e84f449e0d329e25984b5644d8dc76fa2c19c0ef3e938dfe5a83e0bdc6fc6e0fc1feaa96a5b70aa6feb2ac2618b33610cfc863d03ca7fbf5953e87
-
Filesize
184KB
MD5414f09396c269f01eea308b72c1eac47
SHA1ea66c6d2e442654325d94fbe1f83a03152ea7423
SHA256b4339c64515d52c5454956c128496b77af28cae79b6c3e58663ad8a2a7e2a71e
SHA5122276b77a8c1bfa95b0b2e98b12b9de14e611e31910ddbe659959acdaab095fc5e05938f7870542d4ce0315b7bd142d046ce20f2cbeb9d69a657ce0f88710f88b
-
Filesize
184KB
MD5b6f44ee189af50075e49204eda1afc4b
SHA182f8b2f4817d554fd9808efafc5b34528d922875
SHA256e120c0f2c1048c969baabc05808039a2282ab4ae98500a11d3ce2bacfec54015
SHA5122a2ea94d059b780f81d5bbe4df5936ba50cc10a7fbd0c6f3facd7328dcbff75d66d53a6d998556006d8351f526bd900fba29e6d3c7859e783f707d54d6f4bec1
-
Filesize
184KB
MD5f330e3f77834d0e941b2235cf65306f4
SHA1f23b7b1d89d76a34c160f96e28a85dc75e4e1645
SHA25607635d82971b9171090ec5c13e8d4862670e98d1d072423759f72734d14e4f6e
SHA512c4df1c6205cfd0f0ac8fcdec7f3b0d181bb0f6ad523edec3c5e000bde2d8c20d469899a3ca6b1a410f6a200b25110cddb5af6e7724522fdf90bd731716641dec
-
Filesize
184KB
MD593d3b2db094a5a7bcd6138cde263772c
SHA1fe9c22432e99a053c6a0404872cdd8b9a1e3fb59
SHA256580b315b3eaee0d86c419ae0d5d795b13b308a6b59f5cb5609f031e264493ef6
SHA512e03a7205d06cd253970eef92581364ac7b519279310d5a5fea95d451c3d7ba2eae8c63c5430995875c390bfa73d9df934626ec90f9f1e74310199098f938cc2d
-
Filesize
184KB
MD55bd341b16c52bed40934e7b44573e8be
SHA12840d376fd15b98b8c4a3adb129e7d6c73a7402b
SHA256eb9387546e7751daf0c6eaac19e9a003b9d0fb04d023444b5d3fe56439db7dd4
SHA51246a508d3da7e0ede8ce9e5dc52c3202ce7905508b887a0edd48757789b68b473f676d88eb608487f5089d5c3dd3834e2bb41ea819b3eb583cee222353a25d4dd
-
Filesize
184KB
MD5f2b6c99ab9ae58dc3b88f79c72db0315
SHA1179994d9e32160b754e18ed6552e846cf7897c5b
SHA2569c798e9a0cbd99742b4364698c7a9af7988d714745b35e24b055ad032fb7fe8a
SHA5123ed81427ecad4b2785f3af36f94d7fcf908a55f83ba5ab9d62f94ce54e7255942419a88faa182772dcd8b691845147394dfd801c9957e12af595ffea8cfe06e3
-
Filesize
184KB
MD5da1fa5db56042aa469cc15eba9a65346
SHA14ae3e1a91c592c2185d3e558ef10401a11312ef8
SHA2567c7dcb470f6c609550d08f7d910b5a0f84cd17efdde9c0d77c12b4940c632c92
SHA51294f4858c3a12e02bc910bb43fa3812e6986e36654d2fc0727f099de751f0ef32a313573efcfd5889a07859a4609e3447c5bbd5b478586959e1d426e174d32399
-
Filesize
184KB
MD523f380c10e345cca0ce3f6fc6c8ee2ef
SHA1c8ccbe91598e39cae5d45b73cbb2fa73bcb3ca44
SHA2569f94d0b2cfe9aa4624399bb94916799a9714dc718a9e132bf9d6fe493201d735
SHA512b8718533a2e23967d0f86c966922a656b972c1426b970b2761cfa281eb1dd55079173f7215f5418b545a3da786f08bcf476596ad6d37fdb828737871be6b1aa6
-
Filesize
184KB
MD5e84a5e5ec7b8955dfdbc3822b291ccfc
SHA105942fa372a20bb60a68dbfa58955a4ae84dcc95
SHA25642f683224489a0d547d5379403737b0b24087a3637acdc5068fa837b4448f5f4
SHA5122da5ec1fb8a0acd751aa04ab22dcc272a73c8c5d7d54188408e4232ac48693fb38fdc1836d487e66df9d1f20faf997bc4139e39db9cee78ab469b5c1ddfbabab
-
Filesize
184KB
MD54d15ee200adad232f3629512dcf4d54d
SHA1c60d367e4c6a9f7a201a9a2facabf35214109d2d
SHA256c196414484aa8b44518b864de8ea873f935ed8133ca314e6d9e83fd9783a6f69
SHA5122234c5293538e08b12c2fe35c4197324c7c5f72b1864051964a4d9425cd272d3681e215f2f7cb861068e5308f8388a7d0f76aed122c32da72d6cd63905fd2d23
-
Filesize
85KB
MD5dc1cb58afc9762ce1fed9174f116f361
SHA187523dcff4c07843302ba041e016528f760fe939
SHA256b304a2a231d48488df416ba42f2a495651872db4797f293cd45f7fc98a7bd0fa
SHA512858ff5b8a66e279d03d0a44ea3db25f36e093b1a4c21aa7f3040c00b9fb5d7de3b924a7b413a87537e1ac7f8f2741c9a90bbe446882a3800543062c57427b805
-
Filesize
184KB
MD51227fa96361ec8d86462a481cd073333
SHA166b409e74329e4dcb53da967d907710904d1be0a
SHA256bafe735b98b4bdd081e9a3b4a5ab64cfe6da185c98f9e217a2325d1d8290fdba
SHA512c91057f37acf8b72c220f57d7ae0a67e8831a21907520bb6e2d3ad0ca4c70989c7fd3d6850ae4151e33a0db286bba080f27c1c82b4d2908d15ad32d628653514
-
Filesize
184KB
MD5515b6284080dcb74476f0433711930d9
SHA1f5874e44dbe5933e1d17059cceaff7d40198d75d
SHA256263338074ce463842826e1f448600a0e7d92ce2538447a74f4605e296d9d1e6d
SHA512e315e73e827297c1a1291549a1e33b6308ad69ccbaabb6ae71a8f5caccafb93e2423a567590b83f72d47ac411fd977a3dd6cbde929260fdcb208235e49025885
-
Filesize
184KB
MD5427731c0671592a685c1280443a3f70a
SHA1713d6d8cc1f7549a66cdd8380a0b82c20ccf1bd2
SHA25619807d0a99f09eba5467d775f686902a6462bc076c7a529cf7b64bdcf5978319
SHA5123c380627a57c9050e1929239c537106f2925cc893f8e848a43cba7ddde4adc2c3bddf7b6b12d9836ac96484210146324d73af8d84dd964d41b3c37e5d910d434
-
Filesize
184KB
MD5029e3eee4acd18ffd2e54833f975bb52
SHA1bd6bac9e96f2c8bfd51c3a66302be32dd92c9cbf
SHA256d519806cc002afacc6f6349edb33359925910d88009779bcc8308174f2fab297
SHA51263ebdff8da7dea7b938275b0a68329edf7f86bb9fe89a27a10f06ff0507ae20a92a8a4d00ec5f1bfbdb180619f2927e1ccdef5e05df007da5a29f93d0f3c35fe
-
Filesize
184KB
MD542414c90acebbbb5180f155b23a72805
SHA1532d282988868d386fd78d1e4b01860fb8ff42c0
SHA256d9d5f66e06f7f66b7f7cb0362fbc816bdcf3dc98851d6dd8ffa264166a4449f0
SHA51247f96b1203083ed2bec910557346a839431d71dfbcad6f80316c747813afa1c75cb1fa486c47f02ec24634a537bb8e5d40a9b97d3b0137a45ed46618e93a8d46
-
Filesize
184KB
MD5778dfe6290548978fc8f3f2fac480ac9
SHA12d9038395b51b5db99d04233a43a0247356f7292
SHA25641c3bf9059abd70632a1533b67105052f80761eff735a0813f31136770455ed2
SHA5123bea4b948de219886a76b759b3cb519190978a44735ee0470dcccb7b7c5513fcf74aec5fb54f357c9ce75a1f982c02cd909033a91643a4f21233c835b0cee101
-
Filesize
184KB
MD5868b5abe28e0cbc544d25aded8db1afa
SHA1f45e46e6e94d3d2fbea401a7acde25c6135f4b68
SHA256ff536cd66c78ee522cd65ba89d005a0637a9baddeff5718d4c9e60d02c8af2e0
SHA512440be7ac13bcc5c99907e2ba7baeee6278fa6657d239b5eb3b0f284b6adc016877f25a292b87e6f305a88fe9c342408677bc6ebbc656a53ea454a026730e3ce5
-
Filesize
184KB
MD5d44a8ea1b08e06a6aa5fcdf2f31649a7
SHA1bd717a0a2c43df6a55da32c2c1727411026df7bb
SHA25697c3a897b706b50fb6ee091f1500562658099e275c680de64267a28f6473781b
SHA512f29ed3466a403a9d0ad4b9231e7024d6629d10109907b4c1a703548c4dced14bbc69c37725029e49fa3c3ef66c30468c61fb575a8dd185ab29b498125ffd5d94
-
Filesize
184KB
MD5ec4f50a7b07e2568f2a82082a66bb8be
SHA1c1b4e054bd13d1e77e88accdb26f7b6db5248d23
SHA256c459ca793dbf0c8eceead2d84d291c5f22b714bd87f9c7444f17370afba3ded7
SHA512f0896502fd42ffabb94f834348ada915df2f9915d8df5a06eb0fdd04e9ae73bf34cc9f34d8d4b83f57fac8238f210f2242dec9f2fe9ef20b713c126242c03fd0
-
Filesize
184KB
MD5ced6537f54ce2eec9416c207cd3bfacf
SHA149a6b6eb202162903d3fc760212b6d0b40a9555c
SHA256a1a38ae0c5f7be5179dba67190929b640e24b022e3aa31e4ae09710ae847c616
SHA5129d50925392e38d5ea43cd7de367e5f07dc61018ea84579dd0a03f6b1f6b801d9767c81987857815c74b2d5be4c1a7ef249b9840d10924c3ad8a81cd0eebe15cf
-
Filesize
184KB
MD57353ae9c625b0affc2df4d4ebf6a2dbe
SHA1f372f945764a8f484ad2780bae6ff50a9aaddca4
SHA256c7015e48010182dc36b4787aaeae0c94a6235af7ed496a7428b2813c923b6ba0
SHA512691f319a5e7b6c0fd4551bf48cf4d16327c7adf1e31105f460f92ec8fd014aff8a52280e2d58d486d831ba40249de7a4a1921f5db4f553fe7a647d44ed6b94c0
-
Filesize
184KB
MD5b5c711171af7748c8721430d41015791
SHA1297b523c9a045af3cc359c48770eec466ef70583
SHA256780fe1d091f2cfad29e55cb053ca5cc10a1a120c93a0595dcda472f9c9f340c6
SHA5121be449e2536ee9b49dd07b09e3265b1ed2c6dbb6db2f0aee3b597640b69f4e51bc94f52755783c8de87b2d6216226fedaba987381ce044199b619e292e51b288
-
Filesize
184KB
MD581097b2b951b7ffe0eaa106a1f62408e
SHA1c7f3237ed33555441cb9f685b94821ecb2a36b54
SHA256e2fd7cec16585e9a7274887d8761a2b18f3ba64b6a4fb605f8d2d991810b4ca1
SHA51297586237a0fa444c7fd9dcb66ea55b51da18376db814a665c6f20b1234822092a879c6933f9ff24b40c02a90d505e33ab24a80ea82d7ba0e8860ffc12dc4519e