7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe
Size

184KB
MD5

0bfd3b446290c50385ef408d4e0e324c
SHA1

0988f5c0e8e22f2aa8d92bbf1946466c120aa5bd
SHA256

7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534
SHA512

eb91b8a70da126eb1de6502e4f6514a2628bf6341fc974d90c498317ce6fe8582f506e749f2d6e955ca64a27d49951da20704b6fa5ff97843ab610589cf459aa
SSDEEP

3072:oFa38xo1cJO6Rn2WeXwMRKOIZln5iFln3:oFvoRCn2+MYOIZln5iFl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-8819.exeUnicorn-64325.exeUnicorn-40375.exeUnicorn-65249.exeUnicorn-18741.exeUnicorn-28493.exeUnicorn-24492.exeUnicorn-45488.exeUnicorn-29706.exeUnicorn-27014.exeUnicorn-19400.exeUnicorn-53739.exeUnicorn-28912.exeUnicorn-16983.exeUnicorn-5093.exeUnicorn-2400.exeUnicorn-21429.exeUnicorn-49463.exeUnicorn-27097.exeUnicorn-9966.exeUnicorn-37163.exeUnicorn-18135.exeUnicorn-23973.exeUnicorn-19889.exeUnicorn-23.exeUnicorn-52753.exeUnicorn-44.exeUnicorn-26687.exeUnicorn-49800.exeUnicorn-63614.exeUnicorn-38939.exeUnicorn-53884.exeUnicorn-30278.exeUnicorn-42530.exeUnicorn-22664.exeUnicorn-59058.exeUnicorn-35108.exeUnicorn-53376.exeUnicorn-64237.exeUnicorn-26734.exeUnicorn-283.exeUnicorn-51793.exeUnicorn-47154.exeUnicorn-12343.exeUnicorn-63490.exeUnicorn-43624.exeUnicorn-16428.exeUnicorn-20512.exeUnicorn-8814.exeUnicorn-2613.exeUnicorn-14865.exeUnicorn-52369.exeUnicorn-21642.exeUnicorn-12042.exeUnicorn-53630.exeUnicorn-57735.exeUnicorn-45099.exeUnicorn-62758.exeUnicorn-62011.exeUnicorn-60449.exeUnicorn-25639.exeUnicorn-33807.exeUnicorn-20163.exeUnicorn-50890.exe

pid	process
872	Unicorn-8819.exe
2516	Unicorn-64325.exe
2980	Unicorn-40375.exe
2156	Unicorn-65249.exe
2452	Unicorn-18741.exe
2680	Unicorn-28493.exe
1060	Unicorn-24492.exe
1628	Unicorn-45488.exe
1880	Unicorn-29706.exe
2608	Unicorn-27014.exe
2728	Unicorn-19400.exe
2252	Unicorn-53739.exe
764	Unicorn-28912.exe
1576	Unicorn-16983.exe
1836	Unicorn-5093.exe
2108	Unicorn-2400.exe
2780	Unicorn-21429.exe
2928	Unicorn-49463.exe
1260	Unicorn-27097.exe
1852	Unicorn-9966.exe
1812	Unicorn-37163.exe
1360	Unicorn-18135.exe
1288	Unicorn-23973.exe
908	Unicorn-19889.exe
992	Unicorn-23.exe
2148	Unicorn-52753.exe
1340	Unicorn-44.exe
1320	Unicorn-26687.exe
2368	Unicorn-49800.exe
2868	Unicorn-63614.exe
2340	Unicorn-38939.exe
1592	Unicorn-53884.exe
2652	Unicorn-30278.exe
2584	Unicorn-42530.exe
2616	Unicorn-22664.exe
2476	Unicorn-59058.exe
1244	Unicorn-35108.exe
888	Unicorn-53376.exe
1380	Unicorn-64237.exe
2708	Unicorn-26734.exe
2604	Unicorn-283.exe
1428	Unicorn-51793.exe
768	Unicorn-47154.exe
1692	Unicorn-12343.exe
1696	Unicorn-63490.exe
1680	Unicorn-43624.exe
2208	Unicorn-16428.exe
324	Unicorn-20512.exe
2776	Unicorn-8814.exe
528	Unicorn-2613.exe
2372	Unicorn-14865.exe
916	Unicorn-52369.exe
1392	Unicorn-21642.exe
2344	Unicorn-12042.exe
1248	Unicorn-53630.exe
2552	Unicorn-57735.exe
2592	Unicorn-45099.exe
2500	Unicorn-62758.exe
2844	Unicorn-62011.exe
1728	Unicorn-60449.exe
2412	Unicorn-25639.exe
1868	Unicorn-33807.exe
808	Unicorn-20163.exe
2256	Unicorn-50890.exe

Loads dropped DLL 64 IoCs

Processes:

7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exeUnicorn-8819.exeUnicorn-64325.exeUnicorn-40375.exeWerFault.exeUnicorn-18741.exeUnicorn-65249.exeUnicorn-28493.exeWerFault.exeWerFault.exeUnicorn-45488.exeUnicorn-27014.exeUnicorn-24492.exeUnicorn-19400.exeUnicorn-29706.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe
1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe
872	Unicorn-8819.exe
1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe
872	Unicorn-8819.exe
1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe
2516	Unicorn-64325.exe
2516	Unicorn-64325.exe
872	Unicorn-8819.exe
872	Unicorn-8819.exe
2980	Unicorn-40375.exe
2980	Unicorn-40375.exe
2892	WerFault.exe
2892	WerFault.exe
2892	WerFault.exe
2892	WerFault.exe
2892	WerFault.exe
2452	Unicorn-18741.exe
2452	Unicorn-18741.exe
2156	Unicorn-65249.exe
2156	Unicorn-65249.exe
2516	Unicorn-64325.exe
2516	Unicorn-64325.exe
2680	Unicorn-28493.exe
2980	Unicorn-40375.exe
2680	Unicorn-28493.exe
2980	Unicorn-40375.exe
1984	WerFault.exe
1984	WerFault.exe
1984	WerFault.exe
1984	WerFault.exe
1984	WerFault.exe
1232	WerFault.exe
1232	WerFault.exe
1232	WerFault.exe
1232	WerFault.exe
1232	WerFault.exe
1628	Unicorn-45488.exe
1628	Unicorn-45488.exe
2156	Unicorn-65249.exe
2156	Unicorn-65249.exe
2608	Unicorn-27014.exe
2608	Unicorn-27014.exe
2680	Unicorn-28493.exe
2680	Unicorn-28493.exe
1060	Unicorn-24492.exe
1060	Unicorn-24492.exe
2452	Unicorn-18741.exe
2452	Unicorn-18741.exe
2728	Unicorn-19400.exe
2728	Unicorn-19400.exe
1880	Unicorn-29706.exe
1880	Unicorn-29706.exe
276	WerFault.exe
276	WerFault.exe
276	WerFault.exe
276	WerFault.exe
276	WerFault.exe
2056	WerFault.exe
2056	WerFault.exe
2056	WerFault.exe
2056	WerFault.exe
2056	WerFault.exe
2964	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2528	1440	WerFault.exe	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe
2892	872	WerFault.exe	Unicorn-8819.exe
1984	2516	WerFault.exe	Unicorn-64325.exe
1232	2980	WerFault.exe	Unicorn-40375.exe
276	2452	WerFault.exe	Unicorn-18741.exe
2056	2156	WerFault.exe	Unicorn-65249.exe
2964	2680	WerFault.exe	Unicorn-28493.exe
2916	1628	WerFault.exe	Unicorn-45488.exe
2636	2608	WerFault.exe	Unicorn-27014.exe
2620	1060	WerFault.exe	Unicorn-24492.exe
2480	2728	WerFault.exe	Unicorn-19400.exe
2588	1880	WerFault.exe	Unicorn-29706.exe
2100	2252	WerFault.exe	Unicorn-53739.exe
2168	764	WerFault.exe	Unicorn-28912.exe
2968	1576	WerFault.exe	Unicorn-16983.exe
2140	1836	WerFault.exe	Unicorn-5093.exe
1676	2108	WerFault.exe	Unicorn-2400.exe
2352	2928	WerFault.exe	Unicorn-49463.exe
1952	2780	WerFault.exe	Unicorn-21429.exe
2828	1260	WerFault.exe	Unicorn-27097.exe
1564	1812	WerFault.exe	Unicorn-37163.exe
1584	1852	WerFault.exe	Unicorn-9966.exe
2760	908	WerFault.exe	Unicorn-19889.exe
2428	1288	WerFault.exe	Unicorn-23973.exe
2660	992	WerFault.exe	Unicorn-23.exe
1800	2604	WerFault.exe	Unicorn-283.exe
2304	2148	WerFault.exe	Unicorn-52753.exe
612	1572	WerFault.exe	Unicorn-41159.exe
2556	2652	WerFault.exe	Unicorn-30278.exe
2420	2340	WerFault.exe	Unicorn-38939.exe
1524	1692	WerFault.exe	Unicorn-12343.exe
1748	2584	WerFault.exe	Unicorn-42530.exe
1444	2368	WerFault.exe	Unicorn-49800.exe
1804	768	WerFault.exe	Unicorn-47154.exe
1992	324	WerFault.exe	Unicorn-20512.exe
1580	1592	WerFault.exe	Unicorn-53884.exe
3084	1428	WerFault.exe	Unicorn-51793.exe
3108	916	WerFault.exe	Unicorn-52369.exe
3176	2776	WerFault.exe	Unicorn-8814.exe
3408	1360	WerFault.exe	Unicorn-18135.exe
3492	1248	WerFault.exe	Unicorn-53630.exe
3520	2552	WerFault.exe	Unicorn-57735.exe
3868	2208	WerFault.exe	Unicorn-16428.exe
3992	528	WerFault.exe	Unicorn-2613.exe
4012	2500	WerFault.exe	Unicorn-62758.exe
4044	1680	WerFault.exe	Unicorn-43624.exe
4060	2868	WerFault.exe	Unicorn-63614.exe
3132	1320	WerFault.exe	Unicorn-26687.exe
2264	1380	WerFault.exe	Unicorn-64237.exe
3192	1392	WerFault.exe	Unicorn-21642.exe
3244	2372	WerFault.exe	Unicorn-14865.exe
3256	1340	WerFault.exe	Unicorn-44.exe
3624	888	WerFault.exe	Unicorn-53376.exe
3640	2616	WerFault.exe	Unicorn-22664.exe
3880	2476	WerFault.exe	Unicorn-59058.exe
3896	2412	WerFault.exe	Unicorn-25639.exe
3884	2844	WerFault.exe	Unicorn-62011.exe
3912	1244	WerFault.exe	Unicorn-35108.exe
3920	1728	WerFault.exe	Unicorn-60449.exe
3936	1696	WerFault.exe	Unicorn-63490.exe
3744	1760	WerFault.exe	Unicorn-61025.exe
3804	3064	WerFault.exe	Unicorn-24461.exe
3788	1940	WerFault.exe	Unicorn-56728.exe
4020	2592	WerFault.exe	Unicorn-45099.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exeUnicorn-8819.exeUnicorn-64325.exeUnicorn-40375.exeUnicorn-65249.exeUnicorn-18741.exeUnicorn-28493.exeUnicorn-24492.exeUnicorn-45488.exeUnicorn-29706.exeUnicorn-27014.exeUnicorn-19400.exeUnicorn-53739.exeUnicorn-28912.exeUnicorn-16983.exeUnicorn-5093.exeUnicorn-2400.exeUnicorn-21429.exeUnicorn-49463.exeUnicorn-27097.exeUnicorn-9966.exeUnicorn-37163.exeUnicorn-18135.exeUnicorn-19889.exeUnicorn-23.exeUnicorn-23973.exeUnicorn-52753.exeUnicorn-44.exeUnicorn-26687.exeUnicorn-38939.exeUnicorn-49800.exeUnicorn-63614.exeUnicorn-53884.exeUnicorn-42530.exeUnicorn-22664.exeUnicorn-30278.exeUnicorn-59058.exeUnicorn-35108.exeUnicorn-53376.exeUnicorn-64237.exeUnicorn-26734.exeUnicorn-283.exeUnicorn-51793.exeUnicorn-12343.exeUnicorn-43624.exeUnicorn-47154.exeUnicorn-16428.exeUnicorn-63490.exeUnicorn-2613.exeUnicorn-20512.exeUnicorn-8814.exeUnicorn-14865.exeUnicorn-52369.exeUnicorn-21642.exeUnicorn-53630.exeUnicorn-12042.exeUnicorn-57735.exeUnicorn-45099.exeUnicorn-62758.exeUnicorn-62011.exeUnicorn-60449.exeUnicorn-25639.exeUnicorn-33807.exeUnicorn-20163.exe

pid	process
1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe
872	Unicorn-8819.exe
2516	Unicorn-64325.exe
2980	Unicorn-40375.exe
2156	Unicorn-65249.exe
2452	Unicorn-18741.exe
2680	Unicorn-28493.exe
1060	Unicorn-24492.exe
1628	Unicorn-45488.exe
1880	Unicorn-29706.exe
2608	Unicorn-27014.exe
2728	Unicorn-19400.exe
2252	Unicorn-53739.exe
764	Unicorn-28912.exe
1576	Unicorn-16983.exe
1836	Unicorn-5093.exe
2108	Unicorn-2400.exe
2780	Unicorn-21429.exe
2928	Unicorn-49463.exe
1260	Unicorn-27097.exe
1852	Unicorn-9966.exe
1812	Unicorn-37163.exe
1360	Unicorn-18135.exe
908	Unicorn-19889.exe
992	Unicorn-23.exe
1288	Unicorn-23973.exe
2148	Unicorn-52753.exe
1340	Unicorn-44.exe
1320	Unicorn-26687.exe
2340	Unicorn-38939.exe
2368	Unicorn-49800.exe
2868	Unicorn-63614.exe
1592	Unicorn-53884.exe
2584	Unicorn-42530.exe
2616	Unicorn-22664.exe
2652	Unicorn-30278.exe
2476	Unicorn-59058.exe
1244	Unicorn-35108.exe
888	Unicorn-53376.exe
1380	Unicorn-64237.exe
2708	Unicorn-26734.exe
2604	Unicorn-283.exe
1428	Unicorn-51793.exe
1692	Unicorn-12343.exe
1680	Unicorn-43624.exe
768	Unicorn-47154.exe
2208	Unicorn-16428.exe
1696	Unicorn-63490.exe
528	Unicorn-2613.exe
324	Unicorn-20512.exe
2776	Unicorn-8814.exe
2372	Unicorn-14865.exe
916	Unicorn-52369.exe
1392	Unicorn-21642.exe
1248	Unicorn-53630.exe
2344	Unicorn-12042.exe
2552	Unicorn-57735.exe
2592	Unicorn-45099.exe
2500	Unicorn-62758.exe
2844	Unicorn-62011.exe
1728	Unicorn-60449.exe
2412	Unicorn-25639.exe
1868	Unicorn-33807.exe
808	Unicorn-20163.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exeUnicorn-8819.exeUnicorn-64325.exeUnicorn-40375.exeUnicorn-18741.exeUnicorn-65249.exeUnicorn-28493.exeUnicorn-45488.exe

description	pid	process	target process
PID 1440 wrote to memory of 872	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	Unicorn-8819.exe
PID 1440 wrote to memory of 872	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	Unicorn-8819.exe
PID 1440 wrote to memory of 872	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	Unicorn-8819.exe
PID 1440 wrote to memory of 872	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	Unicorn-8819.exe
PID 872 wrote to memory of 2516	872	Unicorn-8819.exe	Unicorn-64325.exe
PID 872 wrote to memory of 2516	872	Unicorn-8819.exe	Unicorn-64325.exe
PID 872 wrote to memory of 2516	872	Unicorn-8819.exe	Unicorn-64325.exe
PID 872 wrote to memory of 2516	872	Unicorn-8819.exe	Unicorn-64325.exe
PID 1440 wrote to memory of 2980	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	Unicorn-40375.exe
PID 1440 wrote to memory of 2980	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	Unicorn-40375.exe
PID 1440 wrote to memory of 2980	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	Unicorn-40375.exe
PID 1440 wrote to memory of 2980	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	Unicorn-40375.exe
PID 1440 wrote to memory of 2528	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	WerFault.exe
PID 1440 wrote to memory of 2528	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	WerFault.exe
PID 1440 wrote to memory of 2528	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	WerFault.exe
PID 1440 wrote to memory of 2528	1440	7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe	WerFault.exe
PID 2516 wrote to memory of 2156	2516	Unicorn-64325.exe	Unicorn-65249.exe
PID 2516 wrote to memory of 2156	2516	Unicorn-64325.exe	Unicorn-65249.exe
PID 2516 wrote to memory of 2156	2516	Unicorn-64325.exe	Unicorn-65249.exe
PID 2516 wrote to memory of 2156	2516	Unicorn-64325.exe	Unicorn-65249.exe
PID 872 wrote to memory of 2452	872	Unicorn-8819.exe	Unicorn-18741.exe
PID 872 wrote to memory of 2452	872	Unicorn-8819.exe	Unicorn-18741.exe
PID 872 wrote to memory of 2452	872	Unicorn-8819.exe	Unicorn-18741.exe
PID 872 wrote to memory of 2452	872	Unicorn-8819.exe	Unicorn-18741.exe
PID 2980 wrote to memory of 2680	2980	Unicorn-40375.exe	Unicorn-28493.exe
PID 2980 wrote to memory of 2680	2980	Unicorn-40375.exe	Unicorn-28493.exe
PID 2980 wrote to memory of 2680	2980	Unicorn-40375.exe	Unicorn-28493.exe
PID 2980 wrote to memory of 2680	2980	Unicorn-40375.exe	Unicorn-28493.exe
PID 872 wrote to memory of 2892	872	Unicorn-8819.exe	WerFault.exe
PID 872 wrote to memory of 2892	872	Unicorn-8819.exe	WerFault.exe
PID 872 wrote to memory of 2892	872	Unicorn-8819.exe	WerFault.exe
PID 872 wrote to memory of 2892	872	Unicorn-8819.exe	WerFault.exe
PID 2452 wrote to memory of 1060	2452	Unicorn-18741.exe	Unicorn-24492.exe
PID 2452 wrote to memory of 1060	2452	Unicorn-18741.exe	Unicorn-24492.exe
PID 2452 wrote to memory of 1060	2452	Unicorn-18741.exe	Unicorn-24492.exe
PID 2452 wrote to memory of 1060	2452	Unicorn-18741.exe	Unicorn-24492.exe
PID 2156 wrote to memory of 1628	2156	Unicorn-65249.exe	Unicorn-45488.exe
PID 2156 wrote to memory of 1628	2156	Unicorn-65249.exe	Unicorn-45488.exe
PID 2156 wrote to memory of 1628	2156	Unicorn-65249.exe	Unicorn-45488.exe
PID 2156 wrote to memory of 1628	2156	Unicorn-65249.exe	Unicorn-45488.exe
PID 2516 wrote to memory of 1880	2516	Unicorn-64325.exe	Unicorn-29706.exe
PID 2516 wrote to memory of 1880	2516	Unicorn-64325.exe	Unicorn-29706.exe
PID 2516 wrote to memory of 1880	2516	Unicorn-64325.exe	Unicorn-29706.exe
PID 2516 wrote to memory of 1880	2516	Unicorn-64325.exe	Unicorn-29706.exe
PID 2680 wrote to memory of 2608	2680	Unicorn-28493.exe	Unicorn-27014.exe
PID 2680 wrote to memory of 2608	2680	Unicorn-28493.exe	Unicorn-27014.exe
PID 2680 wrote to memory of 2608	2680	Unicorn-28493.exe	Unicorn-27014.exe
PID 2680 wrote to memory of 2608	2680	Unicorn-28493.exe	Unicorn-27014.exe
PID 2980 wrote to memory of 2728	2980	Unicorn-40375.exe	Unicorn-19400.exe
PID 2980 wrote to memory of 2728	2980	Unicorn-40375.exe	Unicorn-19400.exe
PID 2980 wrote to memory of 2728	2980	Unicorn-40375.exe	Unicorn-19400.exe
PID 2980 wrote to memory of 2728	2980	Unicorn-40375.exe	Unicorn-19400.exe
PID 2516 wrote to memory of 1984	2516	Unicorn-64325.exe	WerFault.exe
PID 2516 wrote to memory of 1984	2516	Unicorn-64325.exe	WerFault.exe
PID 2516 wrote to memory of 1984	2516	Unicorn-64325.exe	WerFault.exe
PID 2516 wrote to memory of 1984	2516	Unicorn-64325.exe	WerFault.exe
PID 2980 wrote to memory of 1232	2980	Unicorn-40375.exe	WerFault.exe
PID 2980 wrote to memory of 1232	2980	Unicorn-40375.exe	WerFault.exe
PID 2980 wrote to memory of 1232	2980	Unicorn-40375.exe	WerFault.exe
PID 2980 wrote to memory of 1232	2980	Unicorn-40375.exe	WerFault.exe
PID 1628 wrote to memory of 2252	1628	Unicorn-45488.exe	Unicorn-53739.exe
PID 1628 wrote to memory of 2252	1628	Unicorn-45488.exe	Unicorn-53739.exe
PID 1628 wrote to memory of 2252	1628	Unicorn-45488.exe	Unicorn-53739.exe
PID 1628 wrote to memory of 2252	1628	Unicorn-45488.exe	Unicorn-53739.exe

C:\Users\Admin\AppData\Local\Temp\7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe
"C:\Users\Admin\AppData\Local\Temp\7f252c19244543b73cbbfa084404f682a19dcb494d43724b518ece92ac2e5534.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-9966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9966.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
10⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
11⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
12⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
13⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
14⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
15⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
14⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
13⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 216
12⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
11⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
10⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
11⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
12⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
13⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
14⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 236
13⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
12⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
11⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
10⤵
- Program crash
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
9⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
10⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
11⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
12⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
13⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
14⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
13⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
12⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
11⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
10⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
9⤵
- Program crash
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
9⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
10⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
11⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
12⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
13⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
14⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 236
13⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
12⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
11⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
10⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
9⤵
- Program crash
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
8⤵
- Program crash
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-22664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22664.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
9⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exe
10⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-22266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22266.exe
11⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-12852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12852.exe
12⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
13⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
14⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
13⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
12⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
11⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 216
10⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
9⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
8⤵
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 200
9⤵
- Program crash
PID:612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
- Program crash
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
7⤵
- Program crash
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
9⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
10⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
11⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
12⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
13⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
14⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
13⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
12⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
11⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
10⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
10⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 200
11⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 220
10⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
8⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-37663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37663.exe
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
11⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
12⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
12⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
11⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
10⤵
PID:964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
9⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
8⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
8⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
10⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
11⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-34560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34560.exe
12⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
13⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
12⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 236
11⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
10⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
9⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
8⤵
- Program crash
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
7⤵
- Program crash
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
6⤵
- Program crash
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
8⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
9⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-11762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11762.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
11⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
12⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 236
12⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
10⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
9⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
8⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
7⤵
- Executes dropped EXE
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
9⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-20206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20206.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-46345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46345.exe
11⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
12⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 236
11⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
9⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
8⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
7⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
8⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
10⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
11⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
12⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
12⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
11⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
10⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
9⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
8⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
7⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
9⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
10⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
11⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
11⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 236
10⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
8⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
7⤵
- Program crash
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
6⤵
- Program crash
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-27097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27097.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-12343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12343.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
9⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
10⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
11⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
11⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
12⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
13⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 236
13⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
12⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 220
11⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
10⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
11⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-22116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22116.exe
12⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
13⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 236
12⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
11⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
10⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
9⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
8⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
11⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
12⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
13⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 236
12⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
11⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
10⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
9⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 220
8⤵
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
10⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
11⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
12⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
10⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
9⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
8⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
7⤵
- Program crash
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
11⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
12⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
12⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
11⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
9⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 236
8⤵
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
7⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
6⤵
- Program crash
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-20512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20512.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-33615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33615.exe
7⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-15125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15125.exe
11⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
12⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 236
11⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
9⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
8⤵
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
7⤵
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
6⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
9⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
10⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
11⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 236
11⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 236
10⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
9⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
8⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
7⤵
- Program crash
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 220
6⤵
- Program crash
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
5⤵
- Program crash
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
8⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
8⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
11⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
12⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
12⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 236
11⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
9⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
8⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
7⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
9⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
10⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
11⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
12⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
11⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
9⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
8⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
7⤵
- Program crash
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-21642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21642.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-58311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58311.exe
7⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
10⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-756.exe
11⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
11⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
10⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
9⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
8⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 236
7⤵
- Program crash
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
6⤵
- Program crash
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
7⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
9⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
10⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
11⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 236
11⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
10⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
8⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
7⤵
- Program crash
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
6⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
7⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
8⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-5369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5369.exe
9⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
10⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
10⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
9⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
8⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 216
7⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
6⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
5⤵
- Program crash
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-58311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58311.exe
7⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-63044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63044.exe
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
10⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
11⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
11⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
10⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
9⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
8⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
7⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
6⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
7⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
8⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
9⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
10⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
10⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 236
9⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
8⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
7⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 220
6⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
6⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
7⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
8⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
9⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
10⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
11⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 236
10⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
8⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
7⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 236
6⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
5⤵
- Program crash
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
8⤵
- Program crash
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
7⤵
- Program crash
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-25639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25639.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
8⤵
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
10⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
11⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
12⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
12⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
11⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
10⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 216
9⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
8⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
7⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-54201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54201.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
10⤵
PID:7192

C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
11⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 216
11⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 236
10⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
8⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 220
7⤵
- Program crash
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
6⤵
- Program crash
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
7⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
10⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
11⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
12⤵
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 236
11⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
8⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
7⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
9⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
10⤵
PID:7808

C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
11⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
11⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
10⤵
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 236
9⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
8⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
7⤵
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
6⤵
- Program crash
PID:2660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
5⤵
- Program crash
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
7⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
8⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 224
9⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 216
8⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
7⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
6⤵
- Program crash
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
7⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
9⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-6106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6106.exe
10⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
11⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
11⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
10⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
9⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
8⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
7⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
6⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
7⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
8⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
9⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
10⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
10⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
9⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
8⤵
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
7⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
6⤵
- Program crash
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
5⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
7⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
10⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
11⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
12⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
11⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
10⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 220
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
8⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
7⤵
- Program crash
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
6⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
8⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
9⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
10⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
10⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 236
9⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
8⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
7⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 220
6⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
6⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
7⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
8⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-51664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51664.exe
9⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
10⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
11⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
10⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 236
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
8⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 216
7⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
6⤵
- Program crash
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
5⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:528

C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
6⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
7⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
8⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
9⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
10⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
11⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
10⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
9⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
8⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
7⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 236
6⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
5⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
6⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
7⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
8⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
9⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
9⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
8⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
7⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
6⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
5⤵
- Program crash
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
4⤵
- Program crash
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
2⤵
- Program crash
PID:2528

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
Filesize
184KB

MD5
0b5e4a748fe94d68ef0ef8a3b7c05e61

SHA1
5f460a6e8a94d87bacdb474fcdfd14e4142813cd

SHA256
eadd9218f6ef52447ac89296bce19ff8a47b8682d26469fa0a5150495d52f635

SHA512
cd2ec56e1b92fc0dfa150f7bdc81f5c6329acad28b00dce63f636bbb0c669606baae5e21d66592721eadb8274d89df6dead4a128451c3f23e93805acd053955c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
Filesize
184KB

MD5
e51cf9908514497cb6ee01ddd43d2982

SHA1
79ca716222d245ea841f97bf8765ff63cdd3e1f2

SHA256
05fffdbc7b294dfe9fcebb67cd8d48b8916ad7ca7ec23dd273a8e6864e2b7c5a

SHA512
4de272b821fcca696a03a3324818aad72340371ee83e32e9747cd025b30f2c73678688a50721ebd898c1be0b2b5ccc1ba0d6795e57a8f4427785653276bec64d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
Filesize
184KB

MD5
4745509ed5c0d66a40ab8a67ac35c3c4

SHA1
a46ef86b6e7553ff5978f01d27324fd1502c9dd7

SHA256
885ec603f7d1028778d78d84a0b398d4afac21052e2e5b901a4df76ccb35404a

SHA512
c36eaf3ad516b3ad2c96ed04bce041d4bbbda733c5e0fa6da291baa65d38b717209e484923d8bb21175e9ec4057f3d2edbe1153c338d58318adecdaa4807347d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
Filesize
184KB

MD5
63537fe89069098f3beac5e431c34106

SHA1
56d71a8e522324ed2cc8ee97cdc03849bffc4e58

SHA256
87aa8defa9aa523c466b0a083215a5a2e0f8d5ada1e1286b4ad7001c28c5feca

SHA512
c808b6b607d327ef92f9d29ac02b45a68981dd457bd88cd530ab70ab0f56d671fb6f75bd7946e2ab0123bc248cbc78081390e1786f7c4b4b48f741ae29134f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
Filesize
184KB

MD5
d241718a36bdb7aa26006c34becfe074

SHA1
e4a6c19417e9fd7cf7d35efe6f8ae703b54e68a6

SHA256
fff043f6634c4693f86561cc0ea46452a496e6f5388868775ec0713fea1de6e4

SHA512
f0d7228debf9a2a861bba354b7a6527c0b5ae1854baaf959d7241d9e06c858eaf07615c041bae505795ecce74ba695c6562c70a115921d8770d4a829e8e5e159

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
Filesize
184KB

MD5
bb83abb669d7800d79519a069bedb600

SHA1
f1df7b7e810a637ae87622572d6e28585c6ee0a1

SHA256
493d96320d2625763dc72301e9f3a6d9ed56ccc6334713322d4912897fc3a49e

SHA512
7182861158e85b04d7ba3e35b73131db22b2e3f296dd347bcf4a440dcaef2f3f0a6833070349ee6f7bd2bfffde71b842855e52b9942092624540ef6c951e4285

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
Filesize
184KB

MD5
335c01bb280df1120cdd6c7cbbeb3759

SHA1
7f91b00ad416e81218241e077ab9053851116276

SHA256
4f7cf1c6e81df8cc9304c90655163d87ada2075dc6bd498fb12ff2cf70a07acd

SHA512
4c4ace50ea23a91734634e46881c08af2cecbe650ca08e78b9ea502b501d4d4ca213e841ed8f08803087e61fe1101840693265cd08f6683863f07f70b9d1fcde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
Filesize
184KB

MD5
8ecd4c795b205040cffc3a35273fe97b

SHA1
25cca952567968df651c2007333e65ea8b896ec5

SHA256
ccfb29f3cb049380a65e39bbcc1fc4d2ca76c741e9fe649422efce10eff2ff00

SHA512
cb13264f70774f02a7896e48171cd5ccab78118d498fc2ba00720efb63e4c0d9718c40dfe1e44b532305d717034c63bd25f6a879e91da8328acd76e6a7025330

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
Filesize
184KB

MD5
8134ae0e044aa1fd148b65e1796dd2c6

SHA1
235dc664ef1c723d2aaad6afa0ccfa844c6e767b

SHA256
7b6027ebd1a7c40e7228b3c4fd2588ac41ee18a4aa648e07bde17e350343ae07

SHA512
daa4f3e7a6616df80da57ee9410e896cbb2791e34652f891e21ff381dca2ce6932bc63f5796902c4470551532387a9ffcceec0e047dbeed839147b662af2e445

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
Filesize
184KB

MD5
b09425596762879690e1670649226262

SHA1
82460206bbd8ba322b01bcb09d7aea2b604aeadc

SHA256
664f846db5af3536d5bc5356fc12371b0c8dae4963665e676e4b26705963458d

SHA512
eee0c68f2d5149eb032b0555aedd2d79e807d1881a0c85ab9284c1cf803ca67ea75faab2569bce9486e521da564f233d18785b4ac520fba704cff534c7049788

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
Filesize
184KB

MD5
37c930e6686ac483890b61f65e31e4d3

SHA1
f218d490387e21b58f089555861e92037a5d48cd

SHA256
fceb1926171be225326c136c3c7b5decd968597692f483e17fc6358eac594a33

SHA512
34c6fbf9c3082a641c9b3fc1b607bc9dd3241322c50f73a8faac9c5210c3f4ed4b12e467ef627e3bcd3115eb944257393afaf7fed3c506e449f34e761d3545af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
Filesize
184KB

MD5
a336ee6715ab35c5a885f26653aa8130

SHA1
8ec71db86fc60f38122f19e655cf00b46c5a84c9

SHA256
55cc69ca936c719ecf0c56995a834509d5a5d937a568b0c99cf6a1d68a4cbb28

SHA512
341542a39b46a1e347a3e07b39492508a83e85686b788f3c535a39482aac510795eef2eeaa290285fde599cac254eaf720c9a0e7ce80dda2f5956a2514e13ec7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
Filesize
184KB

MD5
78970b139c73b9dc7215a5ff097ae1bf

SHA1
2cfda872adefb7da683c63f245e033fc9caf63b6

SHA256
1c7056f32f0ac696c6f412cfbda6dbbf90f17ef2d47f827a0fdb44efe9d06fea

SHA512
6bc939573907b44f33095f6befc8c65900d05797fe76373027e1dbaf24bd5e463563db626dbdd7e59aea0e1a8df3eb89bff5da823d09330c0d1b910485bc5e41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
Filesize
184KB

MD5
3d01e5f3067423d7c84e950d9a0dcd72

SHA1
590e184f286ced8a952060876eb22a656c200fd1

SHA256
79b8eafa5839e0d15882c14e4a850f61843f624a6d4f664fc7bc7a203a9c3b5b

SHA512
5457c48e200fb4c3d636bfe0125792005263468d9115b403239aada3c090eb6450b1066b4b0ac635ca8c0dabf11fd68fa9cb647468ecbd02187bff802f76bf81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
Filesize
184KB

MD5
0885664555fd2361aefd77e91cd392cc

SHA1
3edddbf5b83ae106c64e3b0787849edce2dfc45b

SHA256
e1d4b1075b99ee2b96a5390b3b02efbd03fd177b32a7b74567d58fc191143d3b

SHA512
4795df606ad5eab2687da143c1ae875266be2fc29b066a0878c7ffb1fa8bb38f0c13afb6377809a045f22538f6eb859b587d2a38aab39f2567f21b05ca9b41f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
Filesize
184KB

MD5
e3fe540a4815203e14425b0a0c6ab62f

SHA1
5ceef94cc0920f141257be6444595fca1f0eb6d2

SHA256
82d405f8c81dc96ea0a96fff7f1544a4e198047423bc499ebc6a57aa8e89d2d7

SHA512
edbd6044bca837982765676cd85a4feba8c7eb60da50a27576f8020f382b11dcb9acdc68569e06b9dea8e941c10a1f31468838f0701d1f4b386187aae88715d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
Filesize
184KB

MD5
31aa1b01ca9d040918161ddcde3267d5

SHA1
4823dc228b7880259ee2013933d2e392108e0edb

SHA256
ca747f777d2630d9dcfe6c4b3cbbbaaa5a32c3cd70e74ee33ebc7be8804a1fda

SHA512
d26f628b95346237b3392e692d8263c7da9327752938b010a87f6943463077116b181bfdb15fb2c6635a0e792d19d25d9e4dd0974d63b7790a45537392c60e8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
Filesize
184KB

MD5
527216dac6f2dcbc4ac0a36ef2d775e0

SHA1
1c00ff35ec2b5f1693e01c065c0a2e77ff1b678b

SHA256
9978a3c802231a9122f3dc2a573bee5876062c5e963d9bd95a98cb20a5c0d263

SHA512
0a68c776f6490bb6fec3cd751ccf13430cd1e6cd5fa415fe2552f9e3acd5e24ffffef451d6be3016de5149473ff72ec34a7ac1dae059ba43e414a2225529af0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
Filesize
184KB

MD5
01c7bbb36cc5e7db240f14621d1c33ec

SHA1
1f37c5489977eb8d1dadf17bd7101da30ed9bccd

SHA256
5a881dd63de3c8aa153123f89e1d9e1c09971a0966b1da9f3f93016e92a0f507

SHA512
3c5fba2dba088178a616273114cb277cfc635b490fd21b96dac2538752f61f244fbb844bee7f28d058bc8d48c81b49519979aee3a65baf52309a174004a45082

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
Filesize
184KB

MD5
8bfd73ba0a7d1f979c2acb9263aa0916

SHA1
63ceb8a195458611df49c447785e319a30e4cd5a

SHA256
a08034efe940ef94b90b6eb0564def72bca8cf6deb6034c94fbe240aa8ad8d5e

SHA512
52553b0dbdeb0dde33e7a2150ec3752a1605c03f55f6e28a42753d2a44a6f6dead81441d82f80497e05814f40dfcf051f6bdca303e1454aaad2ebd093f9eec67

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads