8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c

Analysis

max time kernel
146s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe
Size

184KB
MD5

f65e21ad06cc9aafd4db7f9f2cc66a0e
SHA1

ec653281881f4b62398c3a94e18d712cdbc5989d
SHA256

8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c
SHA512

4e8ee9c15520e36d1a5469d066652576dbf0db6d1a39beb637be43f79fbf86c506729c87ce759243c2fb7057bcf5df889776c63ba1951b65f216d4c1902ed03d
SSDEEP

3072:gne3GxoY7JcfdkhWqOBnRqsYhlnVimEn3:gndovFkhwnwsYhlnVimE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-14894.exeUnicorn-53662.exeUnicorn-49609.exeUnicorn-55598.exeUnicorn-40143.exeUnicorn-60009.exeUnicorn-10214.exeUnicorn-50723.exeUnicorn-58367.exeUnicorn-38501.exeUnicorn-53359.exeUnicorn-32646.exeUnicorn-43288.exeUnicorn-20424.exeUnicorn-40290.exeUnicorn-425.exeUnicorn-38578.exeUnicorn-58837.exeUnicorn-13165.exeUnicorn-15908.exeUnicorn-35403.exeUnicorn-15929.exeUnicorn-43670.exeUnicorn-63536.exeUnicorn-46676.exeUnicorn-4234.exeUnicorn-39580.exeUnicorn-44676.exeUnicorn-46767.exeUnicorn-1095.exeUnicorn-29906.exeUnicorn-64706.exeUnicorn-14389.exeUnicorn-27587.exeUnicorn-16740.exeUnicorn-12265.exeUnicorn-6645.exeUnicorn-7688.exeUnicorn-50745.exeUnicorn-37414.exeUnicorn-55317.exeUnicorn-47606.exeUnicorn-30746.exeUnicorn-32836.exeUnicorn-52702.exeUnicorn-25126.exeUnicorn-40938.exeUnicorn-58488.exeUnicorn-54932.exeUnicorn-40162.exeUnicorn-9875.exeUnicorn-58573.exeUnicorn-45761.exeUnicorn-33997.exeUnicorn-19227.exeUnicorn-59573.exeUnicorn-31613.exeUnicorn-49184.exeUnicorn-18801.exeUnicorn-1416.exeUnicorn-1961.exeUnicorn-1961.exeUnicorn-6512.exeUnicorn-7057.exe

pid	process
2092	Unicorn-14894.exe
2580	Unicorn-53662.exe
2736	Unicorn-49609.exe
2564	Unicorn-55598.exe
3052	Unicorn-40143.exe
2524	Unicorn-60009.exe
2780	Unicorn-10214.exe
1584	Unicorn-50723.exe
1916	Unicorn-58367.exe
2148	Unicorn-38501.exe
796	Unicorn-53359.exe
2012	Unicorn-32646.exe
2088	Unicorn-43288.exe
2080	Unicorn-20424.exe
1840	Unicorn-40290.exe
1076	Unicorn-425.exe
1392	Unicorn-38578.exe
1428	Unicorn-58837.exe
1736	Unicorn-13165.exe
980	Unicorn-15908.exe
1684	Unicorn-35403.exe
1528	Unicorn-15929.exe
1628	Unicorn-43670.exe
2072	Unicorn-63536.exe
2416	Unicorn-46676.exe
1672	Unicorn-4234.exe
984	Unicorn-39580.exe
888	Unicorn-44676.exe
1844	Unicorn-46767.exe
1728	Unicorn-1095.exe
1520	Unicorn-29906.exe
2748	Unicorn-64706.exe
2632	Unicorn-14389.exe
1252	Unicorn-27587.exe
2612	Unicorn-16740.exe
2988	Unicorn-12265.exe
1184	Unicorn-6645.exe
2836	Unicorn-7688.exe
1904	Unicorn-50745.exe
2368	Unicorn-37414.exe
1900	Unicorn-55317.exe
1596	Unicorn-47606.exe
1588	Unicorn-30746.exe
1412	Unicorn-32836.exe
1480	Unicorn-52702.exe
2244	Unicorn-25126.exe
2276	Unicorn-40938.exe
2680	Unicorn-58488.exe
352	Unicorn-54932.exe
692	Unicorn-40162.exe
1284	Unicorn-9875.exe
2340	Unicorn-58573.exe
2112	Unicorn-45761.exe
2460	Unicorn-33997.exe
1568	Unicorn-19227.exe
1620	Unicorn-59573.exe
2568	Unicorn-31613.exe
2796	Unicorn-49184.exe
2808	Unicorn-18801.exe
2688	Unicorn-1416.exe
2952	Unicorn-1961.exe
2956	Unicorn-1961.exe
1564	Unicorn-6512.exe
2700	Unicorn-7057.exe

Loads dropped DLL 64 IoCs

Processes:

8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exeUnicorn-14894.exeUnicorn-53662.exeUnicorn-49609.exeWerFault.exeUnicorn-40143.exeUnicorn-60009.exeUnicorn-55598.exeWerFault.exeWerFault.exeUnicorn-10214.exeUnicorn-50723.exeUnicorn-38501.exeUnicorn-58367.exeUnicorn-53359.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe
1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe
2092	Unicorn-14894.exe
1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe
2092	Unicorn-14894.exe
1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe
2580	Unicorn-53662.exe
2580	Unicorn-53662.exe
2092	Unicorn-14894.exe
2092	Unicorn-14894.exe
2736	Unicorn-49609.exe
2736	Unicorn-49609.exe
328	WerFault.exe
328	WerFault.exe
328	WerFault.exe
328	WerFault.exe
328	WerFault.exe
3052	Unicorn-40143.exe
3052	Unicorn-40143.exe
2524	Unicorn-60009.exe
2524	Unicorn-60009.exe
2564	Unicorn-55598.exe
2736	Unicorn-49609.exe
2564	Unicorn-55598.exe
2736	Unicorn-49609.exe
2580	Unicorn-53662.exe
2580	Unicorn-53662.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1512	WerFault.exe
1440	WerFault.exe
2780	Unicorn-10214.exe
2780	Unicorn-10214.exe
3052	Unicorn-40143.exe
3052	Unicorn-40143.exe
2524	Unicorn-60009.exe
1584	Unicorn-50723.exe
1584	Unicorn-50723.exe
2524	Unicorn-60009.exe
2148	Unicorn-38501.exe
2148	Unicorn-38501.exe
1916	Unicorn-58367.exe
1916	Unicorn-58367.exe
2564	Unicorn-55598.exe
2564	Unicorn-55598.exe
796	Unicorn-53359.exe
796	Unicorn-53359.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
3068	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2484	1768	WerFault.exe	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe
328	2092	WerFault.exe	Unicorn-14894.exe
1512	2580	WerFault.exe	Unicorn-53662.exe
1440	2736	WerFault.exe	Unicorn-49609.exe
2428	3052	WerFault.exe	Unicorn-40143.exe
2972	2524	WerFault.exe	Unicorn-60009.exe
3068	2564	WerFault.exe	Unicorn-55598.exe
1964	1076	WerFault.exe	Unicorn-425.exe
2584	2780	WerFault.exe	Unicorn-10214.exe
2860	1584	WerFault.exe	Unicorn-50723.exe
2716	2148	WerFault.exe	Unicorn-38501.exe
2508	1916	WerFault.exe	Unicorn-58367.exe
2476	796	WerFault.exe	Unicorn-53359.exe
288	2012	WerFault.exe	Unicorn-32646.exe
1396	2088	WerFault.exe	Unicorn-43288.exe
904	1840	WerFault.exe	Unicorn-40290.exe
2320	2080	WerFault.exe	Unicorn-20424.exe
1660	1428	WerFault.exe	Unicorn-58837.exe
1740	1392	WerFault.exe	Unicorn-38578.exe
944	1736	WerFault.exe	Unicorn-13165.exe
1600	980	WerFault.exe	Unicorn-15908.exe
1544	1528	WerFault.exe	Unicorn-15929.exe
2308	1628	WerFault.exe	Unicorn-43670.exe
1820	2072	WerFault.exe	Unicorn-63536.exe
2172	2416	WerFault.exe	Unicorn-46676.exe
2876	984	WerFault.exe	Unicorn-39580.exe
2764	1520	WerFault.exe	Unicorn-29906.exe
2740	1672	WerFault.exe	Unicorn-4234.exe
2336	1844	WerFault.exe	Unicorn-46767.exe
2472	888	WerFault.exe	Unicorn-44676.exe
340	540	WerFault.exe	Unicorn-65381.exe
1892	1580	WerFault.exe	Unicorn-65381.exe
2264	284	WerFault.exe	Unicorn-65381.exe
1496	2748	WerFault.exe	Unicorn-64706.exe
1612	2632	WerFault.exe	Unicorn-14389.exe
2908	2612	WerFault.exe	Unicorn-16740.exe
948	1252	WerFault.exe	Unicorn-27587.exe
3100	1184	WerFault.exe	Unicorn-6645.exe
3160	2836	WerFault.exe	Unicorn-7688.exe
3196	2988	WerFault.exe	Unicorn-12265.exe
3284	1904	WerFault.exe	Unicorn-50745.exe
3312	1412	WerFault.exe	Unicorn-32836.exe
3304	2276	WerFault.exe	Unicorn-40938.exe
3320	2368	WerFault.exe	Unicorn-37414.exe
3328	1596	WerFault.exe	Unicorn-47606.exe
3344	1900	WerFault.exe	Unicorn-55317.exe
3392	1588	WerFault.exe	Unicorn-30746.exe
3408	2244	WerFault.exe	Unicorn-25126.exe
3484	352	WerFault.exe	Unicorn-54932.exe
3636	1420	WerFault.exe	Unicorn-34274.exe
3664	692	WerFault.exe	Unicorn-40162.exe
3596	2260	WerFault.exe	Unicorn-25077.exe
3656	2976	WerFault.exe	Unicorn-54704.exe
3680	1564	WerFault.exe	Unicorn-6512.exe
3896	792	WerFault.exe	Unicorn-36317.exe
3868	2680	WerFault.exe	Unicorn-58488.exe
3932	2700	WerFault.exe	Unicorn-7057.exe
3144	1348	WerFault.exe	Unicorn-25058.exe
3112	668	WerFault.exe	Unicorn-24873.exe
3180	1284	WerFault.exe	Unicorn-9875.exe
3404	1308	WerFault.exe	Unicorn-26247.exe
3420	1500	WerFault.exe	Unicorn-3177.exe
3544	2712	WerFault.exe	Unicorn-45715.exe
3632	1656	WerFault.exe	Unicorn-22705.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exeUnicorn-14894.exeUnicorn-53662.exeUnicorn-49609.exeUnicorn-40143.exeUnicorn-55598.exeUnicorn-60009.exeUnicorn-10214.exeUnicorn-50723.exeUnicorn-38501.exeUnicorn-58367.exeUnicorn-53359.exeUnicorn-32646.exeUnicorn-43288.exeUnicorn-40290.exeUnicorn-20424.exeUnicorn-425.exeUnicorn-38578.exeUnicorn-58837.exeUnicorn-13165.exeUnicorn-15908.exeUnicorn-15929.exeUnicorn-63536.exeUnicorn-43670.exeUnicorn-46676.exeUnicorn-4234.exeUnicorn-39580.exeUnicorn-44676.exeUnicorn-46767.exeUnicorn-29906.exeUnicorn-64706.exeUnicorn-14389.exeUnicorn-16740.exeUnicorn-27587.exeUnicorn-12265.exeUnicorn-6645.exeUnicorn-7688.exeUnicorn-50745.exeUnicorn-37414.exeUnicorn-55317.exeUnicorn-30746.exeUnicorn-47606.exeUnicorn-32836.exeUnicorn-52702.exeUnicorn-40938.exeUnicorn-25126.exeUnicorn-58488.exeUnicorn-54932.exeUnicorn-40162.exeUnicorn-9875.exeUnicorn-58573.exeUnicorn-45761.exeUnicorn-33997.exeUnicorn-19227.exeUnicorn-59573.exeUnicorn-31613.exeUnicorn-49184.exeUnicorn-18801.exeUnicorn-1961.exeUnicorn-1961.exeUnicorn-7057.exeUnicorn-6512.exeUnicorn-40419.exeUnicorn-47109.exe

pid	process
1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe
2092	Unicorn-14894.exe
2580	Unicorn-53662.exe
2736	Unicorn-49609.exe
3052	Unicorn-40143.exe
2564	Unicorn-55598.exe
2524	Unicorn-60009.exe
2780	Unicorn-10214.exe
1584	Unicorn-50723.exe
2148	Unicorn-38501.exe
1916	Unicorn-58367.exe
796	Unicorn-53359.exe
2012	Unicorn-32646.exe
2088	Unicorn-43288.exe
1840	Unicorn-40290.exe
2080	Unicorn-20424.exe
1076	Unicorn-425.exe
1392	Unicorn-38578.exe
1428	Unicorn-58837.exe
1736	Unicorn-13165.exe
980	Unicorn-15908.exe
1528	Unicorn-15929.exe
2072	Unicorn-63536.exe
1628	Unicorn-43670.exe
2416	Unicorn-46676.exe
1672	Unicorn-4234.exe
984	Unicorn-39580.exe
888	Unicorn-44676.exe
1844	Unicorn-46767.exe
1520	Unicorn-29906.exe
2748	Unicorn-64706.exe
2632	Unicorn-14389.exe
2612	Unicorn-16740.exe
1252	Unicorn-27587.exe
2988	Unicorn-12265.exe
1184	Unicorn-6645.exe
2836	Unicorn-7688.exe
1904	Unicorn-50745.exe
2368	Unicorn-37414.exe
1900	Unicorn-55317.exe
1588	Unicorn-30746.exe
1596	Unicorn-47606.exe
1412	Unicorn-32836.exe
1480	Unicorn-52702.exe
2276	Unicorn-40938.exe
2244	Unicorn-25126.exe
2680	Unicorn-58488.exe
352	Unicorn-54932.exe
692	Unicorn-40162.exe
1284	Unicorn-9875.exe
2340	Unicorn-58573.exe
2112	Unicorn-45761.exe
2460	Unicorn-33997.exe
1568	Unicorn-19227.exe
1620	Unicorn-59573.exe
2568	Unicorn-31613.exe
2796	Unicorn-49184.exe
2808	Unicorn-18801.exe
2956	Unicorn-1961.exe
2952	Unicorn-1961.exe
2700	Unicorn-7057.exe
1564	Unicorn-6512.exe
2848	Unicorn-40419.exe
1724	Unicorn-47109.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exeUnicorn-14894.exeUnicorn-53662.exeUnicorn-49609.exeUnicorn-40143.exeUnicorn-60009.exeUnicorn-55598.exeUnicorn-10214.exe

description	pid	process	target process
PID 1768 wrote to memory of 2092	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	Unicorn-14894.exe
PID 1768 wrote to memory of 2092	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	Unicorn-14894.exe
PID 1768 wrote to memory of 2092	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	Unicorn-14894.exe
PID 1768 wrote to memory of 2092	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	Unicorn-14894.exe
PID 2092 wrote to memory of 2580	2092	Unicorn-14894.exe	Unicorn-53662.exe
PID 2092 wrote to memory of 2580	2092	Unicorn-14894.exe	Unicorn-53662.exe
PID 2092 wrote to memory of 2580	2092	Unicorn-14894.exe	Unicorn-53662.exe
PID 2092 wrote to memory of 2580	2092	Unicorn-14894.exe	Unicorn-53662.exe
PID 1768 wrote to memory of 2736	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	Unicorn-49609.exe
PID 1768 wrote to memory of 2736	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	Unicorn-49609.exe
PID 1768 wrote to memory of 2736	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	Unicorn-49609.exe
PID 1768 wrote to memory of 2736	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	Unicorn-49609.exe
PID 1768 wrote to memory of 2484	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	WerFault.exe
PID 1768 wrote to memory of 2484	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	WerFault.exe
PID 1768 wrote to memory of 2484	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	WerFault.exe
PID 1768 wrote to memory of 2484	1768	8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe	WerFault.exe
PID 2580 wrote to memory of 2564	2580	Unicorn-53662.exe	Unicorn-55598.exe
PID 2580 wrote to memory of 2564	2580	Unicorn-53662.exe	Unicorn-55598.exe
PID 2580 wrote to memory of 2564	2580	Unicorn-53662.exe	Unicorn-55598.exe
PID 2580 wrote to memory of 2564	2580	Unicorn-53662.exe	Unicorn-55598.exe
PID 2092 wrote to memory of 3052	2092	Unicorn-14894.exe	Unicorn-40143.exe
PID 2092 wrote to memory of 3052	2092	Unicorn-14894.exe	Unicorn-40143.exe
PID 2092 wrote to memory of 3052	2092	Unicorn-14894.exe	Unicorn-40143.exe
PID 2092 wrote to memory of 3052	2092	Unicorn-14894.exe	Unicorn-40143.exe
PID 2736 wrote to memory of 2524	2736	Unicorn-49609.exe	Unicorn-60009.exe
PID 2736 wrote to memory of 2524	2736	Unicorn-49609.exe	Unicorn-60009.exe
PID 2736 wrote to memory of 2524	2736	Unicorn-49609.exe	Unicorn-60009.exe
PID 2736 wrote to memory of 2524	2736	Unicorn-49609.exe	Unicorn-60009.exe
PID 2092 wrote to memory of 328	2092	Unicorn-14894.exe	WerFault.exe
PID 2092 wrote to memory of 328	2092	Unicorn-14894.exe	WerFault.exe
PID 2092 wrote to memory of 328	2092	Unicorn-14894.exe	WerFault.exe
PID 2092 wrote to memory of 328	2092	Unicorn-14894.exe	WerFault.exe
PID 3052 wrote to memory of 2780	3052	Unicorn-40143.exe	Unicorn-10214.exe
PID 3052 wrote to memory of 2780	3052	Unicorn-40143.exe	Unicorn-10214.exe
PID 3052 wrote to memory of 2780	3052	Unicorn-40143.exe	Unicorn-10214.exe
PID 3052 wrote to memory of 2780	3052	Unicorn-40143.exe	Unicorn-10214.exe
PID 2524 wrote to memory of 1584	2524	Unicorn-60009.exe	Unicorn-50723.exe
PID 2524 wrote to memory of 1584	2524	Unicorn-60009.exe	Unicorn-50723.exe
PID 2524 wrote to memory of 1584	2524	Unicorn-60009.exe	Unicorn-50723.exe
PID 2524 wrote to memory of 1584	2524	Unicorn-60009.exe	Unicorn-50723.exe
PID 2564 wrote to memory of 1916	2564	Unicorn-55598.exe	Unicorn-58367.exe
PID 2564 wrote to memory of 1916	2564	Unicorn-55598.exe	Unicorn-58367.exe
PID 2564 wrote to memory of 1916	2564	Unicorn-55598.exe	Unicorn-58367.exe
PID 2564 wrote to memory of 1916	2564	Unicorn-55598.exe	Unicorn-58367.exe
PID 2736 wrote to memory of 2148	2736	Unicorn-49609.exe	Unicorn-38501.exe
PID 2736 wrote to memory of 2148	2736	Unicorn-49609.exe	Unicorn-38501.exe
PID 2736 wrote to memory of 2148	2736	Unicorn-49609.exe	Unicorn-38501.exe
PID 2736 wrote to memory of 2148	2736	Unicorn-49609.exe	Unicorn-38501.exe
PID 2580 wrote to memory of 796	2580	Unicorn-53662.exe	Unicorn-53359.exe
PID 2580 wrote to memory of 796	2580	Unicorn-53662.exe	Unicorn-53359.exe
PID 2580 wrote to memory of 796	2580	Unicorn-53662.exe	Unicorn-53359.exe
PID 2580 wrote to memory of 796	2580	Unicorn-53662.exe	Unicorn-53359.exe
PID 2580 wrote to memory of 1512	2580	Unicorn-53662.exe	WerFault.exe
PID 2580 wrote to memory of 1512	2580	Unicorn-53662.exe	WerFault.exe
PID 2580 wrote to memory of 1512	2580	Unicorn-53662.exe	WerFault.exe
PID 2580 wrote to memory of 1512	2580	Unicorn-53662.exe	WerFault.exe
PID 2736 wrote to memory of 1440	2736	Unicorn-49609.exe	WerFault.exe
PID 2736 wrote to memory of 1440	2736	Unicorn-49609.exe	WerFault.exe
PID 2736 wrote to memory of 1440	2736	Unicorn-49609.exe	WerFault.exe
PID 2736 wrote to memory of 1440	2736	Unicorn-49609.exe	WerFault.exe
PID 2780 wrote to memory of 2012	2780	Unicorn-10214.exe	Unicorn-32646.exe
PID 2780 wrote to memory of 2012	2780	Unicorn-10214.exe	Unicorn-32646.exe
PID 2780 wrote to memory of 2012	2780	Unicorn-10214.exe	Unicorn-32646.exe
PID 2780 wrote to memory of 2012	2780	Unicorn-10214.exe	Unicorn-32646.exe

C:\Users\Admin\AppData\Local\Temp\8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe
"C:\Users\Admin\AppData\Local\Temp\8abb2347ae49721447f9c79b358a516214bfe797aa6a1538e200def2e94eb75c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-40938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40938.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe
10⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
11⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
12⤵
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
12⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
11⤵
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
11⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-10915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10915.exe
10⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
11⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
11⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
9⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
10⤵
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
10⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 220
9⤵
- Program crash
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
8⤵
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
9⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
10⤵
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
10⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
9⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
9⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
8⤵
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
8⤵
PID:284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
9⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
8⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
9⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
9⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
8⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
7⤵
- Program crash
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe
8⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
9⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
10⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
10⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-29791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29791.exe
10⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
9⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
8⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
9⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-6520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6520.exe
10⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
9⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
9⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
8⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
7⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
8⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
10⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
10⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
9⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 220
9⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
9⤵
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
8⤵
- Program crash
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
7⤵
- Program crash
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
6⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-39580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39580.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
9⤵
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
10⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
11⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
11⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 216
10⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
10⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
10⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
9⤵
- Program crash
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56755.exe
8⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
9⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
9⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
8⤵
- Program crash
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
8⤵
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
8⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
7⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
7⤵
- Executes dropped EXE
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
7⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
9⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
9⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
8⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 220
7⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
6⤵
- Program crash
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
6⤵
- Executes dropped EXE
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
8⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
10⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
8⤵
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
7⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
8⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
8⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 220
7⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
6⤵
- Program crash
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
7⤵
PID:540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
8⤵
- Program crash
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
7⤵
PID:1420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 220
8⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
7⤵
- Program crash
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
6⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
7⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
8⤵
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
6⤵
- Program crash
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 240
5⤵
- Program crash
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-15908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15908.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
9⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
10⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
11⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
11⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 236
10⤵
- Program crash
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
9⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
10⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
11⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
11⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
10⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 220
10⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
9⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
8⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
9⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
10⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
9⤵
- Program crash
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
8⤵
- Program crash
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
8⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
9⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
10⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
8⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
10⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
10⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
9⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
8⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
7⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
8⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-64775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64775.exe
9⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
10⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
10⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
9⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-33669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33669.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
9⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
9⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
8⤵
- Program crash
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-7273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7273.exe
7⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
9⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
9⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
8⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
- Program crash
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
6⤵
- Program crash
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
5⤵
- Executes dropped EXE
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
5⤵
- Program crash
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
8⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
9⤵
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-8125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8125.exe
8⤵
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 220
9⤵
PID:532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
8⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
7⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
8⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
7⤵
- Program crash
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
7⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
9⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
8⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
7⤵
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 220
8⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
7⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
6⤵
- Program crash
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe
7⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
9⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
9⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
8⤵
- Program crash
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
7⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
8⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
8⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
7⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
6⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
7⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
8⤵
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
8⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
7⤵
- Program crash
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
6⤵
- Program crash
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
5⤵
- Program crash
PID:1396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-49609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49609.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-63536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63536.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-6645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6645.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
9⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
10⤵
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
10⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
8⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
10⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
10⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
9⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 240
8⤵
- Program crash
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
7⤵
- Program crash
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
10⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
10⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
8⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
9⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
7⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
9⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
8⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
7⤵
- Program crash
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
6⤵
- Program crash
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-46167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46167.exe
8⤵
PID:440

C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
10⤵
PID:664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
10⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 236
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
8⤵
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
8⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
7⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
9⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
9⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
8⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
7⤵
- Program crash
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
7⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
9⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
7⤵
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
7⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
6⤵
- Program crash
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
5⤵
- Program crash
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
8⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
8⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
7⤵
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
7⤵
- Program crash
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
6⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-16824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16824.exe
7⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
9⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
9⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
8⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
7⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
8⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
8⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 220
7⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
6⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
7⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
8⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
8⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
7⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
7⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
6⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
5⤵
- Program crash
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
5⤵
- Program crash
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
6⤵
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
6⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
7⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
8⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
8⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
7⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 220
7⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-36317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36317.exe
5⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
6⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
7⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
7⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
6⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
5⤵
- Program crash
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
4⤵
- Program crash
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
2⤵
- Program crash
PID:2484

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
Filesize
184KB

MD5
3912be1669839a5b0ed3c857f0b65b14

SHA1
50cdef291490f7ce3e2aa24f25d15674d9ea62f2

SHA256
39423fc2c6ca309f0d720dbe05dc4fb41537ac9d1b23b8fb418c35316e9b3f36

SHA512
69b6f2854937e2cfa22a75cd4130cd40413aa8748b311e5e0cf3e781853315edd4df275025c403300ad95edab94f0822fcf38c6eebc57a14f508147ecde7f2d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
Filesize
184KB

MD5
2cb421426a2ca8103c4fd49dab4e9fb2

SHA1
4ddae815c9d67f854ee4e64edd5f31aa7c342e70

SHA256
deec37b3a6c9bb9d6655baa20cf3b9fb93f1887c54b6bb520170d7cea231c030

SHA512
8d91afc4ad9c4bad1ec00c7f7cd8fb8acb17315fefd8c0bf504ac9a159e10634eeae38ac7dbd4e2f5ae97242c64fce3bfec470812bd2092f1bc0c9a2ea218668

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
Filesize
184KB

MD5
aa6d81039c052c046a63f2603232e9cf

SHA1
4dab7fd5d89548081d7a8e3cd0518a44e7fce9b5

SHA256
a07f431d52a15273cfdd73feed1db0967c640f0fc3b6211f24cec048d00ae5ea

SHA512
4437fbb3dd26f30b7438be07b83f147c6ff03cd98ebb50891b8c9e85e99f63962cb3c20feed2eb681e8a0895bae21114ab39cdba3ee7130764e72aba4bb66b59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
Filesize
184KB

MD5
6690d55d864e33b34959f5a2d56e122b

SHA1
d20eeef0d6a4c5858971f18bd43f104d8e23b51c

SHA256
901eddfb5d49328424c7dafda3a0647a20049cf4cc5ebbc2e558ef7a5c1aebb7

SHA512
ff4e0b7974f5392533cc4a8cbb1c0eaedfbf44bc626ec5c38f857e910a83f7464b9516b2991d8d928bafd85d017a42969195e8dc8e6442e238efe6783d131d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
Filesize
184KB

MD5
935fa9dc6569e8867d0618fd30716029

SHA1
318099701a9f08d6503902703a9430c16d6383fb

SHA256
70987828b8027093fb8f5a64d41d718b22e60424d38e6c9aaca40e8ed5234ffb

SHA512
23c387cd1d5a6cbe397bd953268dace2dfa361422c38acabb3b8f3e5418f022d71c0e855bbc067d5c5bc1574787b4c7911e1474b2963740c83e8cb521111a9c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49609.exe
Filesize
184KB

MD5
d7483d2d0b145b5589830154d77d69ff

SHA1
1095405cb723b873ddd751df91ba1762d0298568

SHA256
cd00a3d2a221ad0158d642fa4b1ed38003ddddf0db4d5b61a9496157e110c80e

SHA512
9dff329c9de18fd297584fbfe22df670bafcd91fe176c322484627190e91cd4d16190f23046291c4b483cdc37be8fb8ba116473813cddcf424ec07b356952e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
Filesize
184KB

MD5
da41479930b874de1900e9d14bab8233

SHA1
f43aadf51a5c5f80ca3e9401cd36e92b823fc406

SHA256
51fb5b329fade3552ba343ea74a8545dda11111871857605c92841e04e88c0da

SHA512
800c7af1f741efe520bddd1a3ef763d0b9d1c1a45a0fd6dfef628e04890695c86135afa7392380172200040c643e452ff7b93d5dc45b750c0508cdae07e95385

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
Filesize
184KB

MD5
f89ad7f665fc158a7f9962db28b8291e

SHA1
a7ae277d78c1f98cffbac2917c13c15a02377eb6

SHA256
b86537e81802743e286dcb6ff384746c73ac5dcfb7457d3918fd1bce1279c56e

SHA512
06c4a5691ff52da79425dab60406b9700c325b2703cb2156869bde0e5ee9fc21f990004bbd8392585b457c74427d360a897d5be73a78c1d4f0289223ddc3af0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
Filesize
184KB

MD5
01d809d447177eec6ae9f3da94b372d1

SHA1
824354174d7e3d10ed96328f55ec3596c5f8f530

SHA256
729ab6807eaf20e685710b305ca66c8bd85ccb28f90e33d3ab3b74c0e1b5a443

SHA512
ff4cd7a5db54dca8165f0862a6d97c314a8e23873687a1cb68afa0df7e78dd36b505606ccc0f2c66765d805a5de03f62681e0183c6eba4fa45bb521a87a55a19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
Filesize
184KB

MD5
d0037091fa02b7f8412be8da6e301341

SHA1
7ec68f79aef33f1056cfc902301d2d275a96bdfd

SHA256
cd549446b22ddec7c915660dbdc3ecaa1af9ddf89965cf7fa4c00b0c6d69c2df

SHA512
3506013c1c17c090b986f4114efc8bf59c970fd6166164e2d565cfef594bf9a28dd080e6e794bbffe6950ce74e301d1ae7cd16d7dcbc96b432d3748f56e3aae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
Filesize
184KB

MD5
2a6ec7fd283a948e791585fccc5652b9

SHA1
51cba7bb054022e0a539c5f5b30c6ca0006e097d

SHA256
063631bab852e4ee21cae7d324af0f838af7969a7e48f8e640e0ad1867685e68

SHA512
9056f73264c5cd5f5c7e34f602fd690a271e29181a135a7b52dfc03adf3edb5008fc0b8d7d5ed0b207b0f3be1ca5c0ea83e0ceb7f61b1a8e3b6fa24ab7bd49e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6520.exe
Filesize
184KB

MD5
f6be391b2fa238e060b118bb14f2c5b9

SHA1
35ce78b6ad4130590317f7ce3739ab157980075f

SHA256
97d9ceab41dfa6cfa427a50ad2e84ff46383123fd90efcc9003fd5303ffc2b6c

SHA512
4c96da3ece554eb8fa9a467876bc5a530e0d358f1e48ee379791d565d233a24487de54a54c8353e9dff45e04e1b95ab851523c4505963a813f046c42cb74d150

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6645.exe
Filesize
184KB

MD5
f9983fb407deaebb149c3bbe3f8e14d1

SHA1
41e719f99bde0984cc814591d2455d6389c63766

SHA256
c2f5e921184bfe61e3f5536eb6b14d5a5639df60caae84adea701735df67fc38

SHA512
66ba6b75b8cad9cc380b7298fcc547d6ba6cb60c27750eda41968385cd23ca1be14c4f1a19905b0fd10d82c867d514f251f142549838427ecc3b63468b65b662

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
Filesize
184KB

MD5
722d98cb6fb7d7e61b759c5ab2fc72c3

SHA1
21231b38568f891de682dbdca5f0fa178fa53270

SHA256
85f378cde78514c95dbd37f3f10b3cdb4efe59a9d88d0421dc6f06bc438737c2

SHA512
4ea2989e244fffe7105ff8d8b3b1eb1870364f88d725915fa8183f6e9e3a0105f16dfa43d0f0c110cb60327a896f46589762154bcbbc4d00b83345880496e37f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
Filesize
184KB

MD5
1cf08878fb6e25f3c756d594f74e51e4

SHA1
11fed972e958c2cd456537c8e0b7be85a80d4b66

SHA256
6fd0001675e0b1ab2d28214a5ca8defd8658e8647e6f0cb0f6f879b4d887b132

SHA512
408defacd043149600cf1942d552fd11f951583d37ab38c2bff9192eaeb59f8d07ef2820b694c89026f120c9e96d85ee56b273d29c87a8cb5d4d05f06e8ff15c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
Filesize
184KB

MD5
20fd651c4625c620a067e238037877c7

SHA1
2265b6b5f12cd443ace51a43b527c73e46528bce

SHA256
c1ce380861c8499039e9f2f7584c4d2a45c06b74e5eb460c21616becec6d14c0

SHA512
c4d79191adeb14dbc67865f078083d9442b08ce58e16d782c3d9ac202f8d35a82673402f3e10cb6791f2ae784917d22f0a17e20eb7ba8f69068cd4ec05d73dd9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
Filesize
184KB

MD5
6606bac899ba8732a2640111d16e416c

SHA1
37b9946dcdb171d9dc0fe1409bf50b4aa9ca732a

SHA256
c005cc19038ff61a134e36b4bea45aeab0a26edb61747bc09edb309d9c949abd

SHA512
99883c4dbb6c1f3c2c9f04d2f6ae33564e5e27f9d2b1796cf3d15f95bf38bfac4c61cb230cb49b43ef64cfe7493a16b3c2571256113114cd350d0758614465ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
Filesize
184KB

MD5
b2e2ff75bcd29323fe4f9c4f3a281fa5

SHA1
5c58bdd0336d0b9d57b033ccb952fb55011f4e65

SHA256
6b187d09b8259caa6e29177f887167af57fec38030c5ae7257252f717a974c83

SHA512
0174b10dc42530949681250591d464a3db610dac6513e1b145400986bdd90ca50d1b5f32bdf1f36899dab9a6cfbc3a89b7bdf285ee8df723092bea26753b7cb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
Filesize
184KB

MD5
217e89bc9931e7462f8381948d335450

SHA1
65de9a74a58f02c4be3feb68e0da4c273d3bfa29

SHA256
5555de10cf4ee788f1ed699624b59ea4d809abba92b8c36131b83b3efa0b1642

SHA512
5a2fb55033e802292d567f16a94a263f6b1f6aa833d1ef0d223982fd12acab4e92a078a2b59751a1952daa664cf6b2a8d42f3529dc00cfc02ba5b1887931a9d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
Filesize
184KB

MD5
0c91e8a71c4349e576d27c05d6f9a093

SHA1
94f7da1f4efbda8965ff56a907d46a5560b07c0d

SHA256
ac5250516a96ac7962be472552c40998357628a2d2e60092903a05254ce98d04

SHA512
5b79b27f6edfd52a91527c8376d91a6d8a73d5300f572fd4226eee446299b11c11e02e7d51f660872ca31c01045bf5a857837db23954a19946409ccff4a911c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
Filesize
184KB

MD5
caa7ebff4d9eabc975559ac29094bb8a

SHA1
7a936a95169545f4cc4d2110ed20607aaf108039

SHA256
7b93624cb183c75edc2fa0af10da951048b5b6f21ac821dbb98f83ed97c93e88

SHA512
6beef281c5d291268727aa5f8eef78fb677662c6385545ec54fb07635933990278eb18d0d6c3dcfabdde2bcdc1d8bc5ec4e9a0355dec9ac4d4a3a800da5d0b2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
Filesize
184KB

MD5
3725776053fdd43622a4423e27b5b801

SHA1
2b3924ed77f8bca7aa2f756bf930b9a5cf6da817

SHA256
fd9d01ea361291502e03798113bb7634afb7c6a30aae710699598c71671df43d

SHA512
59af67cbdc7e551db5cd9ad4c51a8c055778b2f8a4cf4ac52ef2a5cd45f7f5b829b02820b2009d068dfc484c024c629903a637e8322e56de56667429503fdfca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
Filesize
184KB

MD5
cdb1baf259a0d581b208a5955208d1a6

SHA1
43f541f1ff952e14dd520fbf6cdd35abfd82e3c1

SHA256
a81582d7ef9911f1579e2104a87aaaa3015d3894e7d06fab2d7f005459c127a8

SHA512
ac4172de37f016d6e05d76a0a368198da3c89f0005abd40a40cd5ab4fcbe00298acc0682e08731e1f6f09285ab4c4ffe5c02b8c7d32b019ce35b57abd67bc9ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
Filesize
184KB

MD5
88e43ebc078d46119c1de867d2a5279e

SHA1
73f7207c90aa9501726c7ecc779f1a362dfb872a

SHA256
15bfb53caa4760f250db40810e5761737c99c1fd0f045f10e11c07103d64f1b5

SHA512
e695ea8d3774fe08f14419a6f9506cfe919468d8e476fb71e5945f063eb88060336701510dd51c1baefdc189db65e1408470697e7a7329c828e120cce29905d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
Filesize
184KB

MD5
2b2fa885edff5bd1f708f221b7cbe8f3

SHA1
2b16a4aef6130ac7b10071006f547191cbe36e1f

SHA256
6318b5992f37b0938916eb1bf2cf164034f1d85c1f08fd4ead37a88cf5234b15

SHA512
b892af0fc54b746347107097dd23e807d97d73d61cbeb14fdb5f5d4e89bcb02296d005b4dd73698e68895e1a41d807e6882c84de25adffff0b423424d04ce970

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads