aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe
Size

184KB
MD5

bc1b20b4239972a841712a42b77ff9dd
SHA1

8cf3e92a6151f23bd6b535ea7c2f04eb15d6df91
SHA256

aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c
SHA512

fde15f92579a116c124cbc1c846ba15d6074a0cab33e8ac9d09586abff19308c5986cdb37d75387340ae7822507d96fe60bdb6e580f32968b1be19a4cc0be510
SSDEEP

1536:SBZY6gZ5u3J8osx1YkTAqHwMFm9yvZc86mddpmLR2VQktXhl5hj5nizpvo:OZ53J8okmkTvdFIWeamLRtCXhlnViFA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-40299.exeUnicorn-16740.exeUnicorn-43059.exeUnicorn-9679.exeUnicorn-29545.exeUnicorn-13535.exeUnicorn-12804.exeUnicorn-43400.exeUnicorn-13572.exeUnicorn-9000.exeUnicorn-18925.exeUnicorn-25252.exeUnicorn-8230.exeUnicorn-28158.exeUnicorn-23559.exeUnicorn-8998.exeUnicorn-21255.exeUnicorn-13093.exeUnicorn-872.exeUnicorn-30534.exeUnicorn-45626.exeUnicorn-24163.exeUnicorn-26493.exeUnicorn-37161.exeUnicorn-6627.exeUnicorn-57027.exeUnicorn-39875.exeUnicorn-59741.exeUnicorn-8999.exeUnicorn-37841.exeUnicorn-42274.exeUnicorn-36113.exeUnicorn-16997.exeUnicorn-18175.exeUnicorn-31557.exeUnicorn-40982.exeUnicorn-1957.exeUnicorn-32438.exeUnicorn-48281.exeUnicorn-49049.exeUnicorn-29183.exeUnicorn-33040.exeUnicorn-30902.exeUnicorn-63574.exeUnicorn-58976.exeUnicorn-59552.exeUnicorn-49895.exeUnicorn-47819.exeUnicorn-9350.exeUnicorn-61950.exeUnicorn-55598.exeUnicorn-42791.exeUnicorn-39911.exeUnicorn-20621.exeUnicorn-31582.exeUnicorn-45157.exeUnicorn-1815.exeUnicorn-40347.exeUnicorn-55640.exeUnicorn-38619.exeUnicorn-18945.exeUnicorn-3486.exeUnicorn-63756.exeUnicorn-48380.exe

pid	process
1888	Unicorn-40299.exe
1132	Unicorn-16740.exe
2996	Unicorn-43059.exe
2680	Unicorn-9679.exe
2516	Unicorn-29545.exe
2520	Unicorn-13535.exe
1160	Unicorn-12804.exe
1480	Unicorn-43400.exe
2400	Unicorn-13572.exe
2572	Unicorn-9000.exe
1148	Unicorn-18925.exe
2708	Unicorn-25252.exe
1172	Unicorn-8230.exe
3036	Unicorn-28158.exe
932	Unicorn-23559.exe
2736	Unicorn-8998.exe
772	Unicorn-21255.exe
1632	Unicorn-13093.exe
1804	Unicorn-872.exe
1544	Unicorn-30534.exe
1624	Unicorn-45626.exe
1964	Unicorn-24163.exe
1952	Unicorn-26493.exe
1752	Unicorn-37161.exe
2176	Unicorn-6627.exe
2076	Unicorn-57027.exe
2868	Unicorn-39875.exe
856	Unicorn-59741.exe
1312	Unicorn-8999.exe
1100	Unicorn-37841.exe
2664	Unicorn-42274.exe
2620	Unicorn-36113.exe
2456	Unicorn-16997.exe
2364	Unicorn-18175.exe
2624	Unicorn-31557.exe
2428	Unicorn-40982.exe
2836	Unicorn-1957.exe
292	Unicorn-32438.exe
1300	Unicorn-48281.exe
2640	Unicorn-49049.exe
2588	Unicorn-29183.exe
912	Unicorn-33040.exe
2424	Unicorn-30902.exe
1104	Unicorn-63574.exe
1136	Unicorn-58976.exe
1640	Unicorn-59552.exe
2780	Unicorn-49895.exe
1264	Unicorn-47819.exe
1968	Unicorn-9350.exe
240	Unicorn-61950.exe
900	Unicorn-55598.exe
1120	Unicorn-42791.exe
2876	Unicorn-39911.exe
364	Unicorn-20621.exe
2440	Unicorn-31582.exe
2896	Unicorn-45157.exe
2636	Unicorn-1815.exe
2724	Unicorn-40347.exe
2348	Unicorn-55640.exe
2992	Unicorn-38619.exe
1672	Unicorn-18945.exe
756	Unicorn-3486.exe
1532	Unicorn-63756.exe
1668	Unicorn-48380.exe

Loads dropped DLL 64 IoCs

Processes:

aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exeUnicorn-40299.exeUnicorn-16740.exeUnicorn-43059.exeWerFault.exeUnicorn-29545.exeUnicorn-9679.exeWerFault.exeWerFault.exeUnicorn-13535.exeUnicorn-9000.exeUnicorn-13572.exeUnicorn-43400.exeUnicorn-12804.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe
2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe
2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe
1888	Unicorn-40299.exe
1888	Unicorn-40299.exe
2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe
1132	Unicorn-16740.exe
1888	Unicorn-40299.exe
1888	Unicorn-40299.exe
1132	Unicorn-16740.exe
2996	Unicorn-43059.exe
2996	Unicorn-43059.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2516	Unicorn-29545.exe
2516	Unicorn-29545.exe
1132	Unicorn-16740.exe
1132	Unicorn-16740.exe
2680	Unicorn-9679.exe
2680	Unicorn-9679.exe
2996	Unicorn-43059.exe
2996	Unicorn-43059.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
2520	Unicorn-13535.exe
2520	Unicorn-13535.exe
2572	Unicorn-9000.exe
2572	Unicorn-9000.exe
2400	Unicorn-13572.exe
2400	Unicorn-13572.exe
2680	Unicorn-9679.exe
2680	Unicorn-9679.exe
1480	Unicorn-43400.exe
1480	Unicorn-43400.exe
1160	Unicorn-12804.exe
1160	Unicorn-12804.exe
2516	Unicorn-29545.exe
2516	Unicorn-29545.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2164	WerFault.exe
2984	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2480	2292	WerFault.exe	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe
2856	1888	WerFault.exe	Unicorn-40299.exe
2704	1132	WerFault.exe	Unicorn-16740.exe
1976	2996	WerFault.exe	Unicorn-43059.exe
2288	2516	WerFault.exe	Unicorn-29545.exe
2164	2680	WerFault.exe	Unicorn-9679.exe
2984	2520	WerFault.exe	Unicorn-13535.exe
2988	2572	WerFault.exe	Unicorn-9000.exe
1892	2400	WerFault.exe	Unicorn-13572.exe
1064	1480	WerFault.exe	Unicorn-43400.exe
1280	1160	WerFault.exe	Unicorn-12804.exe
752	1148	WerFault.exe	Unicorn-18925.exe
1596	2708	WerFault.exe	Unicorn-25252.exe
1152	932	WerFault.exe	Unicorn-23559.exe
2884	772	WerFault.exe	Unicorn-21255.exe
3060	1172	WerFault.exe	Unicorn-8230.exe
1496	3036	WerFault.exe	Unicorn-28158.exe
2968	2736	WerFault.exe	Unicorn-8998.exe
2036	1632	WerFault.exe	Unicorn-13093.exe
2508	1804	WerFault.exe	Unicorn-872.exe
2368	1544	WerFault.exe	Unicorn-30534.exe
2592	1624	WerFault.exe	Unicorn-45626.exe
308	1964	WerFault.exe	Unicorn-24163.exe
1748	2868	WerFault.exe	Unicorn-39875.exe
2948	2176	WerFault.exe	Unicorn-6627.exe
2248	2076	WerFault.exe	Unicorn-57027.exe
2396	2424	WerFault.exe	Unicorn-30902.exe
1840	1640	WerFault.exe	Unicorn-59552.exe
1684	1104	WerFault.exe	Unicorn-63574.exe
2632	1952	WerFault.exe	Unicorn-26493.exe
2980	2640	WerFault.exe	Unicorn-49049.exe
1984	912	WerFault.exe	Unicorn-33040.exe
3124	2456	WerFault.exe	Unicorn-16997.exe
3256	2992	WerFault.exe	Unicorn-38619.exe
3300	1136	WerFault.exe	Unicorn-58976.exe
3420	292	WerFault.exe	Unicorn-32438.exe
3436	1300	WerFault.exe	Unicorn-48281.exe
3428	1752	WerFault.exe	Unicorn-37161.exe
3520	240	WerFault.exe	Unicorn-61950.exe
3528	856	WerFault.exe	Unicorn-59741.exe
3556	2636	WerFault.exe	Unicorn-1815.exe
3572	2348	WerFault.exe	Unicorn-55640.exe
3668	2780	WerFault.exe	Unicorn-49895.exe
3692	1672	WerFault.exe	Unicorn-18945.exe
3720	1312	WerFault.exe	Unicorn-8999.exe
3728	1264	WerFault.exe	Unicorn-47819.exe
3764	900	WerFault.exe	Unicorn-55598.exe
3772	1968	WerFault.exe	Unicorn-9350.exe
3816	2620	WerFault.exe	Unicorn-36113.exe
3968	2664	WerFault.exe	Unicorn-42274.exe
3976	364	WerFault.exe	Unicorn-20621.exe
3992	1120	WerFault.exe	Unicorn-42791.exe
4000	2876	WerFault.exe	Unicorn-39911.exe
4032	2896	WerFault.exe	Unicorn-45157.exe
4048	2624	WerFault.exe	Unicorn-31557.exe
4056	2440	WerFault.exe	Unicorn-31582.exe
880	2364	WerFault.exe	Unicorn-18175.exe
3168	2844	WerFault.exe	Unicorn-19668.exe
3188	2836	WerFault.exe	Unicorn-1957.exe
3244	1100	WerFault.exe	Unicorn-37841.exe
3316	756	WerFault.exe	Unicorn-3486.exe
3684	1668	WerFault.exe	Unicorn-48380.exe
3756	1540	WerFault.exe	Unicorn-35957.exe
4080	2588	WerFault.exe	Unicorn-29183.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exeUnicorn-40299.exeUnicorn-16740.exeUnicorn-43059.exeUnicorn-29545.exeUnicorn-9679.exeUnicorn-13535.exeUnicorn-43400.exeUnicorn-12804.exeUnicorn-13572.exeUnicorn-9000.exeUnicorn-18925.exeUnicorn-25252.exeUnicorn-23559.exeUnicorn-28158.exeUnicorn-8230.exeUnicorn-8998.exeUnicorn-21255.exeUnicorn-13093.exeUnicorn-872.exeUnicorn-30534.exeUnicorn-45626.exeUnicorn-24163.exeUnicorn-57027.exeUnicorn-37161.exeUnicorn-6627.exeUnicorn-39875.exeUnicorn-26493.exeUnicorn-59741.exeUnicorn-8999.exeUnicorn-37841.exeUnicorn-42274.exeUnicorn-36113.exeUnicorn-16997.exeUnicorn-18175.exeUnicorn-31557.exeUnicorn-40982.exeUnicorn-1957.exeUnicorn-32438.exeUnicorn-48281.exeUnicorn-33040.exeUnicorn-30902.exeUnicorn-29183.exeUnicorn-49049.exeUnicorn-63574.exeUnicorn-58976.exeUnicorn-59552.exeUnicorn-49895.exeUnicorn-47819.exeUnicorn-9350.exeUnicorn-61950.exeUnicorn-42791.exeUnicorn-55598.exeUnicorn-20621.exeUnicorn-39911.exeUnicorn-31582.exeUnicorn-45157.exeUnicorn-1815.exeUnicorn-40347.exeUnicorn-55640.exeUnicorn-18945.exeUnicorn-38619.exeUnicorn-3486.exeUnicorn-63756.exe

pid	process
2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe
1888	Unicorn-40299.exe
1132	Unicorn-16740.exe
2996	Unicorn-43059.exe
2516	Unicorn-29545.exe
2680	Unicorn-9679.exe
2520	Unicorn-13535.exe
1480	Unicorn-43400.exe
1160	Unicorn-12804.exe
2400	Unicorn-13572.exe
2572	Unicorn-9000.exe
1148	Unicorn-18925.exe
2708	Unicorn-25252.exe
932	Unicorn-23559.exe
3036	Unicorn-28158.exe
1172	Unicorn-8230.exe
2736	Unicorn-8998.exe
772	Unicorn-21255.exe
1632	Unicorn-13093.exe
1804	Unicorn-872.exe
1544	Unicorn-30534.exe
1624	Unicorn-45626.exe
1964	Unicorn-24163.exe
2076	Unicorn-57027.exe
1752	Unicorn-37161.exe
2176	Unicorn-6627.exe
2868	Unicorn-39875.exe
1952	Unicorn-26493.exe
856	Unicorn-59741.exe
1312	Unicorn-8999.exe
1100	Unicorn-37841.exe
2664	Unicorn-42274.exe
2620	Unicorn-36113.exe
2456	Unicorn-16997.exe
2364	Unicorn-18175.exe
2624	Unicorn-31557.exe
2428	Unicorn-40982.exe
2836	Unicorn-1957.exe
292	Unicorn-32438.exe
1300	Unicorn-48281.exe
912	Unicorn-33040.exe
2424	Unicorn-30902.exe
2588	Unicorn-29183.exe
2640	Unicorn-49049.exe
1104	Unicorn-63574.exe
1136	Unicorn-58976.exe
1640	Unicorn-59552.exe
2780	Unicorn-49895.exe
1264	Unicorn-47819.exe
1968	Unicorn-9350.exe
240	Unicorn-61950.exe
1120	Unicorn-42791.exe
900	Unicorn-55598.exe
364	Unicorn-20621.exe
2876	Unicorn-39911.exe
2440	Unicorn-31582.exe
2896	Unicorn-45157.exe
2636	Unicorn-1815.exe
2724	Unicorn-40347.exe
2348	Unicorn-55640.exe
1672	Unicorn-18945.exe
2992	Unicorn-38619.exe
756	Unicorn-3486.exe
1532	Unicorn-63756.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exeUnicorn-40299.exeUnicorn-16740.exeUnicorn-43059.exeUnicorn-29545.exeUnicorn-9679.exeUnicorn-13535.exeUnicorn-9000.exe

description	pid	process	target process
PID 2292 wrote to memory of 1888	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	Unicorn-40299.exe
PID 2292 wrote to memory of 1888	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	Unicorn-40299.exe
PID 2292 wrote to memory of 1888	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	Unicorn-40299.exe
PID 2292 wrote to memory of 1888	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	Unicorn-40299.exe
PID 1888 wrote to memory of 1132	1888	Unicorn-40299.exe	Unicorn-16740.exe
PID 1888 wrote to memory of 1132	1888	Unicorn-40299.exe	Unicorn-16740.exe
PID 1888 wrote to memory of 1132	1888	Unicorn-40299.exe	Unicorn-16740.exe
PID 1888 wrote to memory of 1132	1888	Unicorn-40299.exe	Unicorn-16740.exe
PID 2292 wrote to memory of 2996	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	Unicorn-43059.exe
PID 2292 wrote to memory of 2996	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	Unicorn-43059.exe
PID 2292 wrote to memory of 2996	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	Unicorn-43059.exe
PID 2292 wrote to memory of 2996	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	Unicorn-43059.exe
PID 2292 wrote to memory of 2480	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	WerFault.exe
PID 2292 wrote to memory of 2480	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	WerFault.exe
PID 2292 wrote to memory of 2480	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	WerFault.exe
PID 2292 wrote to memory of 2480	2292	aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe	WerFault.exe
PID 1888 wrote to memory of 2680	1888	Unicorn-40299.exe	Unicorn-9679.exe
PID 1888 wrote to memory of 2680	1888	Unicorn-40299.exe	Unicorn-9679.exe
PID 1888 wrote to memory of 2680	1888	Unicorn-40299.exe	Unicorn-9679.exe
PID 1888 wrote to memory of 2680	1888	Unicorn-40299.exe	Unicorn-9679.exe
PID 1132 wrote to memory of 2516	1132	Unicorn-16740.exe	Unicorn-29545.exe
PID 1132 wrote to memory of 2516	1132	Unicorn-16740.exe	Unicorn-29545.exe
PID 1132 wrote to memory of 2516	1132	Unicorn-16740.exe	Unicorn-29545.exe
PID 1132 wrote to memory of 2516	1132	Unicorn-16740.exe	Unicorn-29545.exe
PID 2996 wrote to memory of 2520	2996	Unicorn-43059.exe	Unicorn-13535.exe
PID 2996 wrote to memory of 2520	2996	Unicorn-43059.exe	Unicorn-13535.exe
PID 2996 wrote to memory of 2520	2996	Unicorn-43059.exe	Unicorn-13535.exe
PID 2996 wrote to memory of 2520	2996	Unicorn-43059.exe	Unicorn-13535.exe
PID 1888 wrote to memory of 2856	1888	Unicorn-40299.exe	WerFault.exe
PID 1888 wrote to memory of 2856	1888	Unicorn-40299.exe	WerFault.exe
PID 1888 wrote to memory of 2856	1888	Unicorn-40299.exe	WerFault.exe
PID 1888 wrote to memory of 2856	1888	Unicorn-40299.exe	WerFault.exe
PID 2516 wrote to memory of 1160	2516	Unicorn-29545.exe	Unicorn-12804.exe
PID 2516 wrote to memory of 1160	2516	Unicorn-29545.exe	Unicorn-12804.exe
PID 2516 wrote to memory of 1160	2516	Unicorn-29545.exe	Unicorn-12804.exe
PID 2516 wrote to memory of 1160	2516	Unicorn-29545.exe	Unicorn-12804.exe
PID 1132 wrote to memory of 1480	1132	Unicorn-16740.exe	Unicorn-43400.exe
PID 1132 wrote to memory of 1480	1132	Unicorn-16740.exe	Unicorn-43400.exe
PID 1132 wrote to memory of 1480	1132	Unicorn-16740.exe	Unicorn-43400.exe
PID 1132 wrote to memory of 1480	1132	Unicorn-16740.exe	Unicorn-43400.exe
PID 2680 wrote to memory of 2400	2680	Unicorn-9679.exe	Unicorn-13572.exe
PID 2680 wrote to memory of 2400	2680	Unicorn-9679.exe	Unicorn-13572.exe
PID 2680 wrote to memory of 2400	2680	Unicorn-9679.exe	Unicorn-13572.exe
PID 2680 wrote to memory of 2400	2680	Unicorn-9679.exe	Unicorn-13572.exe
PID 2996 wrote to memory of 2572	2996	Unicorn-43059.exe	Unicorn-9000.exe
PID 2996 wrote to memory of 2572	2996	Unicorn-43059.exe	Unicorn-9000.exe
PID 2996 wrote to memory of 2572	2996	Unicorn-43059.exe	Unicorn-9000.exe
PID 2996 wrote to memory of 2572	2996	Unicorn-43059.exe	Unicorn-9000.exe
PID 1132 wrote to memory of 2704	1132	Unicorn-16740.exe	WerFault.exe
PID 1132 wrote to memory of 2704	1132	Unicorn-16740.exe	WerFault.exe
PID 1132 wrote to memory of 2704	1132	Unicorn-16740.exe	WerFault.exe
PID 1132 wrote to memory of 2704	1132	Unicorn-16740.exe	WerFault.exe
PID 2996 wrote to memory of 1976	2996	Unicorn-43059.exe	WerFault.exe
PID 2996 wrote to memory of 1976	2996	Unicorn-43059.exe	WerFault.exe
PID 2996 wrote to memory of 1976	2996	Unicorn-43059.exe	WerFault.exe
PID 2996 wrote to memory of 1976	2996	Unicorn-43059.exe	WerFault.exe
PID 2520 wrote to memory of 1148	2520	Unicorn-13535.exe	Unicorn-18925.exe
PID 2520 wrote to memory of 1148	2520	Unicorn-13535.exe	Unicorn-18925.exe
PID 2520 wrote to memory of 1148	2520	Unicorn-13535.exe	Unicorn-18925.exe
PID 2520 wrote to memory of 1148	2520	Unicorn-13535.exe	Unicorn-18925.exe
PID 2572 wrote to memory of 2708	2572	Unicorn-9000.exe	Unicorn-25252.exe
PID 2572 wrote to memory of 2708	2572	Unicorn-9000.exe	Unicorn-25252.exe
PID 2572 wrote to memory of 2708	2572	Unicorn-9000.exe	Unicorn-25252.exe
PID 2572 wrote to memory of 2708	2572	Unicorn-9000.exe	Unicorn-25252.exe

C:\Users\Admin\AppData\Local\Temp\aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe
"C:\Users\Admin\AppData\Local\Temp\aaf69972dd97b68ea37df27c883840cf78faeebd3264d287334b23f7d95d4f2c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-40982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40982.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-13313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13313.exe
10⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
11⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
12⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
13⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 236
13⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
12⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
11⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
10⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
9⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-53358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53358.exe
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-26530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26530.exe
11⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
12⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
13⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
12⤵
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 236
11⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 216
10⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
9⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
8⤵
- Executes dropped EXE
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-18568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18568.exe
9⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
11⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
12⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
13⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 236
13⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 220
12⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
11⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
10⤵
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
9⤵
- Program crash
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
8⤵
- Program crash
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
9⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
11⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
12⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
12⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
11⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 216
10⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-40637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40637.exe
8⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
9⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 200
10⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
9⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
8⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
7⤵
- Program crash
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-55640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55640.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
9⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
10⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
11⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
12⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
13⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 236
13⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
12⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
11⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 216
10⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
9⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-27700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27700.exe
8⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
11⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
12⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 236
12⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
9⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
8⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
10⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
11⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
12⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 236
12⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 236
11⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
9⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
8⤵
- Program crash
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
- Program crash
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
6⤵
- Program crash
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
8⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
10⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
11⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
12⤵
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 236
12⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
11⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
10⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
9⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
8⤵
- Program crash
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
7⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
9⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
10⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
11⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
11⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
10⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
9⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
8⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
7⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
7⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-31166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31166.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64328.exe
10⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 188
11⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
10⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
9⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
8⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
7⤵
- Program crash
PID:1840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
6⤵
- Program crash
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
8⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
11⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
12⤵
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
12⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
11⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
10⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
9⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
8⤵
- Program crash
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
7⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
10⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
11⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
11⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
10⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
9⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
8⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
7⤵
- Program crash
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
7⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
8⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-46194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46194.exe
10⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
11⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
12⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
12⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 236
11⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
10⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 216
9⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
8⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
7⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-60960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60960.exe
8⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
9⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-58311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58311.exe
10⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
11⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
11⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 236
10⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 236
9⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
7⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
6⤵
- Program crash
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-30902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30902.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
7⤵
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
8⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
10⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
11⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
11⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
10⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
9⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
8⤵
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
7⤵
- Program crash
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
6⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
7⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
8⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
9⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
10⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
9⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
8⤵
PID:2132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 216
7⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
6⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
5⤵
- Program crash
PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
10⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
12⤵
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 236
12⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
11⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
10⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
9⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
8⤵
- Program crash
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
7⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
10⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
11⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
11⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
9⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
8⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
7⤵
- Program crash
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
7⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
10⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-50442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50442.exe
11⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 236
11⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
9⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
8⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
7⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
6⤵
- Program crash
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-32438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32438.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-38619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38619.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
8⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
9⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
10⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
11⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
12⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
12⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
11⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
10⤵
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
9⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
8⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-60565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60565.exe
7⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
10⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
11⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
11⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 236
10⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
8⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
7⤵
- Program crash
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-25527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25527.exe
7⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
8⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
9⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
10⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 240
11⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
10⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
9⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
8⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 236
7⤵
- Program crash
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
6⤵
- Program crash
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
5⤵
- Program crash
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
8⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
10⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
11⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
12⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
12⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 236
11⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 216
9⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
8⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-570.exe
7⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
8⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
9⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
10⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
11⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 236
10⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 236
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 216
8⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
7⤵
- Program crash
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35677.exe
7⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
10⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 236
11⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
9⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
8⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
7⤵
- Program crash
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
6⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
7⤵
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
8⤵
- Program crash
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
7⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
6⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
7⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
8⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
9⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
10⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 236
9⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
8⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
7⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
6⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
5⤵
- Program crash
PID:1152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-8999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8999.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-18438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18438.exe
8⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
10⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
11⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
12⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 236
12⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
11⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
9⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
8⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
7⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
10⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
11⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
11⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
10⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
9⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 216
8⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
7⤵
- Program crash
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
7⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
10⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
11⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
11⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
10⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
8⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
7⤵
- Program crash
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
6⤵
- Program crash
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61950.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-55438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55438.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
9⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
10⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
11⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
11⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
10⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
9⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
8⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
7⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-27700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27700.exe
6⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
7⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
8⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
9⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
10⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
10⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
9⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
8⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
7⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
6⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
5⤵
- Program crash
PID:752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-42791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42791.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
8⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
10⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
11⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
12⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
12⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
11⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
9⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 236
8⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
7⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
9⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
10⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-7349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7349.exe
11⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 236
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
10⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
8⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
7⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
7⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-41394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41394.exe
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
10⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
11⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 236
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 236
10⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
9⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 216
8⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
7⤵
- Program crash
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
6⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
7⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
10⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
11⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
11⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
9⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
8⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
7⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
6⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
7⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
8⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
9⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
10⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
10⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 220
9⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
8⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 216
7⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
6⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
5⤵
- Program crash
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
7⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
9⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
10⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
11⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 220
10⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 216
8⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
7⤵
- Program crash
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-2106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2106.exe
6⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
7⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
9⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
10⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 236
10⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
9⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
8⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
7⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
6⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:364

C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
6⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-4797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4797.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
8⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
9⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
10⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
10⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
9⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
8⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 216
7⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 236
6⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
5⤵
- Program crash
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
4⤵
- Program crash
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
2⤵
- Program crash
PID:2480

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
Filesize
184KB

MD5
a0ef48e2fd022d30d694d9d4c791eb1e

SHA1
0dcdc50cb0be26fa2f8e3ac3b95bb641926f34f8

SHA256
a37ea78ccc92fc1ec49fb1862a32215c733f57a790c6989abf4b4ac00d160a1b

SHA512
75527780e3667f3360fce84d62443c1338ed4e3d7fc3e5ce2a4bcb01334a68f9e3687ff9790c59ded4b4720447437bfb386a343f8c8cfa39e655773884a164d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
Filesize
184KB

MD5
7d11c31a7117ab50ebc02be617497809

SHA1
26c7bde7ee9733766c455deffa25a626c1febb25

SHA256
4f6e619276f57583711597900bd532ad5ffab670a620a7964307b6f5167b4bae

SHA512
6b0f3dbf2d7e66ce15ee249f3c354a5fb1d261b615d3ab17b7dc22e6fff63515da5acdd188d9ad45cd49aaf632e67b764cf7c9a0283d2f6536672b05eea251cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
Filesize
184KB

MD5
97b7fe42f3d24b894826079758567a64

SHA1
a91a260d62d0c2fdb81587baf815b9de36ed7a58

SHA256
5ad44c4be0d306ce2fb92462c9daa5ae81f6095ea4803846b240b0a58dda57f9

SHA512
0769d7dd305c90d55ea531a16c16aafb16c8ce3981ac494aa5879df4d23930d577734f6df7a16d1f8b7101008cdb289d635b6f64d361b4ad450c39cf43d4e030

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
Filesize
184KB

MD5
e544e9c43bd568c317901f5c181d88fd

SHA1
d3404010709bac93d045ffcc52d6546b1a598497

SHA256
b3b897ace69fd18f004b9e20320537d6beaab4e2e854624730eae9cbcf9e482c

SHA512
0202b0b320a82427b0dbe97615c174a31881a9136c50a29df6a2ed57d79c6664701abf0fa13305ba3e09e3ceeb8439d69118374a842f7b88f806bd4b881d7b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40637.exe
Filesize
184KB

MD5
4c98808cef5e285dc6b6856508a00b7f

SHA1
6dcc938d04e322d88a12790b4ab0da2caa8ff93b

SHA256
ce2a9750c24997abe1c5a4096fbaccfa18279ce63d9e13fd5619a07634d0414d

SHA512
dafd863bc301b560301f12407da3ac99dae703701ab6520dc582f5a4506ae3d394a53568b798fa23b1444e0071f4662aa4432c5011cd37df9d3339faef288f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
Filesize
184KB

MD5
2758e3392a7c318edd4e57e1e40c78fa

SHA1
b7677345f1a948f1e4fe0866b95bcf94c5a01520

SHA256
911c1589aff6a196ad19771769e10d62882a8d9cac2eb7a369b9562595919d19

SHA512
3474c96ea84ba88bf7b87bda5698961d0e3114ca654d80e0ade493bce814373ebeb5b3fd6ef51a3b8471f92bf3a584f3ab917604a118e154ef172e9500850600

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
Filesize
184KB

MD5
99a467127d7e7f006004cce96ad895bb

SHA1
173eef06203871b03364f6c9beabfdbe3e563dbb

SHA256
d4d360e1c29d82c7d7560d320b9f74e2c6001a29a451203649eba3c43f1bbd35

SHA512
cd558a8e456b69c8615ccd15850e5d450caa1b814dcee8ef9f67fa163feabdf5e81361f15c145a0383bc9d5337dca410e9f6dd6f2218dbf7199a978cad98ac7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
Filesize
184KB

MD5
4ee34f8afeea84e166aac212814b7226

SHA1
dbd4c6e060ae435c40df9802da2c521d019e744e

SHA256
2431b7c9c947a68150df2b1aad28bd11845174cd9859a50b0dd06dcd189a47d0

SHA512
3ab7a1d44720536ccd93c19a16d5258611579763b093d9941a6994cb258f8d235f4bfc095c1aea4e7833bac073c4998508d740dd0d74cb9c3530ce61a589b51e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
Filesize
184KB

MD5
ef49773fe38dc4b7c227b699a67770b5

SHA1
f1e7916f46b6c1210bb111c7908767e7ed76b5ff

SHA256
c9ca693d0645ca83a21d34a76e62d4f5d5c64de9a28567cccd5525164bac74d4

SHA512
f205e3770c92a7c31293fb5a4367d5ddd88d49f0d30291b0829394811522bf4c7c35bc5436ba7443f75c8352ddd7314b7c8f8a9f4bafeb57c14229f969ff6e4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
Filesize
184KB

MD5
fe4315017d91c6ddf4e03599f674f67d

SHA1
3ffe9a66382658b96fc11219a015086a28fd41e3

SHA256
ab3a61f356887ff5acbd0c6588afd7b8f98f53e4a98be168fce998f5483325f2

SHA512
5066ebf3c20a16810fb16f19aa6f2c7b05b6c7f22d752a03ef4cd1fc290de3fc7cfbe788c55fe88d663ac775796465c043eda545db3abe1ff274f0741bf4c367

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
Filesize
184KB

MD5
a9d0844ff3ad34287bee760efdb51847

SHA1
d05ccb3243d290450e34117267e6389264790fe0

SHA256
e1cc6652389f9a2da4e7f3abb1eac53eeaab3bef80c8e125b16bbafb98bdac9a

SHA512
36e7ae7ec71742cf458952a00f2d292f9b33fc764ede29e100b31d971f0d64341ba1b7394c057c66163edb963cffe34c4a85e91aaaf5e01bdb836dfc71daf6e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
Filesize
184KB

MD5
422ada4213cf5d63b607b48bfd11ce22

SHA1
686306a8bc373f64acd9a248105dff47813bc81b

SHA256
97cec68cb450ffec8859431991ea11a4214fe61a4b2acb3d83c4cda0f3211b04

SHA512
10086d52afc497cf9431c80a46080e770524ac042f384a1f0dd0d90351755cc74af73e37c32e3db4a4be96ae30f69f273ec4eab7474329e2a37629efcf9f25da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
Filesize
184KB

MD5
6d48c91f0c90b6566b79f3def6c6ee2c

SHA1
afa8c030402a58fccf95b1567421271cbc48b958

SHA256
d1ebdacff2c4be98382e32dfe109e4a1d492ac82454fee2ca06ababde128eb38

SHA512
d290e746552412cbae384120e5905f0cf5ac151cc661afa3dbd136d6517f1cdd1939ca1605c0ca7680f7e99b4565ecea51513da7ba6f40f3c42bce2160feb57f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
Filesize
184KB

MD5
6d7c6c9d7ecd32fffc8d30a07d2553c7

SHA1
553e24b3eb0fb947746fcabe2fcae00add8c8a30

SHA256
99d03261500ddd2d2a802a85dd58fc14690a579caba7d4cb2f6ce0fcbafdcca5

SHA512
14c00699b6668e328f70f0064e25df7640067cffd3a821e2f5196cdb22f583893049a224366ad8da234ef04ecf301b65434d592c7c098798afac99230c0607e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
Filesize
184KB

MD5
54da2adffd510a72a92a047f4b8af84b

SHA1
f1b62bbcd75aeec0a50c771194e49ed791e9822a

SHA256
135d6dae79122d3c05d2acba93696d542b120de2a96a65ebae539ffacbf12f48

SHA512
a4b237517b704b99ec621936c7373362a661e39d6cfcc9809506993b5492ce384dc231b19ef8a41571519e7522a23ca2aa08e5ee7ee5e7877ff19be68900dbf4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
Filesize
184KB

MD5
fc9bb2aa12fdb989472d9bf29cb270cf

SHA1
dd7b8fe19bd827ab2ddcbbb21908ddf74e65fa4d

SHA256
f3395f819fce9cd72b374583e73368329aae84bebc7a299ee98571540bda8ce9

SHA512
98baa8470d91bf5da478b4d7977173201fe0344ef83d27c408fd6c0c92ad43e8e86243c098c70bd5b4bb6884185c952963aa64331a8bac070ff5a7d3300b33ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
Filesize
184KB

MD5
40ae87c69c0f13c768b2eedd8997a8f9

SHA1
de77af1c54012a8db38b812341f542415d21d6e8

SHA256
97e16805f8a38d5778ade150aeb7eda9944f8b8e25c291832a41a55e108048b8

SHA512
32b3afe7b10b9b0372c17706fc7cafc35d769970a20dc308f24db49d8185ac8fee13ddffaa685a130090b9576f5a4bc08dd4f3318d008102f433895eead642da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
Filesize
184KB

MD5
8fa14ba1f920336991a7360280462a96

SHA1
e4cb41b725c9c9269c93b957cb384578b0349ef9

SHA256
f30908ff405e9fb3b6923b2b7d68ae66e9122b5124ca675db710d06a8bfe8796

SHA512
59fd0b65bfe9c923101e04311c9535a6c4e38d4ae776fd8441ed1bb66c8cda96d3e32ee3b84ee89000612f290b532adb5dac0cd31885eca12c462fec1ad67f41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
Filesize
184KB

MD5
870388d2769df702b3a6c0c75c6a7c53

SHA1
a0c59ed807e1eff56ddc50785c8258a99060464d

SHA256
e811e71fbfea0ff33ea2586e410eb22250f14d7d4943d0a4b6b3910fe8f81d0b

SHA512
af3aa8f4bc8e112f7ea737d3d014c1407c7f322e1a2f389bfa13cc82836277fefb5129aed932da2874aa92b95fb6084376eb11139417ab3a6d68006938300487

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
Filesize
184KB

MD5
9010459e3b6c0e0727afe9365b1aa11f

SHA1
0f1739d95bddcf35d054575628501bb34eeda114

SHA256
4ad4aa3f9e2674abd48258a19cfc59ff09bde550dc14e925ef3d705c58ec6e3d

SHA512
2dd4b7723db094eb5bba6a655131b4af57c18d563e2e20ec5cad113ddcb3a51b142ef54cc9bff72c98c5d081546ca8606b31e28c1be8181435646644b825060f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads