9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe
Size

184KB
MD5

0109ab403b655aafd1c88fb21a3c1fa3
SHA1

af9c0a245e0400b20f445092d6204d69efdb1fdf
SHA256

9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827
SHA512

1ae38a0b25a66375b1cacf1b6ad6ff3252ac1d08288e70c74904b882ae9f90bf4e20b1b97b0e85576288c6dd80a70576095a9fd107b42bc128905682770ba0c0
SSDEEP

1536:RBS/6jZlu3dkotx1ikOAlawMG2/yvZc83mdEKdtR2Hzztdhlohj5nizpvs:zda3dkoTEkOTdGaWejdtR8Zdhl2ViF0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-24447.exeUnicorn-62047.exeUnicorn-46910.exeUnicorn-25731.exeUnicorn-24422.exeUnicorn-48896.exeUnicorn-62143.exeUnicorn-62719.exeUnicorn-58339.exeUnicorn-60607.exeUnicorn-23336.exeUnicorn-56638.exeUnicorn-22404.exeUnicorn-47982.exeUnicorn-24781.exeUnicorn-24589.exeUnicorn-9523.exeUnicorn-29197.exeUnicorn-7987.exeUnicorn-46128.exeUnicorn-22522.exeUnicorn-54016.exeUnicorn-44592.exeUnicorn-56128.exeUnicorn-4488.exeUnicorn-47664.exeUnicorn-2952.exeUnicorn-57965.exeUnicorn-25807.exeUnicorn-10757.exeUnicorn-57005.exeUnicorn-42252.exeUnicorn-47481.exeUnicorn-19935.exeUnicorn-54082.exeUnicorn-45426.exeUnicorn-38405.exeUnicorn-57559.exeUnicorn-36750.exeUnicorn-44295.exeUnicorn-55.exeUnicorn-18385.exeUnicorn-17949.exeUnicorn-47367.exeUnicorn-63620.exeUnicorn-29001.exeUnicorn-1695.exeUnicorn-65120.exeUnicorn-49443.exeUnicorn-15296.exeUnicorn-61612.exeUnicorn-14900.exeUnicorn-60572.exeUnicorn-45191.exeUnicorn-22462.exeUnicorn-50344.exeUnicorn-6016.exeUnicorn-62513.exeUnicorn-3136.exeUnicorn-61325.exeUnicorn-261.exeUnicorn-41180.exeUnicorn-60178.exeUnicorn-55394.exe

pid	process
2172	Unicorn-24447.exe
1988	Unicorn-62047.exe
2980	Unicorn-46910.exe
2656	Unicorn-25731.exe
1964	Unicorn-24422.exe
2608	Unicorn-48896.exe
2404	Unicorn-62143.exe
2868	Unicorn-62719.exe
2408	Unicorn-58339.exe
3008	Unicorn-60607.exe
1908	Unicorn-23336.exe
2340	Unicorn-56638.exe
1640	Unicorn-22404.exe
1528	Unicorn-47982.exe
2684	Unicorn-24781.exe
2700	Unicorn-24589.exe
2648	Unicorn-9523.exe
2944	Unicorn-29197.exe
440	Unicorn-7987.exe
2092	Unicorn-46128.exe
1136	Unicorn-22522.exe
1468	Unicorn-54016.exe
688	Unicorn-44592.exe
2964	Unicorn-56128.exe
2120	Unicorn-4488.exe
2144	Unicorn-47664.exe
2924	Unicorn-2952.exe
2112	Unicorn-57965.exe
1616	Unicorn-25807.exe
2196	Unicorn-10757.exe
2192	Unicorn-57005.exe
2060	Unicorn-42252.exe
2524	Unicorn-47481.exe
2644	Unicorn-19935.exe
2612	Unicorn-54082.exe
2676	Unicorn-45426.exe
2500	Unicorn-38405.exe
2428	Unicorn-57559.exe
1240	Unicorn-36750.exe
2864	Unicorn-44295.exe
2012	Unicorn-55.exe
1592	Unicorn-18385.exe
944	Unicorn-17949.exe
1452	Unicorn-47367.exe
564	Unicorn-63620.exe
1760	Unicorn-29001.exe
848	Unicorn-1695.exe
2668	Unicorn-65120.exe
2732	Unicorn-49443.exe
2616	Unicorn-15296.exe
2096	Unicorn-61612.exe
2896	Unicorn-14900.exe
2200	Unicorn-60572.exe
816	Unicorn-45191.exe
2820	Unicorn-22462.exe
1676	Unicorn-50344.exe
1704	Unicorn-6016.exe
2504	Unicorn-62513.exe
2284	Unicorn-3136.exe
1688	Unicorn-61325.exe
2080	Unicorn-261.exe
1520	Unicorn-41180.exe
1752	Unicorn-60178.exe
1628	Unicorn-55394.exe

Loads dropped DLL 64 IoCs

Processes:

9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exeUnicorn-24447.exeUnicorn-46910.exeUnicorn-62047.exeWerFault.exeUnicorn-24422.exeUnicorn-48896.exeUnicorn-25731.exeWerFault.exeWerFault.exeUnicorn-62143.exeUnicorn-58339.exeUnicorn-23336.exeUnicorn-62719.exeUnicorn-60607.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe
2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe
2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe
2172	Unicorn-24447.exe
2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe
2172	Unicorn-24447.exe
2980	Unicorn-46910.exe
2980	Unicorn-46910.exe
2172	Unicorn-24447.exe
2172	Unicorn-24447.exe
1988	Unicorn-62047.exe
1988	Unicorn-62047.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
1964	Unicorn-24422.exe
1964	Unicorn-24422.exe
2608	Unicorn-48896.exe
2608	Unicorn-48896.exe
1988	Unicorn-62047.exe
1988	Unicorn-62047.exe
2656	Unicorn-25731.exe
2656	Unicorn-25731.exe
2980	Unicorn-46910.exe
2980	Unicorn-46910.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
2404	Unicorn-62143.exe
2408	Unicorn-58339.exe
2404	Unicorn-62143.exe
2408	Unicorn-58339.exe
1964	Unicorn-24422.exe
1964	Unicorn-24422.exe
1908	Unicorn-23336.exe
1908	Unicorn-23336.exe
2868	Unicorn-62719.exe
2868	Unicorn-62719.exe
2608	Unicorn-48896.exe
2608	Unicorn-48896.exe
3008	Unicorn-60607.exe
3008	Unicorn-60607.exe
2656	Unicorn-25731.exe
2656	Unicorn-25731.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
2256	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1648	2008	WerFault.exe	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe
2300	2172	WerFault.exe	Unicorn-24447.exe
2176	2980	WerFault.exe	Unicorn-46910.exe
1916	1988	WerFault.exe	Unicorn-62047.exe
1496	1964	WerFault.exe	Unicorn-24422.exe
1552	2608	WerFault.exe	Unicorn-48896.exe
2256	2656	WerFault.exe	Unicorn-25731.exe
2776	2408	WerFault.exe	Unicorn-58339.exe
1164	2404	WerFault.exe	Unicorn-62143.exe
2464	1908	WerFault.exe	Unicorn-23336.exe
2756	2868	WerFault.exe	Unicorn-62719.exe
3040	3008	WerFault.exe	Unicorn-60607.exe
2624	2092	WerFault.exe	Unicorn-46128.exe
1432	2924	WerFault.exe	Unicorn-2952.exe
2992	1640	WerFault.exe	Unicorn-22404.exe
2076	2340	WerFault.exe	Unicorn-56638.exe
2904	1528	WerFault.exe	Unicorn-47982.exe
1248	2684	WerFault.exe	Unicorn-24781.exe
1336	2700	WerFault.exe	Unicorn-24589.exe
1580	2944	WerFault.exe	Unicorn-29197.exe
2544	440	WerFault.exe	Unicorn-7987.exe
756	2668	WerFault.exe	Unicorn-65120.exe
1536	2648	WerFault.exe	Unicorn-9523.exe
2828	848	WerFault.exe	Unicorn-1695.exe
1692	564	WerFault.exe	Unicorn-63620.exe
1708	688	WerFault.exe	Unicorn-44592.exe
752	2964	WerFault.exe	Unicorn-56128.exe
1696	1616	WerFault.exe	Unicorn-25807.exe
852	1468	WerFault.exe	Unicorn-54016.exe
2672	2192	WerFault.exe	Unicorn-57005.exe
2748	1136	WerFault.exe	Unicorn-22522.exe
2572	2120	WerFault.exe	Unicorn-4488.exe
2132	2612	WerFault.exe	Unicorn-54082.exe
1952	2676	WerFault.exe	Unicorn-45426.exe
2184	2428	WerFault.exe	Unicorn-57559.exe
2316	2500	WerFault.exe	Unicorn-38405.exe
2832	2524	WerFault.exe	Unicorn-47481.exe
932	1240	WerFault.exe	Unicorn-36750.exe
1944	2864	WerFault.exe	Unicorn-44295.exe
1764	1592	WerFault.exe	Unicorn-18385.exe
584	2012	WerFault.exe	Unicorn-55.exe
3116	944	WerFault.exe	Unicorn-17949.exe
3192	1760	WerFault.exe	Unicorn-29001.exe
3244	2112	WerFault.exe	Unicorn-57965.exe
3308	2096	WerFault.exe	Unicorn-61612.exe
3364	2060	WerFault.exe	Unicorn-42252.exe
3476	2644	WerFault.exe	Unicorn-19935.exe
3536	2212	WerFault.exe	Unicorn-11012.exe
3680	2504	WerFault.exe	Unicorn-62513.exe
3840	2144	WerFault.exe	Unicorn-47664.exe
3856	816	WerFault.exe	Unicorn-45191.exe
3848	2732	WerFault.exe	Unicorn-49443.exe
3864	2196	WerFault.exe	Unicorn-10757.exe
4016	1452	WerFault.exe	Unicorn-47367.exe
4052	1676	WerFault.exe	Unicorn-50344.exe
3088	2236	WerFault.exe	Unicorn-38185.exe
4084	2968	WerFault.exe	Unicorn-33521.exe
3152	1688	WerFault.exe	Unicorn-61325.exe
3176	2100	WerFault.exe	Unicorn-10775.exe
3340	1628	WerFault.exe	Unicorn-55394.exe
3420	1620	WerFault.exe	Unicorn-48238.exe
3444	2820	WerFault.exe	Unicorn-22462.exe
3492	108	WerFault.exe	Unicorn-30100.exe
3568	2456	WerFault.exe	Unicorn-45885.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exeUnicorn-24447.exeUnicorn-62047.exeUnicorn-46910.exeUnicorn-25731.exeUnicorn-24422.exeUnicorn-48896.exeUnicorn-62143.exeUnicorn-58339.exeUnicorn-62719.exeUnicorn-23336.exeUnicorn-60607.exeUnicorn-22404.exeUnicorn-56638.exeUnicorn-47982.exeUnicorn-24781.exeUnicorn-24589.exeUnicorn-9523.exeUnicorn-29197.exeUnicorn-7987.exeUnicorn-22522.exeUnicorn-46128.exeUnicorn-54016.exeUnicorn-44592.exeUnicorn-56128.exeUnicorn-47664.exeUnicorn-4488.exeUnicorn-57965.exeUnicorn-2952.exeUnicorn-42252.exeUnicorn-25807.exeUnicorn-10757.exeUnicorn-57005.exeUnicorn-47481.exeUnicorn-19935.exeUnicorn-54082.exeUnicorn-38405.exeUnicorn-45426.exeUnicorn-57559.exeUnicorn-36750.exeUnicorn-44295.exeUnicorn-55.exeUnicorn-63620.exeUnicorn-18385.exeUnicorn-29001.exeUnicorn-47367.exeUnicorn-17949.exeUnicorn-1695.exeUnicorn-49443.exeUnicorn-65120.exeUnicorn-61612.exeUnicorn-15296.exeUnicorn-60572.exeUnicorn-14900.exeUnicorn-45191.exeUnicorn-22462.exeUnicorn-6016.exeUnicorn-3136.exeUnicorn-50344.exeUnicorn-62513.exeUnicorn-61325.exeUnicorn-261.exeUnicorn-41180.exeUnicorn-60178.exe

pid	process
2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe
2172	Unicorn-24447.exe
1988	Unicorn-62047.exe
2980	Unicorn-46910.exe
2656	Unicorn-25731.exe
1964	Unicorn-24422.exe
2608	Unicorn-48896.exe
2404	Unicorn-62143.exe
2408	Unicorn-58339.exe
2868	Unicorn-62719.exe
1908	Unicorn-23336.exe
3008	Unicorn-60607.exe
1640	Unicorn-22404.exe
2340	Unicorn-56638.exe
1528	Unicorn-47982.exe
2684	Unicorn-24781.exe
2700	Unicorn-24589.exe
2648	Unicorn-9523.exe
2944	Unicorn-29197.exe
440	Unicorn-7987.exe
1136	Unicorn-22522.exe
2092	Unicorn-46128.exe
1468	Unicorn-54016.exe
688	Unicorn-44592.exe
2964	Unicorn-56128.exe
2144	Unicorn-47664.exe
2120	Unicorn-4488.exe
2112	Unicorn-57965.exe
2924	Unicorn-2952.exe
2060	Unicorn-42252.exe
1616	Unicorn-25807.exe
2196	Unicorn-10757.exe
2192	Unicorn-57005.exe
2524	Unicorn-47481.exe
2644	Unicorn-19935.exe
2612	Unicorn-54082.exe
2500	Unicorn-38405.exe
2676	Unicorn-45426.exe
2428	Unicorn-57559.exe
1240	Unicorn-36750.exe
2864	Unicorn-44295.exe
2012	Unicorn-55.exe
564	Unicorn-63620.exe
1592	Unicorn-18385.exe
1760	Unicorn-29001.exe
1452	Unicorn-47367.exe
944	Unicorn-17949.exe
848	Unicorn-1695.exe
2732	Unicorn-49443.exe
2668	Unicorn-65120.exe
2096	Unicorn-61612.exe
2616	Unicorn-15296.exe
2200	Unicorn-60572.exe
2896	Unicorn-14900.exe
816	Unicorn-45191.exe
2820	Unicorn-22462.exe
1704	Unicorn-6016.exe
2284	Unicorn-3136.exe
1676	Unicorn-50344.exe
2504	Unicorn-62513.exe
1688	Unicorn-61325.exe
2080	Unicorn-261.exe
1520	Unicorn-41180.exe
1752	Unicorn-60178.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exeUnicorn-24447.exeUnicorn-46910.exeUnicorn-62047.exeUnicorn-24422.exeUnicorn-48896.exeUnicorn-25731.exeUnicorn-62143.exe

description	pid	process	target process
PID 2008 wrote to memory of 2172	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	Unicorn-24447.exe
PID 2008 wrote to memory of 2172	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	Unicorn-24447.exe
PID 2008 wrote to memory of 2172	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	Unicorn-24447.exe
PID 2008 wrote to memory of 2172	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	Unicorn-24447.exe
PID 2008 wrote to memory of 1988	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	Unicorn-62047.exe
PID 2008 wrote to memory of 1988	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	Unicorn-62047.exe
PID 2008 wrote to memory of 1988	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	Unicorn-62047.exe
PID 2008 wrote to memory of 1988	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	Unicorn-62047.exe
PID 2172 wrote to memory of 2980	2172	Unicorn-24447.exe	Unicorn-46910.exe
PID 2172 wrote to memory of 2980	2172	Unicorn-24447.exe	Unicorn-46910.exe
PID 2172 wrote to memory of 2980	2172	Unicorn-24447.exe	Unicorn-46910.exe
PID 2172 wrote to memory of 2980	2172	Unicorn-24447.exe	Unicorn-46910.exe
PID 2008 wrote to memory of 1648	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	WerFault.exe
PID 2008 wrote to memory of 1648	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	WerFault.exe
PID 2008 wrote to memory of 1648	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	WerFault.exe
PID 2008 wrote to memory of 1648	2008	9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe	WerFault.exe
PID 2980 wrote to memory of 2656	2980	Unicorn-46910.exe	Unicorn-25731.exe
PID 2980 wrote to memory of 2656	2980	Unicorn-46910.exe	Unicorn-25731.exe
PID 2980 wrote to memory of 2656	2980	Unicorn-46910.exe	Unicorn-25731.exe
PID 2980 wrote to memory of 2656	2980	Unicorn-46910.exe	Unicorn-25731.exe
PID 2172 wrote to memory of 1964	2172	Unicorn-24447.exe	Unicorn-24422.exe
PID 2172 wrote to memory of 1964	2172	Unicorn-24447.exe	Unicorn-24422.exe
PID 2172 wrote to memory of 1964	2172	Unicorn-24447.exe	Unicorn-24422.exe
PID 2172 wrote to memory of 1964	2172	Unicorn-24447.exe	Unicorn-24422.exe
PID 1988 wrote to memory of 2608	1988	Unicorn-62047.exe	Unicorn-48896.exe
PID 1988 wrote to memory of 2608	1988	Unicorn-62047.exe	Unicorn-48896.exe
PID 1988 wrote to memory of 2608	1988	Unicorn-62047.exe	Unicorn-48896.exe
PID 1988 wrote to memory of 2608	1988	Unicorn-62047.exe	Unicorn-48896.exe
PID 2172 wrote to memory of 2300	2172	Unicorn-24447.exe	WerFault.exe
PID 2172 wrote to memory of 2300	2172	Unicorn-24447.exe	WerFault.exe
PID 2172 wrote to memory of 2300	2172	Unicorn-24447.exe	WerFault.exe
PID 2172 wrote to memory of 2300	2172	Unicorn-24447.exe	WerFault.exe
PID 1964 wrote to memory of 2404	1964	Unicorn-24422.exe	Unicorn-62143.exe
PID 1964 wrote to memory of 2404	1964	Unicorn-24422.exe	Unicorn-62143.exe
PID 1964 wrote to memory of 2404	1964	Unicorn-24422.exe	Unicorn-62143.exe
PID 1964 wrote to memory of 2404	1964	Unicorn-24422.exe	Unicorn-62143.exe
PID 2608 wrote to memory of 2868	2608	Unicorn-48896.exe	Unicorn-62719.exe
PID 2608 wrote to memory of 2868	2608	Unicorn-48896.exe	Unicorn-62719.exe
PID 2608 wrote to memory of 2868	2608	Unicorn-48896.exe	Unicorn-62719.exe
PID 2608 wrote to memory of 2868	2608	Unicorn-48896.exe	Unicorn-62719.exe
PID 1988 wrote to memory of 2408	1988	Unicorn-62047.exe	Unicorn-58339.exe
PID 1988 wrote to memory of 2408	1988	Unicorn-62047.exe	Unicorn-58339.exe
PID 1988 wrote to memory of 2408	1988	Unicorn-62047.exe	Unicorn-58339.exe
PID 1988 wrote to memory of 2408	1988	Unicorn-62047.exe	Unicorn-58339.exe
PID 2656 wrote to memory of 3008	2656	Unicorn-25731.exe	Unicorn-60607.exe
PID 2656 wrote to memory of 3008	2656	Unicorn-25731.exe	Unicorn-60607.exe
PID 2656 wrote to memory of 3008	2656	Unicorn-25731.exe	Unicorn-60607.exe
PID 2656 wrote to memory of 3008	2656	Unicorn-25731.exe	Unicorn-60607.exe
PID 2980 wrote to memory of 1908	2980	Unicorn-46910.exe	Unicorn-23336.exe
PID 2980 wrote to memory of 1908	2980	Unicorn-46910.exe	Unicorn-23336.exe
PID 2980 wrote to memory of 1908	2980	Unicorn-46910.exe	Unicorn-23336.exe
PID 2980 wrote to memory of 1908	2980	Unicorn-46910.exe	Unicorn-23336.exe
PID 2980 wrote to memory of 2176	2980	Unicorn-46910.exe	WerFault.exe
PID 2980 wrote to memory of 2176	2980	Unicorn-46910.exe	WerFault.exe
PID 2980 wrote to memory of 2176	2980	Unicorn-46910.exe	WerFault.exe
PID 2980 wrote to memory of 2176	2980	Unicorn-46910.exe	WerFault.exe
PID 1988 wrote to memory of 1916	1988	Unicorn-62047.exe	WerFault.exe
PID 1988 wrote to memory of 1916	1988	Unicorn-62047.exe	WerFault.exe
PID 1988 wrote to memory of 1916	1988	Unicorn-62047.exe	WerFault.exe
PID 1988 wrote to memory of 1916	1988	Unicorn-62047.exe	WerFault.exe
PID 2404 wrote to memory of 2340	2404	Unicorn-62143.exe	Unicorn-56638.exe
PID 2404 wrote to memory of 2340	2404	Unicorn-62143.exe	Unicorn-56638.exe
PID 2404 wrote to memory of 2340	2404	Unicorn-62143.exe	Unicorn-56638.exe
PID 2404 wrote to memory of 2340	2404	Unicorn-62143.exe	Unicorn-56638.exe

C:\Users\Admin\AppData\Local\Temp\9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe
"C:\Users\Admin\AppData\Local\Temp\9b2fa4fdfa8fcae3da9e95a238d177ce879bd084624b9ff041d76fe95e61f827.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-24447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24447.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-25731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25731.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-29197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29197.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
9⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
10⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
11⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
12⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
13⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
14⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
15⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
16⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
17⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 236
16⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
15⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 236
14⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
13⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 236
12⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
11⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
10⤵
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
9⤵
- Program crash
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-48222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48222.exe
8⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
9⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
10⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-60118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60118.exe
11⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
12⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
13⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
14⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
15⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
16⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
15⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 236
14⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 236
13⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
12⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
11⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
10⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
9⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 220
8⤵
- Program crash
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-63620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63620.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
8⤵
- Program crash
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
7⤵
- Program crash
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
8⤵
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 224
9⤵
- Program crash
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
8⤵
- Program crash
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
7⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
8⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-45570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45570.exe
9⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
10⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
11⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
12⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-24841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24841.exe
13⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
14⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
15⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 236
15⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 236
14⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 236
13⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 236
12⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
11⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
10⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
9⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 216
8⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
7⤵
- Program crash
PID:2672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
6⤵
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:440

C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-5241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5241.exe
8⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
10⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 240
11⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
10⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
9⤵
PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
8⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
7⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-35017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35017.exe
9⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 240
10⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
10⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 244
11⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
10⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 220
9⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
8⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
7⤵
- Program crash
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
7⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
10⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
11⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
12⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
13⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
14⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
14⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 236
13⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 236
12⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
11⤵
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
10⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
9⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
8⤵
- Program crash
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
8⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
9⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
10⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-33175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33175.exe
11⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
12⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
13⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
14⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 236
14⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
13⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 236
12⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 236
11⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
10⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
9⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
8⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
7⤵
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 240
6⤵
- Program crash
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
9⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
10⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
11⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
12⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
13⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
14⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
15⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
16⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 236
15⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
14⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 236
13⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
12⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
11⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
10⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 216
9⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
8⤵
- Program crash
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
8⤵
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
9⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
8⤵
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
7⤵
- Program crash
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
7⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-57254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57254.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
11⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
12⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-27710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27710.exe
13⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
14⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
15⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 236
14⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 236
13⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 236
12⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
11⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
10⤵
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
9⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
8⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
7⤵
- Program crash
PID:584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
6⤵
- Program crash
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 224
7⤵
- Program crash
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
6⤵
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 224
7⤵
- Program crash
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
6⤵
- Program crash
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
5⤵
- Program crash
PID:2464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-47264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47264.exe
9⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
10⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
11⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
12⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-57261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57261.exe
13⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
14⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
15⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 224
16⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
15⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
14⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
13⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
12⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
11⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
10⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
9⤵
- Program crash
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
8⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
8⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-57866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57866.exe
11⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
12⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
13⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
14⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
15⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 236
15⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
14⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
13⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
12⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
11⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
10⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 216
9⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
8⤵
- Program crash
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 220
7⤵
- Program crash
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
8⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
11⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
12⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
13⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
14⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe
15⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 236
15⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
14⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
13⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 236
12⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 236
11⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
10⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
9⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
8⤵
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
7⤵
- Program crash
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
6⤵
- Program crash
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
8⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
10⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
11⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
12⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
13⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
14⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
15⤵
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 236
15⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 236
14⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
13⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 236
12⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 236
11⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
10⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
11⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
12⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
13⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
14⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-32336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32336.exe
15⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 236
14⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
13⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
12⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 236
11⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
10⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
9⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
7⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
9⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 220
10⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
9⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
8⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
7⤵
- Program crash
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-29498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29498.exe
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
10⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
11⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
12⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
13⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
14⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
14⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 236
13⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 236
12⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 236
11⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
9⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
7⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
6⤵
- Program crash
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
5⤵
- Program crash
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
8⤵
PID:596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 244
9⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
8⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
7⤵
- Program crash
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
7⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
9⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 240
10⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
9⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
8⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
7⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
6⤵
- Program crash
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
6⤵
- Executes dropped EXE
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
7⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
10⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
11⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
12⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 244
13⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
12⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
13⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
14⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 236
14⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 236
13⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 220
12⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 236
11⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
10⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
9⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
8⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
7⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
6⤵
- Program crash
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
5⤵
- Program crash
PID:2904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-62719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62719.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
7⤵
- Program crash
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
7⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-56455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56455.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
10⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
11⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
12⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
13⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
14⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
15⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 236
15⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
14⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 236
13⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
12⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
11⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
9⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
8⤵
- Program crash
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
7⤵
- Program crash
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
6⤵
- Program crash
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 200
7⤵
- Program crash
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
6⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
5⤵
- Program crash
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-9523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9523.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
7⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
8⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
10⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
12⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
13⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
14⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
15⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 216
14⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
13⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
12⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 236
11⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 236
10⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
9⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
8⤵
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
7⤵
- Program crash
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
6⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
7⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
10⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
11⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
12⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
13⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 236
13⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
12⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 236
11⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
8⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
7⤵
- Program crash
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
6⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
6⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
7⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
8⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-16357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16357.exe
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
10⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 220
11⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
10⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
9⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
8⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
7⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
6⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
5⤵
- Program crash
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
8⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
10⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 240
11⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
9⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-24420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24420.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-56000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56000.exe
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
10⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
11⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
12⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
13⤵
PID:8920

C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
14⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 236
14⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
13⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 236
12⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 236
11⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
10⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
9⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
7⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
8⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
7⤵
- Program crash
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
7⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
11⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
12⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
13⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
14⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
14⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
13⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 236
12⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
11⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
10⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
8⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
7⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
6⤵
- Program crash
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-16737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16737.exe
7⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
11⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
12⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
13⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
14⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 236
14⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 236
13⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 236
12⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
11⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 236
10⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
8⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 236
7⤵
- Program crash
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
6⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
7⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
10⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
11⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-5263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5263.exe
12⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
13⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
14⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
13⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 236
12⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
11⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
10⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
9⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
7⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
6⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
5⤵
- Program crash
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 244
5⤵
- Program crash
PID:2624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 220
4⤵
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
2⤵
- Program crash
PID:1648

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
Filesize
184KB

MD5
06dfe42fc2b2b35acfca86ac29bd7f47

SHA1
0f3a873810043332074b9456f29b4a0e4bd8f92c

SHA256
b1349176adf7878a78f332c293c97cbb9b340a78777039fdabf70639e1c40ab3

SHA512
b24fc90939a3fa5dbe65037653b6ff4e1a335c837b36069643757e1fabe0e91c4ca133cfd3ea2f4d5e48a7a06a4bff54da0106151b06aa88dd8aaca687602316

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
Filesize
184KB

MD5
0a253da054bd09b203eb098b0b275a60

SHA1
15b049cfe1be7369faa3adb092d2c112af72f45e

SHA256
b57d8930becba1386297978c2e6ce9921a30d8c258f6a8c709f9ec7a906490a1

SHA512
c2c31018923d0f55d51d56fe761e814b573cfe0d2eda829285f64e1fcba12baab75395488e195b91c84ff48e8755b4f4e1ae2f4115d968bd0b014f1eb343c29e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
Filesize
184KB

MD5
5b1526e7b603be61b8c24c2700900563

SHA1
6a005b44f00b23a1e77d54b262408c0c00031b2b

SHA256
d23958908f4ead4b245791e43bcac653be6ad248759eef5c43822e56055be31e

SHA512
2fca89930a1eb356ad0762ef887a350ed5160177d58f26285ba5369b69149f91a2e05b106fd47c774cedde75d8011251a178c5f9a7ffbea8a45597e0ab0510dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
Filesize
184KB

MD5
e4b71e74de331bdc1e1cb771b04ce75d

SHA1
d78285bd433a3d7fecf52d6c788fc3b946397f49

SHA256
2c43e7152e5381cea87735136171dbde7f59ce3a16abe0a5a261c687fa103964

SHA512
01ced0da443f19840698c970e2407c59e64c27ce8e866237c839b9e276b182c41f800f1d67e048d5da192bbcf6118373a1f298cd49dd27d29a06bbc49c8d00a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
Filesize
184KB

MD5
bf4d2fcf9809d8e51768b4c100e865fd

SHA1
ff9c1cb2d233bdc9c0c8131017ace6340655bdd2

SHA256
79ca18155a40b39913c8db62ace65659188bb2d125f02ce05cb6f1aa7bd0de2f

SHA512
847307383010765054b3f17fe88bb96f16087df05b68533113491979a847697e72740866fe0df4f966e3689619b29222941c4204acb5bf7e5f86cd85b80de151

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
Filesize
184KB

MD5
52741c8dd4ae0776b10c8a985daa28f4

SHA1
c2c5d9ea80722d66f147fe08c28b05c608548749

SHA256
03331f124e878795015340494fe3d8fea2f444939681e23ffce3b64d1cd754cb

SHA512
77aab6b1839f45a805ac9b9c5daabf5bf92300d28156403dcd7169d2e544dd5369ab1157672f9eea18b0145311ec3405f484549ee384d7da199d286cb40b9ec1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24447.exe
Filesize
184KB

MD5
374db5f181e389247f1c28e3d5dde4f2

SHA1
ac5b590d05a7862c2c27692859260234bba6786a

SHA256
f2fe85ad61d5441d3fc3a8a2b7ebe9498b20f8880215e824e72ab2a284c1ca43

SHA512
4414f23110d6ed6e45d99cb115963f4e5e4063b4638ec20a13f82c46dfc62309bc7baf7b05d66f416450562d6baa67a9cb2cb819841154e076c4f7e8973abdfc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25731.exe
Filesize
184KB

MD5
8ceb46445280777ce7bfda7d15bbd12a

SHA1
359ed6dd45e1d813159422587d0b0729e9ced867

SHA256
250f12d400d01f84f7d95ff42f5fe64fce414570d86214a319d186a6b161018d

SHA512
745695f3e0643112e99d9371de50feeb0a7f74f52da9f08b56c0c719ab1a6c84735d73377f92ce94c91e24794d6dc1242ef1f356d8f900197fcf5bc54468ead4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
Filesize
184KB

MD5
b15a630bff9e29113954a1b2cf6541b6

SHA1
3ec27ceb273b86e6ce83e35f5acee79c701de66d

SHA256
9e81a216f08884e26a34b26dee15d26d635bcfeda632c1f7fb5d651127856639

SHA512
c6b7615553a3a539a441fda4ba198546d3fdf36857bc106310311e1fc2144acc2c4ae4a14b7e5e1a3affb93e362b113c84f38ba3dd247a7bc9bf32e0b2c442ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
Filesize
184KB

MD5
0bb4da3a02a7388ff343103343f3d9d3

SHA1
bf349804c9e5ca22f0f98adc93e76d2082dde1f8

SHA256
e1cfb6af6f3e8abf14c45dd2dfbf680abd2d1a97d202c03d48634d920ec266dd

SHA512
2414a645061025c4b602f3b4f8cf9c65ca55f9eb4477b88d254916e9b522486aa8f4560130e9d5ee74bcaf5f1c095296c374788a00778436134d2f556f6465b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
Filesize
184KB

MD5
58517eea60955a4c0b349b083778f693

SHA1
c39a9ddbdaf1e36607dc45a07d23c676de34fc69

SHA256
f240a282e17cfc756de6b9a104d09b435149352e9f624b3006c3de2155c62f88

SHA512
4ffca98e553af5a50cc8b9760bed8027ac0816b49794e67e9d5c605f9ae9f1be560bcf864151b667d06f2fa4e81bd80ba1c0aa082655dde7c59a242ab88546d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
Filesize
184KB

MD5
4af04a960353843bebf927bd75e226ef

SHA1
5a80aab440de7236d09427fc620d154d20bd4506

SHA256
4637f2ec2370575b12dbd8cc43f39c8aacd235d880de680e91bd7033b9898c7a

SHA512
0f4b90398d7314b3746dec07999e75b4b245cc3390d9f620817da484546856c01838dad5fb93f68ac8b384a4493ecc879950dea26de79aa9189d2682ace5cd19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
Filesize
184KB

MD5
ed29ec52af3837522284014aac264023

SHA1
a15636232acbaa9d41caa167b6b8c5326c5bfd13

SHA256
d565ac3b0b37c34f4205cc08fbbee0f96f843798a11f93c9c1b84b31d4839f11

SHA512
78f462540e4748fdd52da789b2bc3e14af946233d035534aa7ba6febb79605891108ace74f8e6a63ca8327012d9c69091744694ea80b14009f4d373a17a26c8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
Filesize
184KB

MD5
078587d4f4c67d8768f9e4d256ec0c96

SHA1
c238e334890e5456655a7ad7f1fc59e38fba366d

SHA256
5845875d4f74a74862139ae0bf415fdabb84eac93d33d6fc3931ddee426567d1

SHA512
7d1439dd6d3fe7bda8bf1171c48cabbb2146c3bf7c80732a82c5cf815b1f6336632c7937e7261a7b975ccd89da269edd9a66779abac1d951611bb762bc550b89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
Filesize
184KB

MD5
11e81a542e4a248b3526db840a9c3c37

SHA1
59aa849b7c747dda20bdec2d35eec89a8dfd4337

SHA256
aaa201ac1e78b26c736162ce7a43c1f439a927f14577a233f88bdcc751051d3c

SHA512
c986efffb5140ab868c89f7b3a0dc87040ebec61bdf80ca54b1bbae4367addb39a0ecd8e1b64b3043faabf1f27ef6b0f3af6fea30acd8ecad59b9bc97a8310f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62719.exe
Filesize
184KB

MD5
1b2a919f2af1246b3bb60859ba147fc6

SHA1
89a04e719930839b38e3cb03d96aad52d045938a

SHA256
ef7a8907cb25e7fe0dfb6752ecb79f68aba47111d99cde30742f3f0754125b51

SHA512
c0e4137e67231db8cf90a7ec9756a4efa6837db576a8501bb6f4f081b7db64e00ac47095943bacc9f4c8b2c29bce6c7bf53037b7829f36b436cbeb868de4ab2f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads