a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe
Size

184KB
MD5

32591b880ac9ffa50660cefa841120c3
SHA1

cc92fe9ff69c86af53f7adaf1d4654bf34911ecb
SHA256

a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422
SHA512

f2e0f77806f966a4f053512dcc7a7bf6325d7f457fec271de2e408b0f50f5db559e8a2be12aee415fc20749020230784dcb106a7a4a96fda3b32c817d8845ba7
SSDEEP

3072:6be4r8ofO4hKdFaWe8wLRts7hlnViFFn3:6bGofGFafLbs7hlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-3362.exeUnicorn-30169.exeUnicorn-60381.exeUnicorn-57429.exeUnicorn-52395.exeUnicorn-28597.exeUnicorn-48099.exeUnicorn-32832.exeUnicorn-13200.exeUnicorn-58872.exeUnicorn-18518.exeUnicorn-45606.exeUnicorn-4350.exeUnicorn-17733.exeUnicorn-21267.exeUnicorn-52508.exeUnicorn-2046.exeUnicorn-32597.exeUnicorn-17714.exeUnicorn-46556.exeUnicorn-54683.exeUnicorn-22395.exeUnicorn-52031.exeUnicorn-25737.exeUnicorn-4631.exeUnicorn-37112.exeUnicorn-32513.exeUnicorn-33.exeUnicorn-4447.exeUnicorn-62776.exeUnicorn-60960.exeUnicorn-62968.exeUnicorn-15761.exeUnicorn-14260.exeUnicorn-35060.exeUnicorn-15236.exeUnicorn-60908.exeUnicorn-26420.exeUnicorn-59668.exeUnicorn-61676.exeUnicorn-7322.exeUnicorn-46181.exeUnicorn-57364.exeUnicorn-63970.exeUnicorn-26123.exeUnicorn-5278.exeUnicorn-4764.exeUnicorn-20572.exeUnicorn-36799.exeUnicorn-47053.exeUnicorn-48013.exeUnicorn-31978.exeUnicorn-39330.exeUnicorn-36275.exeUnicorn-14105.exeUnicorn-43457.exeUnicorn-24551.exeUnicorn-2720.exeUnicorn-68.exeUnicorn-2912.exeUnicorn-48584.exeUnicorn-53566.exeUnicorn-36545.exeUnicorn-31588.exe

pid	process
2748	Unicorn-3362.exe
2932	Unicorn-30169.exe
2896	Unicorn-60381.exe
2588	Unicorn-57429.exe
2556	Unicorn-52395.exe
2196	Unicorn-28597.exe
556	Unicorn-48099.exe
2372	Unicorn-32832.exe
1588	Unicorn-13200.exe
2636	Unicorn-58872.exe
1704	Unicorn-18518.exe
1200	Unicorn-45606.exe
2200	Unicorn-4350.exe
1656	Unicorn-17733.exe
3052	Unicorn-21267.exe
3016	Unicorn-52508.exe
2780	Unicorn-2046.exe
2988	Unicorn-32597.exe
1160	Unicorn-17714.exe
1052	Unicorn-46556.exe
1352	Unicorn-54683.exe
2972	Unicorn-22395.exe
2824	Unicorn-52031.exe
1516	Unicorn-25737.exe
1224	Unicorn-4631.exe
1676	Unicorn-37112.exe
1544	Unicorn-32513.exe
780	Unicorn-33.exe
2744	Unicorn-4447.exe
1708	Unicorn-62776.exe
2124	Unicorn-60960.exe
2536	Unicorn-62968.exe
2592	Unicorn-15761.exe
2724	Unicorn-14260.exe
2396	Unicorn-35060.exe
2392	Unicorn-15236.exe
2712	Unicorn-60908.exe
2448	Unicorn-26420.exe
576	Unicorn-59668.exe
1304	Unicorn-61676.exe
1672	Unicorn-7322.exe
2600	Unicorn-46181.exe
2572	Unicorn-57364.exe
1780	Unicorn-63970.exe
2464	Unicorn-26123.exe
2776	Unicorn-5278.exe
700	Unicorn-4764.exe
1804	Unicorn-20572.exe
1824	Unicorn-36799.exe
828	Unicorn-47053.exe
2884	Unicorn-48013.exe
1412	Unicorn-31978.exe
2036	Unicorn-39330.exe
1768	Unicorn-36275.exe
2540	Unicorn-14105.exe
2528	Unicorn-43457.exe
2484	Unicorn-24551.exe
2732	Unicorn-2720.exe
2904	Unicorn-68.exe
2840	Unicorn-2912.exe
1480	Unicorn-48584.exe
1688	Unicorn-53566.exe
1692	Unicorn-36545.exe
2692	Unicorn-31588.exe

Loads dropped DLL 64 IoCs

Processes:

a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exeUnicorn-3362.exeUnicorn-30169.exeUnicorn-60381.exeWerFault.exeUnicorn-52395.exeUnicorn-28597.exeUnicorn-57429.exeWerFault.exeWerFault.exeUnicorn-48099.exeUnicorn-32832.exeUnicorn-13200.exeUnicorn-58872.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe
1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe
2748	Unicorn-3362.exe
1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe
2748	Unicorn-3362.exe
1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe
2932	Unicorn-30169.exe
2932	Unicorn-30169.exe
2748	Unicorn-3362.exe
2748	Unicorn-3362.exe
2896	Unicorn-60381.exe
2896	Unicorn-60381.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2556	Unicorn-52395.exe
2556	Unicorn-52395.exe
2196	Unicorn-28597.exe
2196	Unicorn-28597.exe
2588	Unicorn-57429.exe
2588	Unicorn-57429.exe
2932	Unicorn-30169.exe
2932	Unicorn-30169.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
556	Unicorn-48099.exe
556	Unicorn-48099.exe
2556	Unicorn-52395.exe
2556	Unicorn-52395.exe
2372	Unicorn-32832.exe
2372	Unicorn-32832.exe
2196	Unicorn-28597.exe
2196	Unicorn-28597.exe
1588	Unicorn-13200.exe
1588	Unicorn-13200.exe
2588	Unicorn-57429.exe
2588	Unicorn-57429.exe
2636	Unicorn-58872.exe
2636	Unicorn-58872.exe
596	WerFault.exe
596	WerFault.exe
596	WerFault.exe
596	WerFault.exe
596	WerFault.exe
1940	WerFault.exe
1940	WerFault.exe
1940	WerFault.exe
1940	WerFault.exe
1940	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1132	1368	WerFault.exe	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe
2876	2748	WerFault.exe	Unicorn-3362.exe
948	2896	WerFault.exe	Unicorn-60381.exe
1996	2932	WerFault.exe	Unicorn-30169.exe
596	2556	WerFault.exe	Unicorn-52395.exe
1940	2196	WerFault.exe	Unicorn-28597.exe
1628	2588	WerFault.exe	Unicorn-57429.exe
2856	556	WerFault.exe	Unicorn-48099.exe
2084	2372	WerFault.exe	Unicorn-32832.exe
1600	1588	WerFault.exe	Unicorn-13200.exe
1348	2636	WerFault.exe	Unicorn-58872.exe
2524	1052	WerFault.exe	Unicorn-46556.exe
1644	1200	WerFault.exe	Unicorn-45606.exe
1536	1704	WerFault.exe	Unicorn-18518.exe
792	3016	WerFault.exe	Unicorn-52508.exe
3068	3052	WerFault.exe	Unicorn-21267.exe
2984	2200	WerFault.exe	Unicorn-4350.exe
1564	1656	WerFault.exe	Unicorn-17733.exe
1684	2780	WerFault.exe	Unicorn-2046.exe
2868	2988	WerFault.exe	Unicorn-32597.exe
1604	1672	WerFault.exe	Unicorn-7322.exe
568	1160	WerFault.exe	Unicorn-17714.exe
2488	1352	WerFault.exe	Unicorn-54683.exe
2516	1224	WerFault.exe	Unicorn-4631.exe
2348	1412	WerFault.exe	Unicorn-31978.exe
1912	2396	WerFault.exe	Unicorn-35060.exe
2100	2972	WerFault.exe	Unicorn-22395.exe
2500	2744	WerFault.exe	Unicorn-4447.exe
848	1708	WerFault.exe	Unicorn-62776.exe
1272	2592	WerFault.exe	Unicorn-15761.exe
528	1676	WerFault.exe	Unicorn-37112.exe
1388	2572	WerFault.exe	Unicorn-57364.exe
2688	2448	WerFault.exe	Unicorn-26420.exe
2428	1780	WerFault.exe	Unicorn-63970.exe
1592	2712	WerFault.exe	Unicorn-60908.exe
1020	2464	WerFault.exe	Unicorn-26123.exe
2176	2392	WerFault.exe	Unicorn-15236.exe
2248	576	WerFault.exe	Unicorn-59668.exe
1320	1544	WerFault.exe	Unicorn-32513.exe
3136	780	WerFault.exe	Unicorn-33.exe
3212	2600	WerFault.exe	Unicorn-46181.exe
3304	1196	WerFault.exe	Unicorn-198.exe
3464	616	WerFault.exe	Unicorn-398.exe
3524	2540	WerFault.exe	Unicorn-14105.exe
3556	840	WerFault.exe	Unicorn-18398.exe
3592	828	WerFault.exe	Unicorn-47053.exe
3628	2724	WerFault.exe	Unicorn-14260.exe
3644	700	WerFault.exe	Unicorn-4764.exe
3724	2824	WerFault.exe	Unicorn-52031.exe
3740	1516	WerFault.exe	Unicorn-25737.exe
3956	1304	WerFault.exe	Unicorn-61676.exe
3972	2536	WerFault.exe	Unicorn-62968.exe
3996	2124	WerFault.exe	Unicorn-60960.exe
4040	340	WerFault.exe	Unicorn-49710.exe
3244	2884	WerFault.exe	Unicorn-48013.exe
3288	2120	WerFault.exe	Unicorn-18424.exe
3312	1768	WerFault.exe	Unicorn-36275.exe
3408	2680	WerFault.exe	Unicorn-16338.exe
3416	1932	WerFault.exe	Unicorn-64661.exe
3668	1804	WerFault.exe	Unicorn-20572.exe
3776	2528	WerFault.exe	Unicorn-43457.exe
3792	2624	WerFault.exe	Unicorn-12315.exe
3820	2776	WerFault.exe	Unicorn-5278.exe
3944	1884	WerFault.exe	Unicorn-19166.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exeUnicorn-3362.exeUnicorn-30169.exeUnicorn-60381.exeUnicorn-57429.exeUnicorn-52395.exeUnicorn-28597.exeUnicorn-48099.exeUnicorn-32832.exeUnicorn-13200.exeUnicorn-58872.exeUnicorn-18518.exeUnicorn-45606.exeUnicorn-4350.exeUnicorn-52508.exeUnicorn-21267.exeUnicorn-17733.exeUnicorn-2046.exeUnicorn-17714.exeUnicorn-32597.exeUnicorn-46556.exeUnicorn-54683.exeUnicorn-22395.exeUnicorn-25737.exeUnicorn-52031.exeUnicorn-4631.exeUnicorn-32513.exeUnicorn-37112.exeUnicorn-33.exeUnicorn-4447.exeUnicorn-62776.exeUnicorn-62968.exeUnicorn-60960.exeUnicorn-15761.exeUnicorn-14260.exeUnicorn-35060.exeUnicorn-15236.exeUnicorn-60908.exeUnicorn-26420.exeUnicorn-59668.exeUnicorn-61676.exeUnicorn-46181.exeUnicorn-57364.exeUnicorn-63970.exeUnicorn-7322.exeUnicorn-26123.exeUnicorn-5278.exeUnicorn-4764.exeUnicorn-20572.exeUnicorn-36799.exeUnicorn-47053.exeUnicorn-48013.exeUnicorn-31978.exeUnicorn-39330.exeUnicorn-36275.exeUnicorn-14105.exeUnicorn-43457.exeUnicorn-24551.exeUnicorn-68.exeUnicorn-2720.exeUnicorn-48584.exeUnicorn-2912.exeUnicorn-53566.exeUnicorn-36545.exe

pid	process
1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe
2748	Unicorn-3362.exe
2932	Unicorn-30169.exe
2896	Unicorn-60381.exe
2588	Unicorn-57429.exe
2556	Unicorn-52395.exe
2196	Unicorn-28597.exe
556	Unicorn-48099.exe
2372	Unicorn-32832.exe
1588	Unicorn-13200.exe
2636	Unicorn-58872.exe
1704	Unicorn-18518.exe
1200	Unicorn-45606.exe
2200	Unicorn-4350.exe
3016	Unicorn-52508.exe
3052	Unicorn-21267.exe
1656	Unicorn-17733.exe
2780	Unicorn-2046.exe
1160	Unicorn-17714.exe
2988	Unicorn-32597.exe
1052	Unicorn-46556.exe
1352	Unicorn-54683.exe
2972	Unicorn-22395.exe
1516	Unicorn-25737.exe
2824	Unicorn-52031.exe
1224	Unicorn-4631.exe
1544	Unicorn-32513.exe
1676	Unicorn-37112.exe
780	Unicorn-33.exe
2744	Unicorn-4447.exe
1708	Unicorn-62776.exe
2536	Unicorn-62968.exe
2124	Unicorn-60960.exe
2592	Unicorn-15761.exe
2724	Unicorn-14260.exe
2396	Unicorn-35060.exe
2392	Unicorn-15236.exe
2712	Unicorn-60908.exe
2448	Unicorn-26420.exe
576	Unicorn-59668.exe
1304	Unicorn-61676.exe
2600	Unicorn-46181.exe
2572	Unicorn-57364.exe
1780	Unicorn-63970.exe
1672	Unicorn-7322.exe
2464	Unicorn-26123.exe
2776	Unicorn-5278.exe
700	Unicorn-4764.exe
1804	Unicorn-20572.exe
1824	Unicorn-36799.exe
828	Unicorn-47053.exe
2884	Unicorn-48013.exe
1412	Unicorn-31978.exe
2036	Unicorn-39330.exe
1768	Unicorn-36275.exe
2540	Unicorn-14105.exe
2528	Unicorn-43457.exe
2484	Unicorn-24551.exe
2904	Unicorn-68.exe
2732	Unicorn-2720.exe
1480	Unicorn-48584.exe
2840	Unicorn-2912.exe
1688	Unicorn-53566.exe
1692	Unicorn-36545.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exeUnicorn-3362.exeUnicorn-30169.exeUnicorn-60381.exeUnicorn-52395.exeUnicorn-28597.exeUnicorn-57429.exeUnicorn-48099.exe

description	pid	process	target process
PID 1368 wrote to memory of 2748	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	Unicorn-3362.exe
PID 1368 wrote to memory of 2748	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	Unicorn-3362.exe
PID 1368 wrote to memory of 2748	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	Unicorn-3362.exe
PID 1368 wrote to memory of 2748	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	Unicorn-3362.exe
PID 2748 wrote to memory of 2932	2748	Unicorn-3362.exe	Unicorn-30169.exe
PID 2748 wrote to memory of 2932	2748	Unicorn-3362.exe	Unicorn-30169.exe
PID 2748 wrote to memory of 2932	2748	Unicorn-3362.exe	Unicorn-30169.exe
PID 2748 wrote to memory of 2932	2748	Unicorn-3362.exe	Unicorn-30169.exe
PID 1368 wrote to memory of 2896	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	Unicorn-60381.exe
PID 1368 wrote to memory of 2896	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	Unicorn-60381.exe
PID 1368 wrote to memory of 2896	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	Unicorn-60381.exe
PID 1368 wrote to memory of 2896	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	Unicorn-60381.exe
PID 1368 wrote to memory of 1132	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	WerFault.exe
PID 1368 wrote to memory of 1132	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	WerFault.exe
PID 1368 wrote to memory of 1132	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	WerFault.exe
PID 1368 wrote to memory of 1132	1368	a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe	WerFault.exe
PID 2932 wrote to memory of 2588	2932	Unicorn-30169.exe	Unicorn-57429.exe
PID 2932 wrote to memory of 2588	2932	Unicorn-30169.exe	Unicorn-57429.exe
PID 2932 wrote to memory of 2588	2932	Unicorn-30169.exe	Unicorn-57429.exe
PID 2932 wrote to memory of 2588	2932	Unicorn-30169.exe	Unicorn-57429.exe
PID 2748 wrote to memory of 2556	2748	Unicorn-3362.exe	Unicorn-52395.exe
PID 2748 wrote to memory of 2556	2748	Unicorn-3362.exe	Unicorn-52395.exe
PID 2748 wrote to memory of 2556	2748	Unicorn-3362.exe	Unicorn-52395.exe
PID 2748 wrote to memory of 2556	2748	Unicorn-3362.exe	Unicorn-52395.exe
PID 2896 wrote to memory of 2196	2896	Unicorn-60381.exe	Unicorn-28597.exe
PID 2896 wrote to memory of 2196	2896	Unicorn-60381.exe	Unicorn-28597.exe
PID 2896 wrote to memory of 2196	2896	Unicorn-60381.exe	Unicorn-28597.exe
PID 2896 wrote to memory of 2196	2896	Unicorn-60381.exe	Unicorn-28597.exe
PID 2748 wrote to memory of 2876	2748	Unicorn-3362.exe	WerFault.exe
PID 2748 wrote to memory of 2876	2748	Unicorn-3362.exe	WerFault.exe
PID 2748 wrote to memory of 2876	2748	Unicorn-3362.exe	WerFault.exe
PID 2748 wrote to memory of 2876	2748	Unicorn-3362.exe	WerFault.exe
PID 2556 wrote to memory of 556	2556	Unicorn-52395.exe	Unicorn-48099.exe
PID 2556 wrote to memory of 556	2556	Unicorn-52395.exe	Unicorn-48099.exe
PID 2556 wrote to memory of 556	2556	Unicorn-52395.exe	Unicorn-48099.exe
PID 2556 wrote to memory of 556	2556	Unicorn-52395.exe	Unicorn-48099.exe
PID 2196 wrote to memory of 2372	2196	Unicorn-28597.exe	Unicorn-32832.exe
PID 2196 wrote to memory of 2372	2196	Unicorn-28597.exe	Unicorn-32832.exe
PID 2196 wrote to memory of 2372	2196	Unicorn-28597.exe	Unicorn-32832.exe
PID 2196 wrote to memory of 2372	2196	Unicorn-28597.exe	Unicorn-32832.exe
PID 2896 wrote to memory of 948	2896	Unicorn-60381.exe	WerFault.exe
PID 2896 wrote to memory of 948	2896	Unicorn-60381.exe	WerFault.exe
PID 2896 wrote to memory of 948	2896	Unicorn-60381.exe	WerFault.exe
PID 2896 wrote to memory of 948	2896	Unicorn-60381.exe	WerFault.exe
PID 2588 wrote to memory of 1588	2588	Unicorn-57429.exe	Unicorn-13200.exe
PID 2588 wrote to memory of 1588	2588	Unicorn-57429.exe	Unicorn-13200.exe
PID 2588 wrote to memory of 1588	2588	Unicorn-57429.exe	Unicorn-13200.exe
PID 2588 wrote to memory of 1588	2588	Unicorn-57429.exe	Unicorn-13200.exe
PID 2932 wrote to memory of 2636	2932	Unicorn-30169.exe	Unicorn-58872.exe
PID 2932 wrote to memory of 2636	2932	Unicorn-30169.exe	Unicorn-58872.exe
PID 2932 wrote to memory of 2636	2932	Unicorn-30169.exe	Unicorn-58872.exe
PID 2932 wrote to memory of 2636	2932	Unicorn-30169.exe	Unicorn-58872.exe
PID 2932 wrote to memory of 1996	2932	Unicorn-30169.exe	WerFault.exe
PID 2932 wrote to memory of 1996	2932	Unicorn-30169.exe	WerFault.exe
PID 2932 wrote to memory of 1996	2932	Unicorn-30169.exe	WerFault.exe
PID 2932 wrote to memory of 1996	2932	Unicorn-30169.exe	WerFault.exe
PID 556 wrote to memory of 1704	556	Unicorn-48099.exe	Unicorn-18518.exe
PID 556 wrote to memory of 1704	556	Unicorn-48099.exe	Unicorn-18518.exe
PID 556 wrote to memory of 1704	556	Unicorn-48099.exe	Unicorn-18518.exe
PID 556 wrote to memory of 1704	556	Unicorn-48099.exe	Unicorn-18518.exe
PID 2556 wrote to memory of 1200	2556	Unicorn-52395.exe	Unicorn-45606.exe
PID 2556 wrote to memory of 1200	2556	Unicorn-52395.exe	Unicorn-45606.exe
PID 2556 wrote to memory of 1200	2556	Unicorn-52395.exe	Unicorn-45606.exe
PID 2556 wrote to memory of 1200	2556	Unicorn-52395.exe	Unicorn-45606.exe

C:\Users\Admin\AppData\Local\Temp\a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe
"C:\Users\Admin\AppData\Local\Temp\a269be0d95b8d90a83267f6a16f5597346900098271e0dcf0ed07ffe3a5ef422.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-15761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15761.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
10⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
11⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
12⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
13⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
14⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
15⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
16⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 236
15⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 236
14⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
13⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
12⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
11⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
10⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
9⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
10⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
11⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
12⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
13⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
14⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-3505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3505.exe
15⤵
PID:9080

C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
16⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 236
15⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
14⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
13⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
12⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
11⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
10⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
9⤵
- Program crash
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
9⤵
PID:616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
10⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
11⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
12⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
13⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
14⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
14⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
13⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
12⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
11⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
10⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
9⤵
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
8⤵
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
9⤵
- Program crash
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
8⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
10⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
11⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 240
12⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
11⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
9⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
8⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
7⤵
- Program crash
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-52031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52031.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
11⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
12⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
13⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
14⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
14⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
13⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
12⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 236
11⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
10⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
9⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
8⤵
- Program crash
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
9⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
11⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-35176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35176.exe
12⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
13⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 236
12⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 236
11⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
8⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
7⤵
- Program crash
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
6⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
8⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
10⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
11⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-19587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19587.exe
12⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
13⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
14⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
15⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
14⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
13⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
12⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
11⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
10⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
9⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
8⤵
- Program crash
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
7⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-9293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9293.exe
8⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
10⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
11⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
12⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
13⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
14⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
13⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
12⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 236
11⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
10⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
9⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
8⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
7⤵
- Program crash
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
7⤵
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
6⤵
- Program crash
PID:3068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-35060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35060.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-52230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52230.exe
9⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
10⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
11⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
12⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
13⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-58407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58407.exe
14⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
14⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 236
13⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
12⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
11⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
10⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
9⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 248
8⤵
- Program crash
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
10⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 224
11⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
10⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
9⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
8⤵
- Program crash
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
7⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
9⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
10⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
11⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
12⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
13⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
14⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
13⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 236
11⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 236
10⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
9⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
8⤵
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
7⤵
- Program crash
PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
6⤵
- Program crash
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
11⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
12⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
13⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
13⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
12⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
11⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 236
10⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 240
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
8⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
7⤵
- Program crash
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
7⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-34403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34403.exe
8⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-50108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50108.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
10⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
11⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-55972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55972.exe
12⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 236
12⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 236
11⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
10⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 236
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
8⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 216
7⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
6⤵
- Program crash
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
5⤵
- Program crash
PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
9⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
10⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
11⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 224
12⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 216
11⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
10⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
9⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
10⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
11⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
12⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
13⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
14⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
15⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 236
14⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
13⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
12⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
11⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
10⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
9⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
8⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
9⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-7829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7829.exe
10⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
11⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
12⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
13⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
14⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
14⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
13⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
12⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
11⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
10⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
9⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
8⤵
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-4764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4764.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
8⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
9⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
10⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
11⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
12⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
13⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 240
14⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
13⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
12⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
11⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
10⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
9⤵
- Program crash
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
8⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-47278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47278.exe
10⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
11⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
12⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
13⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
14⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
14⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
13⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
12⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
11⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
10⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
9⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 220
8⤵
- Program crash
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
7⤵
- Program crash
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
8⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
9⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
10⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
11⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
12⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
13⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
14⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 236
14⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
13⤵
PID:2180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 236
12⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
11⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
10⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
9⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
8⤵
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-53055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53055.exe
9⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-31122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31122.exe
10⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
11⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
12⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
13⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
14⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 236
13⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 236
12⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 236
11⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 216
10⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 216
9⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
8⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
7⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
9⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
10⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
11⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
12⤵
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 220
13⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 236
12⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 236
11⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
10⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
9⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
8⤵
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
7⤵
- Program crash
PID:848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
6⤵
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 224
6⤵
- Program crash
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
5⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60960.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-36799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36799.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
8⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
10⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
11⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
12⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
13⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
14⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
15⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 236
14⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
13⤵
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
12⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 236
11⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 216
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
10⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
11⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
12⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
13⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
13⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 236
12⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
11⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 236
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
9⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
7⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-31814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31814.exe
10⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
11⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
12⤵
PID:8832

C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
13⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
13⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 236
12⤵
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 236
11⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
9⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
8⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
7⤵
- Program crash
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 248
6⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-62968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62968.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-47053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47053.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
7⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-48033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48033.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
11⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
12⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
13⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
13⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
12⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
11⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
10⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
9⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
8⤵
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
7⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
6⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
7⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
8⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
10⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
11⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
12⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
11⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 236
10⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 236
9⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
8⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
7⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
6⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
5⤵
- Program crash
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-36545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36545.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
10⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe
11⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
12⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
13⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
14⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
14⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
13⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
12⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
11⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
10⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
9⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
8⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-31588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31588.exe
7⤵
- Executes dropped EXE
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-18735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18735.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
11⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
12⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
13⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
13⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 236
12⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 236
11⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
10⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
8⤵
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
7⤵
- Program crash
PID:528

C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
7⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
8⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
10⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
11⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
12⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-14452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14452.exe
13⤵
PID:8216

C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
14⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
13⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
12⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
11⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
9⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
8⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
7⤵
- Program crash
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
6⤵
- Program crash
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-32513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32513.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
8⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
10⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
11⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 224
12⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
11⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
10⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
9⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
8⤵
- Program crash
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
7⤵
- Program crash
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
7⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
8⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
10⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
11⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
12⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 236
12⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 236
11⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 236
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
8⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
7⤵
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
6⤵
- Program crash
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 220
5⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-25737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25737.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-15236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15236.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
7⤵
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 244
8⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
7⤵
- Program crash
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
6⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
7⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
9⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
10⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
11⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
12⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
12⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
10⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
8⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
7⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
6⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
6⤵
PID:840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 200
7⤵
- Program crash
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
6⤵
- Program crash
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
5⤵
- Program crash
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
2⤵
- Program crash
PID:1132

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
Filesize
184KB

MD5
4a1af236e8d563b457cf0a74e3d2141f

SHA1
59f13b4b3e43c2fda26750f086c23191a60afc95

SHA256
6ce9a27a513058212b210c12e966ef5658b273105560fc2336e11d3e31c12478

SHA512
26e1aecc9cedfd5a7ca4c40e20c791a7662170f78ee2a723d81824fc4afb105a980d45a606c904f7af549d3138edb4f41a1cba4d8643034006d66d84db56b8cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
Filesize
184KB

MD5
48a6a3e6e0999936f896929a1c31c48f

SHA1
196e2dc924a722ee3b6ef5621a8881eec30659c0

SHA256
133ae04bb8d1efb165367c81e209172759c6e12c14d79d290a934a7f77dd4a9b

SHA512
33c308b57a31db32dd5114fd87827c0f1deca1743f43c3f85395c52cf8ee628a754c35a24941554efd66dd203c75683f1b87ce6e67d506a3f6dbbf7a8836fcea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
Filesize
184KB

MD5
58dd76d1b08af5797ac2b5d7cfd8dd08

SHA1
836ba8f227aa3456e2e98f7747199043abbdc2d6

SHA256
2a16112cad2b84c2ccab189eb97ace5e42ededd9530fa899f56258e10f2010d3

SHA512
005dd4635e2e46d8a05d438ddaf3712ae927aeb7f5cfe054f95714d37f3982f606aadbde936327bdb3d97b06c634cf8380cfd69b2f50b900484f8cebcac3f11a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
Filesize
184KB

MD5
e49b6fbc28af4c9aed092c70cf19be53

SHA1
22cdbf08599795af16aa739e3d5908c43b12282c

SHA256
94037ac5bb21111646101248afe52c8d805a518f3f97c727d901efcc8e59389e

SHA512
89f7af0a52492545cb2cdf0bcbf0649899b9d8e9b58a2005248f7561671c48f103108cfaa9919a0f8263569cfb445dec96a3f992390041d8bbe3fa744bf0fbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
Filesize
184KB

MD5
b28c901aa99bf63528229ed9955430f6

SHA1
4918a84c74669e31e7fc97b20999738f07f9d57a

SHA256
c0982c9c64b868cd501b9c61a19287a11f9e7dfdd9204cc215d08a68fc6181a1

SHA512
ed3c3916e793008f04ae69588837f6df32362e1d29184ceaf648dc2c07ab0c131992cd2f728d841fb31bbd0470ea4631a6fe43650f09d6569ae3b9a4a3d8631d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
Filesize
184KB

MD5
9e463154e9d6cf9976e085d5394d78d2

SHA1
079fcccd9afa5698fade888a63b8a1ccc1f1a38c

SHA256
6a46c17fca537d3ca7d22fe0a764e2ad2b256438a3673fe50922b8123e64d5d4

SHA512
2680a28895c46e55cf1d56a28ee4bbac719ce025976cbb7cc63a5fde87ea794a0221330d8ad2c9e3392dd0589bff5052c4f9a0c3c41afae96f9bf07ff1dc7e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
Filesize
184KB

MD5
c8e3ecde7026377c4d31b263cbc3c770

SHA1
e778d395adb23a5957f0f08fce8fd7a9f5766874

SHA256
3fc871ac85a6035a4a0ab93feeca64d2bd54da5c2d149e37b7c50c23d89598a2

SHA512
d8a85e3fb357c03990951faf8118a3c0b3fadef8df842f8cc3af2be31a8475dd248aa2515729fd22acbb7a4e0418c5d7a743c3216ba2b62e3ab664f57c4d9af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
Filesize
184KB

MD5
01e8614e0101ce0532f8f5a8501177d7

SHA1
a6962c2c5dd1e2816e4c8614d86fef9fa3e1792a

SHA256
0c87808c08111731facd4a3fbc8f554292fcf25bdbe697f839f2a19e8c405aff

SHA512
45b7408d83777e7cb2f67dd72b073fa103201fa1e82a3af99d55fc67a112a67128f302b7995d0f4bc7a26b888d76c5879b65d5cfda089d7a8dc3f5680482650a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
Filesize
184KB

MD5
d6328b0f0cab381564a444fdfc370534

SHA1
04e6caee2152eb0b552f64d45adbcb0fc879eda2

SHA256
e6769212957bd827f09e79e39f2631b63ce9ce5bf14de6a42338855b80f75c3b

SHA512
02ce5ec146d8d9472813ab7049ee1bbcf5a670836c4d6454df6e2f52bcf5282cfe54abbf6c6b7eb519707958f241fede75a255b47519df129430ef334c065213

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
Filesize
184KB

MD5
15071e0f4d93aaa2bb51ba8026a54296

SHA1
cfadacbf5acdc1b34a61a8f36fcb2bb435eb0e1a

SHA256
f780178ccfc6d9f222d5a3c89ce018292fa27529ddd4e65933b58d399649e0c6

SHA512
3e27b143f8cb0577dd786232d9ca28c169e28d012af1922e957715989ec25300be0e54dc388537634f94173013c31b19f534b895cc9997ab1730a4cb239947f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
Filesize
184KB

MD5
51fe50a73e1abeec26dff8e02fd4a726

SHA1
69755d76b62f2921849feb866fbd89660ea8de4a

SHA256
2342584698ff3c2cfafa946a268bc058d185f655efb81c59f0ef674c22005cb3

SHA512
129c613b2237c4db97fee3b8160f66279965aeba631ab494866cc8d53a1d04b3119c7cfa9ba7c6368cdc23a7e72ed923cda565f7526718a7530dc9e2536e29d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
Filesize
184KB

MD5
388d0f4e78b994ec58f4ec2d65b87452

SHA1
9c3204f294be29400344da3034964d651ab42a26

SHA256
5988b2da937edb8aaa2595dda47fcb5a3de79dfb57b15c346ea7b42d155fc919

SHA512
c3b48051712c575b52b81b56966e0a5406ed6cf0141c0c5902903e9f7231a462c53f1dffba6010d3d70e36b07e8b6b60a8f50fb2173c4f9ea5f751d03f099bf7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
Filesize
184KB

MD5
18da542fd78632a779fb9c9aec49f0b1

SHA1
dae3687769348ea3ee0375ab4233845ccfba8621

SHA256
77670ccfb77b0aae377de5e56eac7926f6fa3bd8e60429a74c55c070bc51e943

SHA512
87cd6968cc0606c40dae33cb9f9eee22707d5e10168dd049ad67cec55d776ce8f346f966c94f617df48b2051762edf3570ab0bee061489999623fd56a92088b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
Filesize
184KB

MD5
1f01dd656a8b1c51f95b0fc478350ad4

SHA1
d90ca374e94caf8d635833aa0c19f87d5e2d5fb1

SHA256
3eea3431fbb5e7cc4069d30e0021199f3e0752a82945e4429378cab8ddd1a7ee

SHA512
22d9c7878256a56ffe96ac60c837619d71e32bba9b2f3dc97d6432f3504f0c098f207d25bc484ba6b98e4dee3092d6ddfd7b18ae16116c287cb7b02bf029d5a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
Filesize
184KB

MD5
cf64a171f499aa75bdd506bd3ae18c08

SHA1
cc6ac1707b748c0e3afa5559d6fb956ea3471523

SHA256
03c4cb070700072e4d5a6a854b8b5f39d657d5427f8a773cfab980ba61d2863a

SHA512
32ff303195f2b3894c334627a6f1e734e7ace0df71fff8a52f357b029e98fca07dcec576b3d023d6a9d0a054829e89029645dac65586c7dfe94f49fb17f35dd3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
Filesize
184KB

MD5
f01bf45417c5256bec2d1ffc9c602796

SHA1
525e68206c52d199c432a8c83afaeecd20006cee

SHA256
1ac314b5983604ccc1ab1ae8bfb8ff14522b031a1520239a97c9b98b679acb2b

SHA512
efc7fb58d20de7e35b539ce9a9ccf72bbc2966ac51ee0064043cc6dc69cb3bf5d4251f70637e04c523cde54b25504e4e14ac116786acf5cb9f450441ad1e916e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
Filesize
184KB

MD5
587112f531510f3b3c342a922f5b1177

SHA1
0e2abc022b88603f9afabcd1231e4801ceb80a15

SHA256
df145ce56e22b45fc83ac49d1f6809a091b871b320b12fd09ffed4dd6076f185

SHA512
e8ebe4a22a4c4b5ff926204b7109887a4b7a682c28248708a8cb606132a38482696288739335835c374f7b2ae05f77d1cf2b1cbfc73dba8722f68204e708a54c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
Filesize
184KB

MD5
a9e8d35cf7c464ce3aea5d33bc25abfa

SHA1
26591f9f63bf206ead09a810abb8065c90bd32e1

SHA256
f0c60db9f892a0b937b3ce1bb414674986b0aa1754e31942a9f4cf71861aa8e7

SHA512
c9af49b1da9e1c927ef498d65450d9222ac154e470146d5664edfe27c0befd48dac0ff368206a19e667e8edddfe6966b7de2628c3e185424d3a6f6abde9dc03c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
Filesize
184KB

MD5
23616ef04c2258203a7b50ac30ef231c

SHA1
621359ebbbdaa978a8939e2d21565006e7c1879d

SHA256
bf7049928908e8ca69e9086dd136a5cad3b7b740e7eead2c06c021f1c643afdf

SHA512
0f2c20188731de5a9755e56d7242ecde45e810d3f6b1dc391b7503fe41d8ba7bd236319817e3d463e2c9add9ebd4d73cb8eaabac888be735c84dd20610fd9527

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
Filesize
184KB

MD5
b5b856467aefc983a84f802dbc26aa87

SHA1
56d77cb40fc4e936871341b339dbeae2c083281d

SHA256
eaac58c5205048d652e21e8c88858423a1e1eced199526af34508551bdb6eb25

SHA512
ebe5ab5da1f1b279ce506fb12ebbcbb28253950eae5906a3cb281fa7b0f7281e244fe386b5313cb4e11272ba69475e18976cfa20970d12ebc268b5daa785523e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads