bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe
Size

184KB
MD5

75558cf1711db797ed0ef12148eb0bee
SHA1

b7de82d7c95c8482b446335b7583d7b59d79e7ab
SHA256

bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9
SHA512

b0ed32c867d2214407bc410b3277a9dff2e135b7210f219de4190cab6c474c8cd200e778e3da2bb87db23842f72424f8b5ce43cd07e659dc6ad3d5897f39dedd
SSDEEP

3072:wTkviHolmpazdp+Yer8Lp6nuIKYCCn4KH+O7O5OVUtEhlnVOFs:wTJoLpp+0LcnuIFeWLhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-53343.exeUnicorn-46605.exeUnicorn-42006.exeUnicorn-15437.exeUnicorn-27175.exeUnicorn-47041.exeUnicorn-23679.exeUnicorn-52630.exeUnicorn-7150.exeUnicorn-3429.exeUnicorn-6958.exeUnicorn-28883.exeUnicorn-64893.exeUnicorn-44836.exeUnicorn-48173.exeUnicorn-15308.exeUnicorn-45521.exeUnicorn-31453.exeUnicorn-33534.exeUnicorn-669.exeUnicorn-13476.exeUnicorn-15779.exeUnicorn-32665.exeUnicorn-17206.exeUnicorn-17206.exeUnicorn-30012.exeUnicorn-46157.exeUnicorn-46157.exeUnicorn-7937.exeUnicorn-20744.exeUnicorn-55877.exeUnicorn-3147.exeUnicorn-23013.exeUnicorn-55301.exeUnicorn-19099.exeUnicorn-37246.exeUnicorn-23864.exeUnicorn-54076.exeUnicorn-41077.exeUnicorn-26494.exeUnicorn-29640.exeUnicorn-28571.exeUnicorn-13111.exeUnicorn-57522.exeUnicorn-28187.exeUnicorn-51316.exeUnicorn-37092.exeUnicorn-49899.exeUnicorn-54471.exeUnicorn-54087.exeUnicorn-50174.exeUnicorn-21882.exeUnicorn-1824.exeUnicorn-5353.exeUnicorn-53786.exeUnicorn-4585.exeUnicorn-57185.exeUnicorn-44186.exeUnicorn-26589.exeUnicorn-23936.exeUnicorn-10060.exeUnicorn-7408.exeUnicorn-42541.exeUnicorn-42349.exe

pid	process
2032	Unicorn-53343.exe
2000	Unicorn-46605.exe
2156	Unicorn-42006.exe
2616	Unicorn-15437.exe
2484	Unicorn-27175.exe
2536	Unicorn-47041.exe
2764	Unicorn-23679.exe
920	Unicorn-52630.exe
552	Unicorn-7150.exe
1280	Unicorn-3429.exe
1968	Unicorn-6958.exe
1908	Unicorn-28883.exe
1500	Unicorn-64893.exe
2668	Unicorn-44836.exe
1616	Unicorn-48173.exe
3032	Unicorn-15308.exe
2052	Unicorn-45521.exe
2640	Unicorn-31453.exe
1820	Unicorn-33534.exe
1180	Unicorn-669.exe
1836	Unicorn-13476.exe
1116	Unicorn-15779.exe
2972	Unicorn-32665.exe
392	Unicorn-17206.exe
2856	Unicorn-17206.exe
816	Unicorn-30012.exe
3000	Unicorn-46157.exe
3012	Unicorn-46157.exe
3024	Unicorn-7937.exe
2444	Unicorn-20744.exe
2460	Unicorn-55877.exe
2504	Unicorn-3147.exe
2356	Unicorn-23013.exe
1936	Unicorn-55301.exe
2796	Unicorn-19099.exe
2380	Unicorn-37246.exe
2940	Unicorn-23864.exe
1660	Unicorn-54076.exe
2084	Unicorn-41077.exe
1940	Unicorn-26494.exe
2320	Unicorn-29640.exe
640	Unicorn-28571.exe
1112	Unicorn-13111.exe
948	Unicorn-57522.exe
2164	Unicorn-28187.exe
2656	Unicorn-51316.exe
1020	Unicorn-37092.exe
2240	Unicorn-49899.exe
1040	Unicorn-54471.exe
2836	Unicorn-54087.exe
2732	Unicorn-50174.exe
1016	Unicorn-21882.exe
2280	Unicorn-1824.exe
2680	Unicorn-5353.exe
2612	Unicorn-53786.exe
2548	Unicorn-4585.exe
2620	Unicorn-57185.exe
2512	Unicorn-44186.exe
2392	Unicorn-26589.exe
1212	Unicorn-23936.exe
1828	Unicorn-10060.exe
1488	Unicorn-7408.exe
1472	Unicorn-42541.exe
1724	Unicorn-42349.exe

Loads dropped DLL 64 IoCs

Processes:

bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exeUnicorn-53343.exeUnicorn-46605.exeUnicorn-42006.exeWerFault.exeUnicorn-27175.exeUnicorn-47041.exeUnicorn-15437.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-23679.exeUnicorn-3429.exeUnicorn-6958.exeUnicorn-52630.exeWerFault.exeWerFault.exe

pid	process
2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe
2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe
2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe
2032	Unicorn-53343.exe
2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe
2032	Unicorn-53343.exe
2000	Unicorn-46605.exe
2000	Unicorn-46605.exe
2032	Unicorn-53343.exe
2156	Unicorn-42006.exe
2156	Unicorn-42006.exe
2032	Unicorn-53343.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2484	Unicorn-27175.exe
2484	Unicorn-27175.exe
2156	Unicorn-42006.exe
2156	Unicorn-42006.exe
2536	Unicorn-47041.exe
2536	Unicorn-47041.exe
2000	Unicorn-46605.exe
2000	Unicorn-46605.exe
2616	Unicorn-15437.exe
2616	Unicorn-15437.exe
2208	WerFault.exe
2208	WerFault.exe
2208	WerFault.exe
2208	WerFault.exe
804	WerFault.exe
804	WerFault.exe
804	WerFault.exe
804	WerFault.exe
2208	WerFault.exe
804	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
2536	Unicorn-47041.exe
2536	Unicorn-47041.exe
956	WerFault.exe
2764	Unicorn-23679.exe
2764	Unicorn-23679.exe
2484	Unicorn-27175.exe
2484	Unicorn-27175.exe
1280	Unicorn-3429.exe
1968	Unicorn-6958.exe
1280	Unicorn-3429.exe
1968	Unicorn-6958.exe
2616	Unicorn-15437.exe
2616	Unicorn-15437.exe
920	Unicorn-52630.exe
920	Unicorn-52630.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2480	2248	WerFault.exe	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe
2352	2032	WerFault.exe	Unicorn-53343.exe
2208	2000	WerFault.exe	Unicorn-46605.exe
804	2156	WerFault.exe	Unicorn-42006.exe
956	552	WerFault.exe	Unicorn-7150.exe
2724	2484	WerFault.exe	Unicorn-27175.exe
2712	2536	WerFault.exe	Unicorn-47041.exe
1988	2616	WerFault.exe	Unicorn-15437.exe
2024	2764	WerFault.exe	Unicorn-23679.exe
2256	1280	WerFault.exe	Unicorn-3429.exe
2300	1968	WerFault.exe	Unicorn-6958.exe
2944	920	WerFault.exe	Unicorn-52630.exe
1624	1908	WerFault.exe	Unicorn-28883.exe
1440	1500	WerFault.exe	Unicorn-64893.exe
2676	2668	WerFault.exe	Unicorn-44836.exe
2648	2052	WerFault.exe	Unicorn-45521.exe
2408	3032	WerFault.exe	Unicorn-15308.exe
2420	1616	WerFault.exe	Unicorn-48173.exe
592	2640	WerFault.exe	Unicorn-31453.exe
3004	1180	WerFault.exe	Unicorn-669.exe
2596	392	WerFault.exe	Unicorn-17206.exe
2572	2972	WerFault.exe	Unicorn-32665.exe
2364	1836	WerFault.exe	Unicorn-13476.exe
1720	1116	WerFault.exe	Unicorn-15779.exe
936	2444	WerFault.exe	Unicorn-20744.exe
2312	2504	WerFault.exe	Unicorn-3147.exe
1700	816	WerFault.exe	Unicorn-30012.exe
1984	1112	WerFault.exe	Unicorn-13111.exe
2900	2320	WerFault.exe	Unicorn-29640.exe
2744	2380	WerFault.exe	Unicorn-37246.exe
1744	2460	WerFault.exe	Unicorn-55877.exe
2372	1936	WerFault.exe	Unicorn-55301.exe
2132	3012	WerFault.exe	Unicorn-46157.exe
2452	2796	WerFault.exe	Unicorn-19099.exe
1884	2940	WerFault.exe	Unicorn-23864.exe
3228	2656	WerFault.exe	Unicorn-51316.exe
3380	2856	WerFault.exe	Unicorn-17206.exe
3488	1820	WerFault.exe	Unicorn-33534.exe
3576	2680	WerFault.exe	Unicorn-5353.exe
3668	2836	WerFault.exe	Unicorn-54087.exe
3808	3000	WerFault.exe	Unicorn-46157.exe
3816	2084	WerFault.exe	Unicorn-41077.exe
3844	948	WerFault.exe	Unicorn-57522.exe
3884	1040	WerFault.exe	Unicorn-54471.exe
3912	1940	WerFault.exe	Unicorn-26494.exe
3920	1660	WerFault.exe	Unicorn-54076.exe
4076	1020	WerFault.exe	Unicorn-37092.exe
3168	3024	WerFault.exe	Unicorn-7937.exe
3272	2240	WerFault.exe	Unicorn-49899.exe
3460	2164	WerFault.exe	Unicorn-28187.exe
3624	1828	WerFault.exe	Unicorn-10060.exe
3636	1948	WerFault.exe	Unicorn-27440.exe
3696	2612	WerFault.exe	Unicorn-53786.exe
3772	2356	WerFault.exe	Unicorn-23013.exe
3796	640	WerFault.exe	Unicorn-28571.exe
3832	2852	WerFault.exe	Unicorn-23718.exe
3988	1016	WerFault.exe	Unicorn-21882.exe
3160	2548	WerFault.exe	Unicorn-4585.exe
3260	2824	WerFault.exe	Unicorn-18748.exe
3424	2392	WerFault.exe	Unicorn-26589.exe
3480	1664	WerFault.exe	Unicorn-44653.exe
3528	3060	WerFault.exe	Unicorn-2821.exe
3520	2128	WerFault.exe	Unicorn-7932.exe
3472	1724	WerFault.exe	Unicorn-42349.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exeUnicorn-53343.exeUnicorn-46605.exeUnicorn-42006.exeUnicorn-15437.exeUnicorn-27175.exeUnicorn-47041.exeUnicorn-23679.exeUnicorn-7150.exeUnicorn-3429.exeUnicorn-6958.exeUnicorn-52630.exeUnicorn-28883.exeUnicorn-64893.exeUnicorn-44836.exeUnicorn-48173.exeUnicorn-15308.exeUnicorn-45521.exeUnicorn-31453.exeUnicorn-669.exeUnicorn-33534.exeUnicorn-13476.exeUnicorn-15779.exeUnicorn-32665.exeUnicorn-17206.exeUnicorn-17206.exeUnicorn-46157.exeUnicorn-46157.exeUnicorn-30012.exeUnicorn-7937.exeUnicorn-20744.exeUnicorn-55877.exeUnicorn-3147.exeUnicorn-23013.exeUnicorn-55301.exeUnicorn-19099.exeUnicorn-37246.exeUnicorn-54076.exeUnicorn-23864.exeUnicorn-41077.exeUnicorn-26494.exeUnicorn-28571.exeUnicorn-29640.exeUnicorn-13111.exeUnicorn-57522.exeUnicorn-28187.exeUnicorn-51316.exeUnicorn-37092.exeUnicorn-49899.exeUnicorn-54471.exeUnicorn-54087.exeUnicorn-50174.exeUnicorn-21882.exeUnicorn-1824.exeUnicorn-5353.exeUnicorn-53786.exeUnicorn-4585.exeUnicorn-57185.exeUnicorn-44186.exeUnicorn-22099.exeUnicorn-26589.exeUnicorn-42349.exeUnicorn-23936.exeUnicorn-10060.exe

pid	process
2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe
2032	Unicorn-53343.exe
2000	Unicorn-46605.exe
2156	Unicorn-42006.exe
2616	Unicorn-15437.exe
2484	Unicorn-27175.exe
2536	Unicorn-47041.exe
2764	Unicorn-23679.exe
552	Unicorn-7150.exe
1280	Unicorn-3429.exe
1968	Unicorn-6958.exe
920	Unicorn-52630.exe
1908	Unicorn-28883.exe
1500	Unicorn-64893.exe
2668	Unicorn-44836.exe
1616	Unicorn-48173.exe
3032	Unicorn-15308.exe
2052	Unicorn-45521.exe
2640	Unicorn-31453.exe
1180	Unicorn-669.exe
1820	Unicorn-33534.exe
1836	Unicorn-13476.exe
1116	Unicorn-15779.exe
2972	Unicorn-32665.exe
392	Unicorn-17206.exe
2856	Unicorn-17206.exe
3012	Unicorn-46157.exe
3000	Unicorn-46157.exe
816	Unicorn-30012.exe
3024	Unicorn-7937.exe
2444	Unicorn-20744.exe
2460	Unicorn-55877.exe
2504	Unicorn-3147.exe
2356	Unicorn-23013.exe
1936	Unicorn-55301.exe
2796	Unicorn-19099.exe
2380	Unicorn-37246.exe
1660	Unicorn-54076.exe
2940	Unicorn-23864.exe
2084	Unicorn-41077.exe
1940	Unicorn-26494.exe
640	Unicorn-28571.exe
2320	Unicorn-29640.exe
1112	Unicorn-13111.exe
948	Unicorn-57522.exe
2164	Unicorn-28187.exe
2656	Unicorn-51316.exe
1020	Unicorn-37092.exe
2240	Unicorn-49899.exe
1040	Unicorn-54471.exe
2836	Unicorn-54087.exe
2732	Unicorn-50174.exe
1016	Unicorn-21882.exe
2280	Unicorn-1824.exe
2680	Unicorn-5353.exe
2612	Unicorn-53786.exe
2548	Unicorn-4585.exe
2620	Unicorn-57185.exe
2512	Unicorn-44186.exe
1544	Unicorn-22099.exe
2392	Unicorn-26589.exe
1724	Unicorn-42349.exe
1212	Unicorn-23936.exe
1828	Unicorn-10060.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exeUnicorn-53343.exeUnicorn-46605.exeUnicorn-42006.exeUnicorn-27175.exeUnicorn-47041.exeUnicorn-15437.exeUnicorn-7150.exe

description	pid	process	target process
PID 2248 wrote to memory of 2032	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	Unicorn-53343.exe
PID 2248 wrote to memory of 2032	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	Unicorn-53343.exe
PID 2248 wrote to memory of 2032	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	Unicorn-53343.exe
PID 2248 wrote to memory of 2032	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	Unicorn-53343.exe
PID 2248 wrote to memory of 2156	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	Unicorn-42006.exe
PID 2248 wrote to memory of 2156	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	Unicorn-42006.exe
PID 2248 wrote to memory of 2156	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	Unicorn-42006.exe
PID 2248 wrote to memory of 2156	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	Unicorn-42006.exe
PID 2032 wrote to memory of 2000	2032	Unicorn-53343.exe	Unicorn-46605.exe
PID 2032 wrote to memory of 2000	2032	Unicorn-53343.exe	Unicorn-46605.exe
PID 2032 wrote to memory of 2000	2032	Unicorn-53343.exe	Unicorn-46605.exe
PID 2032 wrote to memory of 2000	2032	Unicorn-53343.exe	Unicorn-46605.exe
PID 2248 wrote to memory of 2480	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	WerFault.exe
PID 2248 wrote to memory of 2480	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	WerFault.exe
PID 2248 wrote to memory of 2480	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	WerFault.exe
PID 2248 wrote to memory of 2480	2248	bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe	WerFault.exe
PID 2000 wrote to memory of 2616	2000	Unicorn-46605.exe	Unicorn-15437.exe
PID 2000 wrote to memory of 2616	2000	Unicorn-46605.exe	Unicorn-15437.exe
PID 2000 wrote to memory of 2616	2000	Unicorn-46605.exe	Unicorn-15437.exe
PID 2000 wrote to memory of 2616	2000	Unicorn-46605.exe	Unicorn-15437.exe
PID 2156 wrote to memory of 2536	2156	Unicorn-42006.exe	Unicorn-47041.exe
PID 2156 wrote to memory of 2536	2156	Unicorn-42006.exe	Unicorn-47041.exe
PID 2156 wrote to memory of 2536	2156	Unicorn-42006.exe	Unicorn-47041.exe
PID 2156 wrote to memory of 2536	2156	Unicorn-42006.exe	Unicorn-47041.exe
PID 2032 wrote to memory of 2484	2032	Unicorn-53343.exe	Unicorn-27175.exe
PID 2032 wrote to memory of 2484	2032	Unicorn-53343.exe	Unicorn-27175.exe
PID 2032 wrote to memory of 2484	2032	Unicorn-53343.exe	Unicorn-27175.exe
PID 2032 wrote to memory of 2484	2032	Unicorn-53343.exe	Unicorn-27175.exe
PID 2032 wrote to memory of 2352	2032	Unicorn-53343.exe	WerFault.exe
PID 2032 wrote to memory of 2352	2032	Unicorn-53343.exe	WerFault.exe
PID 2032 wrote to memory of 2352	2032	Unicorn-53343.exe	WerFault.exe
PID 2032 wrote to memory of 2352	2032	Unicorn-53343.exe	WerFault.exe
PID 2484 wrote to memory of 2764	2484	Unicorn-27175.exe	Unicorn-23679.exe
PID 2484 wrote to memory of 2764	2484	Unicorn-27175.exe	Unicorn-23679.exe
PID 2484 wrote to memory of 2764	2484	Unicorn-27175.exe	Unicorn-23679.exe
PID 2484 wrote to memory of 2764	2484	Unicorn-27175.exe	Unicorn-23679.exe
PID 2156 wrote to memory of 920	2156	Unicorn-42006.exe	Unicorn-52630.exe
PID 2156 wrote to memory of 920	2156	Unicorn-42006.exe	Unicorn-52630.exe
PID 2156 wrote to memory of 920	2156	Unicorn-42006.exe	Unicorn-52630.exe
PID 2156 wrote to memory of 920	2156	Unicorn-42006.exe	Unicorn-52630.exe
PID 2536 wrote to memory of 552	2536	Unicorn-47041.exe	Unicorn-7150.exe
PID 2536 wrote to memory of 552	2536	Unicorn-47041.exe	Unicorn-7150.exe
PID 2536 wrote to memory of 552	2536	Unicorn-47041.exe	Unicorn-7150.exe
PID 2536 wrote to memory of 552	2536	Unicorn-47041.exe	Unicorn-7150.exe
PID 2000 wrote to memory of 1280	2000	Unicorn-46605.exe	Unicorn-3429.exe
PID 2000 wrote to memory of 1280	2000	Unicorn-46605.exe	Unicorn-3429.exe
PID 2000 wrote to memory of 1280	2000	Unicorn-46605.exe	Unicorn-3429.exe
PID 2000 wrote to memory of 1280	2000	Unicorn-46605.exe	Unicorn-3429.exe
PID 2616 wrote to memory of 1968	2616	Unicorn-15437.exe	Unicorn-6958.exe
PID 2616 wrote to memory of 1968	2616	Unicorn-15437.exe	Unicorn-6958.exe
PID 2616 wrote to memory of 1968	2616	Unicorn-15437.exe	Unicorn-6958.exe
PID 2616 wrote to memory of 1968	2616	Unicorn-15437.exe	Unicorn-6958.exe
PID 2000 wrote to memory of 2208	2000	Unicorn-46605.exe	WerFault.exe
PID 2000 wrote to memory of 2208	2000	Unicorn-46605.exe	WerFault.exe
PID 2000 wrote to memory of 2208	2000	Unicorn-46605.exe	WerFault.exe
PID 2000 wrote to memory of 2208	2000	Unicorn-46605.exe	WerFault.exe
PID 2156 wrote to memory of 804	2156	Unicorn-42006.exe	WerFault.exe
PID 2156 wrote to memory of 804	2156	Unicorn-42006.exe	WerFault.exe
PID 2156 wrote to memory of 804	2156	Unicorn-42006.exe	WerFault.exe
PID 2156 wrote to memory of 804	2156	Unicorn-42006.exe	WerFault.exe
PID 552 wrote to memory of 956	552	Unicorn-7150.exe	WerFault.exe
PID 552 wrote to memory of 956	552	Unicorn-7150.exe	WerFault.exe
PID 552 wrote to memory of 956	552	Unicorn-7150.exe	WerFault.exe
PID 552 wrote to memory of 956	552	Unicorn-7150.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe
"C:\Users\Admin\AppData\Local\Temp\bf202f980cb4e0d18b754c9b5745ada085a3423886bb23868c48c9bb8ceb71f9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-32526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32526.exe
10⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
11⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
12⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
13⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
14⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
14⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
13⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
12⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
11⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
10⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
9⤵
- Program crash
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-15891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15891.exe
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
11⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-7976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7976.exe
12⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
12⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
11⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 236
9⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
8⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
11⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
12⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 236
12⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
11⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
10⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
9⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
8⤵
- Program crash
PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
7⤵
- Program crash
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
9⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
10⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
11⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
12⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
13⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 236
13⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
12⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
11⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
10⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 236
9⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
9⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-43338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43338.exe
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
11⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
12⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
12⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 236
11⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
10⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
9⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
8⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
7⤵
- Executes dropped EXE
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
10⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
11⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
12⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 236
11⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 236
10⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
9⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
8⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
7⤵
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
6⤵
- Program crash
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-32665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32665.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-41077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41077.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
9⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
11⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 372
12⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
11⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
10⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
9⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
8⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
9⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
10⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
11⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
12⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 236
12⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 236
11⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
10⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
9⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
8⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
8⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
11⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 188
12⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
11⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
9⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-48243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48243.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
11⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
12⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
12⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
11⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 236
10⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
9⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
8⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
7⤵
- Program crash
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-5353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5353.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe
8⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
11⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
12⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-13287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13287.exe
13⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 236
12⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
11⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
10⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
9⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
8⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
7⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-38911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38911.exe
9⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
10⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
11⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 236
11⤵
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
10⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
9⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 216
8⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
7⤵
- Program crash
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
6⤵
- Program crash
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
5⤵
- Program crash
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
8⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
10⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
11⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
12⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
12⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 236
11⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
10⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
8⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
7⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
6⤵
- Program crash
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
7⤵
- Executes dropped EXE
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-16657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16657.exe
8⤵
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 220
9⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
8⤵
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
7⤵
- Program crash
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
6⤵
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
7⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
8⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
9⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
10⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
10⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
9⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
8⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 216
7⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
6⤵
- Program crash
PID:2132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
5⤵
- Program crash
PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
9⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
10⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
11⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
12⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
13⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 236
13⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
12⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
11⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
10⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
9⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-45312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45312.exe
8⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
11⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
12⤵
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
12⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
11⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
10⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
9⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
8⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
8⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-10868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10868.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
10⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
11⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-46612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46612.exe
12⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 236
12⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 236
11⤵
PID:972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
10⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
9⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
8⤵
- Program crash
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
7⤵
- Program crash
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
8⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
9⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
10⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe
11⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
12⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
13⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-35827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35827.exe
14⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 236
14⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
13⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 236
12⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
11⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
10⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-50686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50686.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
11⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
12⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
13⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 236
13⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 240
12⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
11⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
10⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
8⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
10⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
11⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
12⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
13⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
13⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
12⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
11⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
10⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
9⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
8⤵
- Program crash
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
7⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
8⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
10⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
11⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
12⤵
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 236
12⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
11⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
10⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
9⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
8⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
7⤵
- Program crash
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
6⤵
- Program crash
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
7⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
8⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
11⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
12⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 236
12⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
10⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
9⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
8⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
7⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
10⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe
11⤵
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
11⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 236
10⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
8⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
7⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
6⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
7⤵
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-41078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41078.exe
10⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
11⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
11⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
10⤵
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 216
8⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
7⤵
- Program crash
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
6⤵
- Program crash
PID:2364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
5⤵
- Program crash
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
7⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
11⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
12⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
12⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 220
11⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
9⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
8⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
7⤵
- Program crash
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
7⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
10⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
11⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 236
11⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
9⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 216
8⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
7⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
8⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
9⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
10⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
10⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
9⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
8⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
7⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 240
6⤵
- Program crash
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
6⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
7⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
8⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
10⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
11⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 236
10⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
9⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
8⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
7⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
6⤵
- Program crash
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 220
5⤵
- Program crash
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
7⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
9⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
10⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
11⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
12⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
11⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
10⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
8⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
7⤵
- Program crash
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
6⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
7⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
9⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
10⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
10⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
9⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
8⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 216
7⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
6⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
7⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
8⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe
9⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
10⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
11⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 236
11⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
9⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
8⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
7⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
6⤵
- Program crash
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
5⤵
- Program crash
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-31453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31453.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
8⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-46942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46942.exe
9⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
11⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
12⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
13⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
13⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
12⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
11⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
10⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
9⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
11⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
12⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
12⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
9⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
8⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
7⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
10⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-25174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25174.exe
12⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
11⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
10⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
8⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
7⤵
- Program crash
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-33465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33465.exe
7⤵
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
9⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-23279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23279.exe
10⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-6158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6158.exe
11⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
12⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
12⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
11⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
10⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
9⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
7⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
9⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
10⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
11⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
11⤵
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
10⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
9⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
8⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
7⤵
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 240
6⤵
- Program crash
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
7⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-48778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48778.exe
10⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
11⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
11⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
10⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
8⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 236
7⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
6⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
7⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
8⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
9⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
10⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
10⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 236
9⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
8⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 216
7⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
6⤵
- Program crash
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 220
5⤵
- Program crash
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
7⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe
9⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
10⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-56065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56065.exe
11⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
11⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 236
10⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
8⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
7⤵
- Program crash
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
6⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-57594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57594.exe
7⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
8⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-21369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21369.exe
9⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
10⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 236
10⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
8⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 216
7⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 240
6⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
6⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-65174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65174.exe
7⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
8⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
9⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
9⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
8⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 216
7⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
6⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
5⤵
- Program crash
PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
4⤵
- Program crash
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
2⤵
- Program crash
PID:2480

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
Filesize
184KB

MD5
bab8ba2e3bec898bd6cf485bb010d1a0

SHA1
16f79b44be610b2fa5c706eb96757d09176d09f2

SHA256
4c7bd8162d7a8c3985e8cf22cc710a4882d7009613bbd350f21d705b59e3b964

SHA512
481aa450a8469f827270909418b40213b408a67ecbc3733e230dd64935bb3549284bec02bd489ef9631f0daf24aaf8b534e10aa8aff1b7aeab0aac75430273b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
Filesize
184KB

MD5
86d16df0635a757c4eb91ebca0f37ffd

SHA1
e76fd6972d4154d76e7b604696babf80f3c9fcc7

SHA256
4dbb795e67971a8d8119d1c84acdb5cdea63a5a70b50c2a0d2d88d8973b1fb06

SHA512
04b2ff9998e9a21c86e6b3cfd327514fec6f20f052196ed619e568d976713041cdf82c174fdb5db907a849a255c877d5f54efea47441b0c656f8d26b0b4dfdb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
Filesize
184KB

MD5
0ac763e5b100addcf08fce0f625053f3

SHA1
fa54074177a519febff583b13b5957bf6d63ff0b

SHA256
acb098b20c20f711ccc9ab1b99c8cfc4d083ab1772937042f29d1e55e57eb539

SHA512
97cec986b7a2daf65046fa9cd3ce735e6ff9dd396b013cbdac91235119b23e1fbcec17c6742af41f32413e0466592ee4985a350d770f304a51565b93faf534d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
Filesize
184KB

MD5
903959d5534bdf11a224608c97ab8bf9

SHA1
0d01245aa7053e91a551fb7ec5cd59ba5e9c968f

SHA256
302f04414d678a45b5259705e2cdbfcab4bb882a645c9d5448970705e3f92fcb

SHA512
c82c6da61082d3181263b4ab786ac00b92654d683bafed4146246e86102259dde6e7b68997882f356df22e3834e7b224056d20c2f6b1b75e8b63d7b278e14082

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
Filesize
184KB

MD5
af5522f9a992badc814bf3a4509574b4

SHA1
56a7e0de34150f3d2c0b02c69bf467624eafecad

SHA256
b4872ee895eb692f2b9131acad9a368cf9921bd41b4ee7630f7f5808cb5522f1

SHA512
052854ece67b8bbcc4043cdb452f6d0e96e5d2fce635ac5029db553c0753f705835b22f9c83baf87891a597d8af35d52df0f0208a31bcc5e2ef5202d77c29ac1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
Filesize
184KB

MD5
6433b80bbd11ddaea5680fef34af4420

SHA1
162490bd90347a3f183ac506d0fb9a76e307e9db

SHA256
066ec395b9784d976cdd7100c94c4eebd19c89c3e8802e0786a022bc29dc1f32

SHA512
55601b5b2dcfb63a313930888a089b859ebcf51c445674a31af2f2184ce5d489fc61d3b4c15cc61c61e99f6df650680af51215421cac887f67f37149d9f6eb80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
Filesize
184KB

MD5
21de35c452d7bff2302160de53aa80f7

SHA1
ca50441796d87411966b9624fcc4d3037d26decd

SHA256
36de9b20993516506e6faaedf562585ce0f622c3fb5bf1d5210b213d412aba36

SHA512
fa10d8b5890846b0340c33fce1a65c196b44fe4f8e65f54aeb09170ad5d84eadd9548581ead614a15c6c407d4925330809a11b0c719120fec541bec736b818e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
Filesize
184KB

MD5
f5f52a24f5184aa9d0456e7e7298230d

SHA1
fee5534f895b11f2873fbe65ced2c402dfb33ee8

SHA256
a75ad5d8c1609883efabba14e5a1b6c8fc55ec08ea243fb91ee05f1d5b3eea3e

SHA512
78c54b88536892c674f0148d8063c6a61446968e6177a62feee6eb2b4c9c55771abb408cc837fcc41bcfcce756f3da989225a886e7823e63126896af8b265c35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
Filesize
184KB

MD5
9892e578c264683567519f791c19d9c7

SHA1
e15795d56cbf11a7e67ccd924576a64eeb7c677d

SHA256
3ac82ee91c75a910a93144dc66cbcd6c34712fd7c7722c98f5dc6969ecbc5df4

SHA512
7f4adc75f08f9d333c37cbd67dab3f7c89bef6f9b3ee2a1abc5958e01526912d66b18e47c102c22da09f478de78b3b42d425a4413c302c3ff30e01a72f181bcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
Filesize
184KB

MD5
d85937426dfd221b0c382e27308153f3

SHA1
5ad9df145c8ec0c55d3e48875fcc3a2e423687ca

SHA256
aab3464d26281702ce0c20ec1717a8bc52ebbba9e1ed64040c351cafd7a957f8

SHA512
519f5683147d61aeb230c1298d0c29423446c37a5ab6f72b594dc9ee212d454d31fcb6c78bf921c7e0a93cc5f6140e289bec93ca30746e4cef7de68e43e353ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
Filesize
184KB

MD5
dfae25f2cc31216ac1ae0c4707e72d37

SHA1
0ae84c3e2657c3e7c5cd1cec6edeefbbbb853f98

SHA256
cf517d0e32d5d56164ea329ab5709b806657bfaa58f14da5300d3b322384a2e0

SHA512
1f48022971f23329d8c715bcc6463479961ee336a24dd49a5abe2dbdb2676d227c79037c8f6f0a26a862746c2eb8f853072452c1c75da89b9b41e7527fc4a712

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
Filesize
184KB

MD5
652fc74e43d6711bd3b5ae03f405180c

SHA1
bc9b1c74a42a30daac0804b4992e744814c4255d

SHA256
b1d8e4ca8f58119d78a74dcce338522a808d972349399f2bb497d8034ca3c037

SHA512
bc224831c3037ea7affaa179ca6a376c9d766bd56768f0095112637d0d073861861a1470c0b74b482e646c1f81dd23e83ac781f1960b456e3edfe3d9891b1a50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
Filesize
184KB

MD5
e427cc527a14ef2f434c62c9eae12ef4

SHA1
b4141b89852a58eebefd94cb2206a94e5ad15ff1

SHA256
7cbf3a0c7d699eb9fb07f996a24b18c28f9bce8f5dc2db157211716045a1fc90

SHA512
fe26bd71699f83d8f2e4d84a826f4d1e4eb2e80463ede6b85c42dd8ca63a8ff8b55b5f866311ee16b946a94d59099ee99a6b21d65b13b070b9d534350ac21751

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
Filesize
184KB

MD5
01502d16601c4e54be658d3d737c5a92

SHA1
1cdf4cade01d15e4eb72f111d74f855943be6555

SHA256
d5a2c5d32b8841328aba5ae5be9737f82496e02d3522e948b34a0dce71418800

SHA512
6f401789c8d80c244e7b4abb91dca5bb85573fc3356af4d8f5b53bfdde26dead82b12cefafbb96b60dd80ac694dc17a98480fc7e2a17e507f787dc3104e4d556

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
Filesize
184KB

MD5
99c4bc1c47ada39aa0daf9ef72c9f214

SHA1
8b43bd952fbce46eb25233e58a6f01590a3ea880

SHA256
025bf46017fe3853db4a251ef6ed3b13c91a4384e7f6cbdab8359907371ad564

SHA512
c5a29b15c08fa7521ff2c6e3b8c244e50d5d6438fbaa0456101729c910d380eecaf4199e3d725e5bdbf3d537db13c55592ac0d66657795779f66c754bb385651

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
Filesize
184KB

MD5
49f1a99cccbc61ca18efbfa82cf4ef9f

SHA1
997e223423f4481c7f643fdf00ceb0178e4dbb08

SHA256
b2b02fa59b5a637bc8a244dd27a41ac810406f24cd6e394a7d59b950a4bd000d

SHA512
cb18f07db44b55c501b585a45dd91f46ef8038ae68bdcdfb04638d4b81551a9dd680a48fde6808a8a99a98a648f6e1ea9d7ba7a5dc262215b0f97862e5f01a12

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads