b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71

Analysis

max time kernel
148s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe
Size

184KB
MD5

0700f89f9627563d72ab077abb93396d
SHA1

e0fc8b1456535ee4d8d266686c641b939f26616a
SHA256

b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71
SHA512

17afbb4bce768cd6e9aeeb28d61a17bbae00f5f828f807fdfbf94f2484fb619a2cf1d94679e01802bac4ba6fdb6045f19c86ef2c6919f5ad71b0903f86f46e54
SSDEEP

3072:LoT36xoT7ZQMjGQWMlwLvWsrhlnViF7n3:LoQou2GQyLesrhlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-8276.exeUnicorn-4374.exeUnicorn-34778.exeUnicorn-21643.exeUnicorn-1969.exeUnicorn-21835.exeUnicorn-50377.exeUnicorn-63760.exeUnicorn-63532.exeUnicorn-11186.exeUnicorn-64108.exeUnicorn-19815.exeUnicorn-18070.exeUnicorn-3343.exeUnicorn-16534.exeUnicorn-37168.exeUnicorn-41142.exeUnicorn-52627.exeUnicorn-52627.exeUnicorn-10759.exeUnicorn-56623.exeUnicorn-24683.exeUnicorn-15248.exeUnicorn-45653.exeUnicorn-15825.exeUnicorn-29748.exeUnicorn-46203.exeUnicorn-49047.exeUnicorn-62238.exeUnicorn-16567.exeUnicorn-62430.exeUnicorn-16567.exeUnicorn-44076.exeUnicorn-41807.exeUnicorn-11595.exeUnicorn-12363.exeUnicorn-58227.exeUnicorn-817.exeUnicorn-49333.exeUnicorn-34869.exeUnicorn-37330.exeUnicorn-2581.exeUnicorn-5425.exeUnicorn-51289.exeUnicorn-27416.exeUnicorn-7322.exeUnicorn-5246.exeUnicorn-25304.exeUnicorn-25304.exeUnicorn-38494.exeUnicorn-25112.exeUnicorn-8282.exeUnicorn-38494.exeUnicorn-20560.exeUnicorn-34183.exeUnicorn-23213.exeUnicorn-54193.exeUnicorn-62486.exeUnicorn-22300.exeUnicorn-35490.exeUnicorn-20738.exeUnicorn-51718.exeUnicorn-18626.exeUnicorn-3550.exe

pid	process
2428	Unicorn-8276.exe
2916	Unicorn-4374.exe
2580	Unicorn-34778.exe
2704	Unicorn-21643.exe
2516	Unicorn-1969.exe
2616	Unicorn-21835.exe
1492	Unicorn-50377.exe
1100	Unicorn-63760.exe
756	Unicorn-63532.exe
2692	Unicorn-11186.exe
1348	Unicorn-64108.exe
928	Unicorn-19815.exe
620	Unicorn-18070.exe
916	Unicorn-3343.exe
1624	Unicorn-16534.exe
2728	Unicorn-37168.exe
664	Unicorn-41142.exe
2864	Unicorn-52627.exe
372	Unicorn-52627.exe
1836	Unicorn-10759.exe
964	Unicorn-56623.exe
2996	Unicorn-24683.exe
1980	Unicorn-15248.exe
2824	Unicorn-45653.exe
1536	Unicorn-15825.exe
2760	Unicorn-29748.exe
1740	Unicorn-46203.exe
2772	Unicorn-49047.exe
2756	Unicorn-62238.exe
1628	Unicorn-16567.exe
2180	Unicorn-62430.exe
1944	Unicorn-16567.exe
1800	Unicorn-44076.exe
1796	Unicorn-41807.exe
2556	Unicorn-11595.exe
2672	Unicorn-12363.exe
2360	Unicorn-58227.exe
2020	Unicorn-817.exe
2680	Unicorn-49333.exe
2388	Unicorn-34869.exe
752	Unicorn-37330.exe
1304	Unicorn-2581.exe
2000	Unicorn-5425.exe
1452	Unicorn-51289.exe
1092	Unicorn-27416.exe
1744	Unicorn-7322.exe
1512	Unicorn-5246.exe
2072	Unicorn-25304.exe
2144	Unicorn-25304.exe
2860	Unicorn-38494.exe
2276	Unicorn-25112.exe
528	Unicorn-8282.exe
2720	Unicorn-38494.exe
320	Unicorn-20560.exe
744	Unicorn-34183.exe
3048	Unicorn-23213.exe
2416	Unicorn-54193.exe
2612	Unicorn-62486.exe
3064	Unicorn-22300.exe
2520	Unicorn-35490.exe
2572	Unicorn-20738.exe
2588	Unicorn-51718.exe
588	Unicorn-18626.exe
2888	Unicorn-3550.exe

Loads dropped DLL 64 IoCs

Processes:

b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exeUnicorn-8276.exeUnicorn-4374.exeUnicorn-34778.exeWerFault.exeUnicorn-21643.exeUnicorn-21835.exeUnicorn-1969.exeWerFault.exeWerFault.exeUnicorn-50377.exeUnicorn-64108.exeUnicorn-11186.exeUnicorn-63760.exeUnicorn-63532.exeWerFault.exeWerFault.exe

pid	process
2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe
2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe
2428	Unicorn-8276.exe
2428	Unicorn-8276.exe
2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe
2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe
2916	Unicorn-4374.exe
2916	Unicorn-4374.exe
2428	Unicorn-8276.exe
2428	Unicorn-8276.exe
2580	Unicorn-34778.exe
2580	Unicorn-34778.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2704	Unicorn-21643.exe
2704	Unicorn-21643.exe
2916	Unicorn-4374.exe
2916	Unicorn-4374.exe
2616	Unicorn-21835.exe
2616	Unicorn-21835.exe
2580	Unicorn-34778.exe
2580	Unicorn-34778.exe
2516	Unicorn-1969.exe
2516	Unicorn-1969.exe
1228	WerFault.exe
1228	WerFault.exe
1228	WerFault.exe
1228	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
1228	WerFault.exe
2008	WerFault.exe
1492	Unicorn-50377.exe
1492	Unicorn-50377.exe
2704	Unicorn-21643.exe
2704	Unicorn-21643.exe
1348	Unicorn-64108.exe
1348	Unicorn-64108.exe
2516	Unicorn-1969.exe
2516	Unicorn-1969.exe
2692	Unicorn-11186.exe
2692	Unicorn-11186.exe
2616	Unicorn-21835.exe
2616	Unicorn-21835.exe
1100	Unicorn-63760.exe
756	Unicorn-63532.exe
756	Unicorn-63532.exe
1100	Unicorn-63760.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2576	2212	WerFault.exe	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe
2800	2428	WerFault.exe	Unicorn-8276.exe
1228	2916	WerFault.exe	Unicorn-4374.exe
2008	2580	WerFault.exe	Unicorn-34778.exe
2248	2704	WerFault.exe	Unicorn-21643.exe
2928	2616	WerFault.exe	Unicorn-21835.exe
1048	2516	WerFault.exe	Unicorn-1969.exe
2532	1492	WerFault.exe	Unicorn-50377.exe
1920	1348	WerFault.exe	Unicorn-64108.exe
2340	1100	WerFault.exe	Unicorn-63760.exe
2488	756	WerFault.exe	Unicorn-63532.exe
2356	2692	WerFault.exe	Unicorn-11186.exe
340	928	WerFault.exe	Unicorn-19815.exe
1872	620	WerFault.exe	Unicorn-18070.exe
1336	916	WerFault.exe	Unicorn-3343.exe
920	1624	WerFault.exe	Unicorn-16534.exe
2716	2728	WerFault.exe	Unicorn-37168.exe
1576	372	WerFault.exe	Unicorn-52627.exe
1588	664	WerFault.exe	Unicorn-41142.exe
2504	2864	WerFault.exe	Unicorn-52627.exe
772	1836	WerFault.exe	Unicorn-10759.exe
280	964	WerFault.exe	Unicorn-56623.exe
2548	2760	WerFault.exe	Unicorn-29748.exe
1680	1628	WerFault.exe	Unicorn-16567.exe
600	2772	WerFault.exe	Unicorn-49047.exe
3040	2756	WerFault.exe	Unicorn-62238.exe
2668	1800	WerFault.exe	Unicorn-44076.exe
488	1980	WerFault.exe	Unicorn-15248.exe
1672	1796	WerFault.exe	Unicorn-41807.exe
2172	2996	WerFault.exe	Unicorn-24683.exe
936	2824	WerFault.exe	Unicorn-45653.exe
1548	2276	WerFault.exe	Unicorn-25112.exe
1324	752	WerFault.exe	Unicorn-37330.exe
2808	2388	WerFault.exe	Unicorn-34869.exe
748	1740	WerFault.exe	Unicorn-46203.exe
2448	2672	WerFault.exe	Unicorn-12363.exe
540	2860	WerFault.exe	Unicorn-38494.exe
3220	320	WerFault.exe	Unicorn-20560.exe
3368	1092	WerFault.exe	Unicorn-27416.exe
3404	528	WerFault.exe	Unicorn-8282.exe
3452	744	WerFault.exe	Unicorn-34183.exe
3480	2072	WerFault.exe	Unicorn-25304.exe
3768	2020	WerFault.exe	Unicorn-817.exe
3936	3064	WerFault.exe	Unicorn-22300.exe
3944	2720	WerFault.exe	Unicorn-38494.exe
4040	2144	WerFault.exe	Unicorn-25304.exe
4064	2180	WerFault.exe	Unicorn-62430.exe
4072	1536	WerFault.exe	Unicorn-15825.exe
4080	1512	WerFault.exe	Unicorn-5246.exe
3104	1452	WerFault.exe	Unicorn-51289.exe
3120	1944	WerFault.exe	Unicorn-16567.exe
3228	2360	WerFault.exe	Unicorn-58227.exe
3264	2680	WerFault.exe	Unicorn-49333.exe
3328	1304	WerFault.exe	Unicorn-2581.exe
3360	1744	WerFault.exe	Unicorn-7322.exe
3540	3048	WerFault.exe	Unicorn-23213.exe
3624	2556	WerFault.exe	Unicorn-11595.exe
3628	2416	WerFault.exe	Unicorn-54193.exe
3724	2252	WerFault.exe	Unicorn-33134.exe
3952	1068	WerFault.exe	Unicorn-2611.exe
3992	1164	WerFault.exe	Unicorn-56098.exe
4048	1204	WerFault.exe	Unicorn-3462.exe
3092	2524	WerFault.exe	Unicorn-16544.exe
3256	2464	WerFault.exe	Unicorn-36410.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exeUnicorn-8276.exeUnicorn-4374.exeUnicorn-34778.exeUnicorn-21643.exeUnicorn-1969.exeUnicorn-21835.exeUnicorn-50377.exeUnicorn-63760.exeUnicorn-11186.exeUnicorn-64108.exeUnicorn-63532.exeUnicorn-19815.exeUnicorn-18070.exeUnicorn-3343.exeUnicorn-16534.exeUnicorn-37168.exeUnicorn-41142.exeUnicorn-52627.exeUnicorn-52627.exeUnicorn-10759.exeUnicorn-56623.exeUnicorn-24683.exeUnicorn-15248.exeUnicorn-45653.exeUnicorn-15825.exeUnicorn-29748.exeUnicorn-46203.exeUnicorn-16567.exeUnicorn-49047.exeUnicorn-62430.exeUnicorn-62238.exeUnicorn-16567.exeUnicorn-44076.exeUnicorn-11595.exeUnicorn-41807.exeUnicorn-58227.exeUnicorn-12363.exeUnicorn-817.exeUnicorn-49333.exeUnicorn-34869.exeUnicorn-37330.exeUnicorn-2581.exeUnicorn-51289.exeUnicorn-5425.exeUnicorn-27416.exeUnicorn-7322.exeUnicorn-25304.exeUnicorn-25112.exeUnicorn-25304.exeUnicorn-38494.exeUnicorn-5246.exeUnicorn-38494.exeUnicorn-8282.exeUnicorn-34183.exeUnicorn-23213.exeUnicorn-20560.exeUnicorn-54193.exeUnicorn-62486.exeUnicorn-22300.exeUnicorn-20738.exeUnicorn-51718.exeUnicorn-18626.exeUnicorn-31816.exe

pid	process
2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe
2428	Unicorn-8276.exe
2916	Unicorn-4374.exe
2580	Unicorn-34778.exe
2704	Unicorn-21643.exe
2516	Unicorn-1969.exe
2616	Unicorn-21835.exe
1492	Unicorn-50377.exe
1100	Unicorn-63760.exe
2692	Unicorn-11186.exe
1348	Unicorn-64108.exe
756	Unicorn-63532.exe
928	Unicorn-19815.exe
620	Unicorn-18070.exe
916	Unicorn-3343.exe
1624	Unicorn-16534.exe
2728	Unicorn-37168.exe
664	Unicorn-41142.exe
2864	Unicorn-52627.exe
372	Unicorn-52627.exe
1836	Unicorn-10759.exe
964	Unicorn-56623.exe
2996	Unicorn-24683.exe
1980	Unicorn-15248.exe
2824	Unicorn-45653.exe
1536	Unicorn-15825.exe
2760	Unicorn-29748.exe
1740	Unicorn-46203.exe
1628	Unicorn-16567.exe
2772	Unicorn-49047.exe
2180	Unicorn-62430.exe
2756	Unicorn-62238.exe
1944	Unicorn-16567.exe
1800	Unicorn-44076.exe
2556	Unicorn-11595.exe
1796	Unicorn-41807.exe
2360	Unicorn-58227.exe
2672	Unicorn-12363.exe
2020	Unicorn-817.exe
2680	Unicorn-49333.exe
2388	Unicorn-34869.exe
752	Unicorn-37330.exe
1304	Unicorn-2581.exe
1452	Unicorn-51289.exe
2000	Unicorn-5425.exe
1092	Unicorn-27416.exe
1744	Unicorn-7322.exe
2072	Unicorn-25304.exe
2276	Unicorn-25112.exe
2144	Unicorn-25304.exe
2720	Unicorn-38494.exe
1512	Unicorn-5246.exe
2860	Unicorn-38494.exe
528	Unicorn-8282.exe
744	Unicorn-34183.exe
3048	Unicorn-23213.exe
320	Unicorn-20560.exe
2416	Unicorn-54193.exe
2612	Unicorn-62486.exe
3064	Unicorn-22300.exe
2572	Unicorn-20738.exe
2588	Unicorn-51718.exe
588	Unicorn-18626.exe
1808	Unicorn-31816.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exeUnicorn-8276.exeUnicorn-4374.exeUnicorn-34778.exeUnicorn-21643.exeUnicorn-21835.exeUnicorn-1969.exeUnicorn-50377.exe

description	pid	process	target process
PID 2212 wrote to memory of 2428	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	Unicorn-8276.exe
PID 2212 wrote to memory of 2428	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	Unicorn-8276.exe
PID 2212 wrote to memory of 2428	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	Unicorn-8276.exe
PID 2212 wrote to memory of 2428	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	Unicorn-8276.exe
PID 2428 wrote to memory of 2916	2428	Unicorn-8276.exe	Unicorn-4374.exe
PID 2428 wrote to memory of 2916	2428	Unicorn-8276.exe	Unicorn-4374.exe
PID 2428 wrote to memory of 2916	2428	Unicorn-8276.exe	Unicorn-4374.exe
PID 2428 wrote to memory of 2916	2428	Unicorn-8276.exe	Unicorn-4374.exe
PID 2212 wrote to memory of 2580	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	Unicorn-34778.exe
PID 2212 wrote to memory of 2580	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	Unicorn-34778.exe
PID 2212 wrote to memory of 2580	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	Unicorn-34778.exe
PID 2212 wrote to memory of 2580	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	Unicorn-34778.exe
PID 2212 wrote to memory of 2576	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	WerFault.exe
PID 2212 wrote to memory of 2576	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	WerFault.exe
PID 2212 wrote to memory of 2576	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	WerFault.exe
PID 2212 wrote to memory of 2576	2212	b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe	WerFault.exe
PID 2916 wrote to memory of 2704	2916	Unicorn-4374.exe	Unicorn-21643.exe
PID 2916 wrote to memory of 2704	2916	Unicorn-4374.exe	Unicorn-21643.exe
PID 2916 wrote to memory of 2704	2916	Unicorn-4374.exe	Unicorn-21643.exe
PID 2916 wrote to memory of 2704	2916	Unicorn-4374.exe	Unicorn-21643.exe
PID 2428 wrote to memory of 2516	2428	Unicorn-8276.exe	Unicorn-1969.exe
PID 2428 wrote to memory of 2516	2428	Unicorn-8276.exe	Unicorn-1969.exe
PID 2428 wrote to memory of 2516	2428	Unicorn-8276.exe	Unicorn-1969.exe
PID 2428 wrote to memory of 2516	2428	Unicorn-8276.exe	Unicorn-1969.exe
PID 2580 wrote to memory of 2616	2580	Unicorn-34778.exe	Unicorn-21835.exe
PID 2580 wrote to memory of 2616	2580	Unicorn-34778.exe	Unicorn-21835.exe
PID 2580 wrote to memory of 2616	2580	Unicorn-34778.exe	Unicorn-21835.exe
PID 2580 wrote to memory of 2616	2580	Unicorn-34778.exe	Unicorn-21835.exe
PID 2428 wrote to memory of 2800	2428	Unicorn-8276.exe	WerFault.exe
PID 2428 wrote to memory of 2800	2428	Unicorn-8276.exe	WerFault.exe
PID 2428 wrote to memory of 2800	2428	Unicorn-8276.exe	WerFault.exe
PID 2428 wrote to memory of 2800	2428	Unicorn-8276.exe	WerFault.exe
PID 2704 wrote to memory of 1492	2704	Unicorn-21643.exe	Unicorn-50377.exe
PID 2704 wrote to memory of 1492	2704	Unicorn-21643.exe	Unicorn-50377.exe
PID 2704 wrote to memory of 1492	2704	Unicorn-21643.exe	Unicorn-50377.exe
PID 2704 wrote to memory of 1492	2704	Unicorn-21643.exe	Unicorn-50377.exe
PID 2916 wrote to memory of 1100	2916	Unicorn-4374.exe	Unicorn-63760.exe
PID 2916 wrote to memory of 1100	2916	Unicorn-4374.exe	Unicorn-63760.exe
PID 2916 wrote to memory of 1100	2916	Unicorn-4374.exe	Unicorn-63760.exe
PID 2916 wrote to memory of 1100	2916	Unicorn-4374.exe	Unicorn-63760.exe
PID 2616 wrote to memory of 756	2616	Unicorn-21835.exe	Unicorn-63532.exe
PID 2616 wrote to memory of 756	2616	Unicorn-21835.exe	Unicorn-63532.exe
PID 2616 wrote to memory of 756	2616	Unicorn-21835.exe	Unicorn-63532.exe
PID 2616 wrote to memory of 756	2616	Unicorn-21835.exe	Unicorn-63532.exe
PID 2580 wrote to memory of 2692	2580	Unicorn-34778.exe	Unicorn-11186.exe
PID 2580 wrote to memory of 2692	2580	Unicorn-34778.exe	Unicorn-11186.exe
PID 2580 wrote to memory of 2692	2580	Unicorn-34778.exe	Unicorn-11186.exe
PID 2580 wrote to memory of 2692	2580	Unicorn-34778.exe	Unicorn-11186.exe
PID 2516 wrote to memory of 1348	2516	Unicorn-1969.exe	Unicorn-64108.exe
PID 2516 wrote to memory of 1348	2516	Unicorn-1969.exe	Unicorn-64108.exe
PID 2516 wrote to memory of 1348	2516	Unicorn-1969.exe	Unicorn-64108.exe
PID 2516 wrote to memory of 1348	2516	Unicorn-1969.exe	Unicorn-64108.exe
PID 2916 wrote to memory of 1228	2916	Unicorn-4374.exe	WerFault.exe
PID 2916 wrote to memory of 1228	2916	Unicorn-4374.exe	WerFault.exe
PID 2916 wrote to memory of 1228	2916	Unicorn-4374.exe	WerFault.exe
PID 2916 wrote to memory of 1228	2916	Unicorn-4374.exe	WerFault.exe
PID 2580 wrote to memory of 2008	2580	Unicorn-34778.exe	WerFault.exe
PID 2580 wrote to memory of 2008	2580	Unicorn-34778.exe	WerFault.exe
PID 2580 wrote to memory of 2008	2580	Unicorn-34778.exe	WerFault.exe
PID 2580 wrote to memory of 2008	2580	Unicorn-34778.exe	WerFault.exe
PID 1492 wrote to memory of 928	1492	Unicorn-50377.exe	Unicorn-19815.exe
PID 1492 wrote to memory of 928	1492	Unicorn-50377.exe	Unicorn-19815.exe
PID 1492 wrote to memory of 928	1492	Unicorn-50377.exe	Unicorn-19815.exe
PID 1492 wrote to memory of 928	1492	Unicorn-50377.exe	Unicorn-19815.exe

C:\Users\Admin\AppData\Local\Temp\b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe
"C:\Users\Admin\AppData\Local\Temp\b45b03ec4210221f09a35e012d4c225f314b4b144e13771b2f8c5b97c51dbf71.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-23213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23213.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
10⤵
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
11⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
12⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
13⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
14⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 220
15⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
14⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
13⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
12⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
11⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
10⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
9⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
10⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
11⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
12⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
13⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 200
14⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
13⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
12⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
11⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
10⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
9⤵
- Program crash
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
9⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
10⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
11⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-51891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51891.exe
12⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
13⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 236
13⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 236
12⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
11⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
10⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
9⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
8⤵
- Program crash
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
9⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-1478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1478.exe
10⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
11⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-7802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7802.exe
12⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
13⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-7742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7742.exe
14⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 236
14⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
13⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
12⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
11⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
10⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
10⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-55644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55644.exe
11⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-42195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42195.exe
12⤵
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
12⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
11⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
10⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
8⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
10⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
11⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
12⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
13⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
13⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
12⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
11⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
10⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
9⤵
- Program crash
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
8⤵
- Program crash
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
7⤵
- Program crash
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:744

C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
9⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
10⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
11⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
12⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
13⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
14⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 236
14⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 236
13⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
12⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
11⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
10⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 236
9⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
8⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
9⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
10⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
11⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
12⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
12⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 236
11⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
10⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
9⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-12813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12813.exe
8⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-50591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50591.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
11⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
12⤵
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
12⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 236
11⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
9⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
8⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
7⤵
- Program crash
PID:280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
6⤵
- Program crash
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
8⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
10⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
11⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
12⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
13⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
13⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 236
12⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
11⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
10⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
9⤵
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
8⤵
- Program crash
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-28557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28557.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
10⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-10162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10162.exe
12⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 236
11⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
10⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
8⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
7⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
7⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
10⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
11⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
12⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
12⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
11⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
10⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
8⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
7⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
6⤵
- Program crash
PID:1872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
8⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-27453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27453.exe
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
11⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-7097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7097.exe
12⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
12⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 236
11⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
10⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
9⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
8⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
7⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
10⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
11⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
11⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
8⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
7⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
7⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
10⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
11⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 236
11⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
10⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
8⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
7⤵
- Program crash
PID:540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 220
6⤵
- Program crash
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
7⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
10⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
11⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
12⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
12⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 236
11⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
10⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
8⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
7⤵
- Program crash
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-65304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65304.exe
6⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
7⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
8⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-60105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60105.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
11⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
11⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 236
10⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
9⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
8⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
7⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
6⤵
- Program crash
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
5⤵
- Program crash
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
8⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
11⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
12⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
13⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 236
13⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
12⤵
PID:1052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
11⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 216
9⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
8⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
7⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
9⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-4161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4161.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
11⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
12⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
12⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
11⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
10⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
9⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
8⤵
- Program crash
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
7⤵
- Program crash
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
7⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
10⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
11⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
12⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 220
12⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
11⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
9⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 236
8⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
7⤵
- Program crash
PID:2808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
6⤵
- Program crash
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
8⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
10⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-34233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34233.exe
11⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
12⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
12⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
11⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
10⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
11⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
12⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
11⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
10⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 220
8⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
7⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
10⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
11⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 236
11⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
8⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
7⤵
- Program crash
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
7⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
8⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
9⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
10⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 236
10⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 236
9⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
8⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
7⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
6⤵
- Program crash
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
5⤵
- Program crash
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
10⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
11⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
12⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
11⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
9⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
8⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
7⤵
- Program crash
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
7⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
8⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
9⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
10⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
10⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
9⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
8⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 216
7⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
6⤵
- Program crash
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
6⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
7⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
8⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
9⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
10⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
11⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 236
11⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 236
10⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
8⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
7⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
6⤵
- Program crash
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
5⤵
- Program crash
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
4⤵
- Program crash
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
8⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
11⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
12⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
13⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
13⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
12⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
11⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
9⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 216
8⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
7⤵
- Program crash
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
7⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
10⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
11⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
11⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
10⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
8⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
7⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
6⤵
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
7⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
11⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
12⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
12⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
11⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
9⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
8⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
7⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
6⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
8⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
9⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
10⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
11⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 236
11⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
10⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 236
9⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
8⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
7⤵
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
6⤵
- Program crash
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
5⤵
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
8⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-37076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37076.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
10⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
11⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
12⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 216
12⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 236
11⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
10⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
9⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
8⤵
- Program crash
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
7⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
11⤵
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-1675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1675.exe
12⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 216
12⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
11⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
10⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
9⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
8⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
7⤵
- Program crash
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
6⤵
- Executes dropped EXE
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
6⤵
- Program crash
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-5246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5246.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
6⤵
- Executes dropped EXE
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
7⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
8⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
10⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 236
11⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
9⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
8⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
7⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
6⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 240
5⤵
- Program crash
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-12045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12045.exe
7⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
11⤵
PID:7808

C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
12⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 220
12⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 236
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
10⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 236
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
8⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-63523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63523.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
10⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
11⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
11⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
9⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
8⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
7⤵
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
6⤵
- Program crash
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
6⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
7⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
8⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
9⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
11⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
11⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
10⤵
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
8⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 216
7⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
6⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
5⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:528

C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
6⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
7⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
9⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
10⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
11⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
11⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
10⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
8⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
7⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 236
6⤵
- Program crash
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
5⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
6⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe
7⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-31730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31730.exe
8⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
9⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
9⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
8⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
7⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
6⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
5⤵
- Program crash
PID:748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
4⤵
- Program crash
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
2⤵
- Program crash
PID:2576

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
Filesize
184KB

MD5
fbfd2c7b02213452f007a43c29a735c7

SHA1
ff81c59d509d068a90b81f9959f644216a03a474

SHA256
11197f0c57c5d4d98f818bda9bdf7a34e5d8aa7742655245e7d7679ef2949ba8

SHA512
3da5bc31069cd03ad7abfff55a28ea7daa32417c762d12437ef8df0de788930d2dfac675d30aa9007752256998a0f5ecf2ebdee439e74df6a00222640a1fdb95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
Filesize
184KB

MD5
948116862da3fafe2d22c7fc243ced21

SHA1
76e0bb902389b4a6ab76b050fa5d4e371e769e6a

SHA256
2c06d853f0e084a158ef0aea591863037b2f7b631a0b7feb1e6fac549b3b5b56

SHA512
e3cd9f217f2458a417c1b675566449280403af81cd9830ba4403a30f47f3f2698ab5b7e53d116f1d47dbb681e103341bf088d444179f20f7f9b53130588f2e85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51891.exe
Filesize
184KB

MD5
837a76d8c5d8c2d2a5f7cfe4cb1f4bfb

SHA1
f26e3a54ade490d9bfef5ebb3db4bbed31d62c97

SHA256
3ff6d323656c9a00eae5fc3698ff879ee47bc24c50cbb88b7810c2377d4b5300

SHA512
5c485ff08169e86905d28b74d6d2f72e0ed20473a035947d63baef1aef833237718622e0c5700c114e74d6a8163a38abbc3204ccf76592cebdb8bf3d441e2ddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
Filesize
184KB

MD5
f0c2f8229a656fabc78dc62f3f76d3fc

SHA1
6d547196659fac44f9674413f09be08144b4a4a8

SHA256
a73b60e4aab20b75cba05e5311821e7ceb008112387727716195b8ff3bf6a1c7

SHA512
47f49aaa068bde3f49995af9d986844599dcf7574d4dd26188ed34698fbea8cdc405f976d68acd9d2204c40191328add8dde3b480b1ee191db99406f3b70b990

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60105.exe
Filesize
184KB

MD5
0473a6f906e4792e765df137d0622ac9

SHA1
c062f05f9263719088be3c4d1cf6cb6e3609a03c

SHA256
88319d6bc04209878c89f38356d0abfaafabeda036001501b9a193c9359891dc

SHA512
1b769219607c9d8c439275e7d702bfdea60d624d883b493c6752133e4d9e9a29431b2d07677db65ea7be16557aad1f9586301a6150431d8bb48c5e021fcf4fb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
Filesize
184KB

MD5
a8697c512b7186e30cbc9342f98e86bc

SHA1
fd5b162f79b21aa57b3e22fe6b69550a778ba75f

SHA256
04c1acd55e7b7cb13554fbd866a559711a0d6d8bb7fce03eba72c8312e054cc2

SHA512
340f5e3bd2fb7132f3367b47380feb0bdc372df4d5dd3cd9875a5f494089044e77f46b33840fe52b7969f557108c8bf6a9fdbc0abbf10d59d8f6a93224e318a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
Filesize
184KB

MD5
7ab75981744f42773b087cf12a22455b

SHA1
7ba5e7d122a111cad18c1e518de7deb239cb74a0

SHA256
2339a59beb75477b5309e6dc8dd36fa7db23760dddb7c6def7cddfdc99b97c04

SHA512
551f7d100d977c71f8f10c74074d209d4b076ca4b185e0cc065c6b44d86370797ad5b8528b59f7f2f7411e1ebb38cb7458ba923ab816808e539d21d8dfbf76d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
Filesize
184KB

MD5
2a63bc5dc880991f7e4daa429b437512

SHA1
4cb829b41bc42d748a72d91cff11851689e77b8e

SHA256
13ca069278e4126d21a77fadccabe029573441415840cb453e0d8c35e2ee0357

SHA512
c7d1148deb410d5e6846149de1955ee3a52544d928b2f1ad3bdcaa8f87ed1855b74f04d8979bd6dc6331855070385488089894280f7e155178e902622f6449ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
Filesize
184KB

MD5
6911cc3ccb28633b195bb53584cf525d

SHA1
5cda47dfc1c32bd02098552eb58c78c0d8732e29

SHA256
15abb07021e5ffc2e948092c9b4dd0a96aaa29843855f5204d823eefa7604f73

SHA512
05e78b09ff1cfb437796b15855eed0ebbe27d5a9d830ffb140bdb157aa889ce0e61b2f16917b02768853f6dd38f5595ec342e7154de3fe6675a86a60da439ef3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
Filesize
184KB

MD5
e9f17ce057e1872f064c6077569ae3cc

SHA1
df9e30533f24aa7f47f6275f0cab4edd5b5d478c

SHA256
69d70cead9f260d2b57fecdb5cd6f6469b4b41991c708f02a3e23c4a2349faa1

SHA512
d1a3ef69055e6d4632b0ccda19f1e32e595544b90fe99a099fe03b74a9c5a2392f45be22d347a05f71c1054f3ca7cac0ef7a150c52a364c52cdd93584dfc6593

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
Filesize
184KB

MD5
984404882905b483991c4e3bc268c132

SHA1
d3872b9f88e7094c07abf6fc868ebc773d72ddd4

SHA256
3a4f89ccc39b0aca66173c2d296bf772933fdd4f426922c0df74f4cac78cfe9e

SHA512
f0ba8f877ae722131758b5c39096d77389356ca78bcedb75f753fc6d1cfd47949a88aa89bb56e9677727c628cb39c4e3fdac4c71f53df653bc9ae552edd04b02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
Filesize
184KB

MD5
66638289451ae9744d85a986a84a95ae

SHA1
62791f993059342d5e726f60b7159312e13abb96

SHA256
cc80d0e26a0173cbfced98a9482eeddf613156715e90f0ce4fe9948ed059752d

SHA512
d58cf3284b5f07275bd8ba6c5149c5de24cd17102d0faba256edee5e2295911fb20f1e5333db850101ec7b4fc04a4524bfc5eefc0e548f5684a251095755d53d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
Filesize
184KB

MD5
6fe4297fb2d1ae93d43fccc71b4e3a30

SHA1
c154b748e1b10f06d14e973d7879129359ce8e70

SHA256
b31ae5398437c83289dc7166018c93050cb266ecf604ac309c9bd75639781a0e

SHA512
5f252a98313e42f3e99a03c7b66ddebe0bb85337ac09efae9320402f4addc44fccd77a9a236b8487c997211625b6e039ae91eb2f9cd7ef65af9ccf1e852a180f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
Filesize
184KB

MD5
dac951648236b45fa0d756693b9afb59

SHA1
57a5fece287d4dea9084835c6428476fd5f40102

SHA256
f9331fb971541ea8c59c491df40b2e094f2a2034312dd670d4878de5e57e6791

SHA512
0533d9a90a6c015f7a2c1df70fdf3c6284a53fd4bbf083b6c6e13b6cddcf6858540d5146b827ce93bccda0f4fb25ee1909aa0223a9ef7f0883e2cc9cefe14c3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
Filesize
184KB

MD5
5d9f0ae013b91b7f757906ebbd3a1f80

SHA1
5b25854b35e4e04b7d759486c4d1a5b18afb839a

SHA256
4db64b91323f8012ff8498549b7c057219d1740b1288e81507f552901edc4eda

SHA512
97892a09a71b81bf242100ea0e06a880d98035de556665895ae399df9f00cc5e25d866b3768511d649346773529c5fb4ff511181f44d6c8984650ebca4aa5b54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
Filesize
184KB

MD5
8154857196cc59bdece9dec769d6be04

SHA1
18f35a5142d3410d226c8bc0f9b3b5f803408a4b

SHA256
1466cbed32afb59b8ac023a8407463ca701ac2bb4167881f63f114cafe9ca96f

SHA512
cbf350b12626b7d1ad01dc6511c9e8be7cbf1100bc36753fe70cae4d4e75defa7c5900c3c256a363f275f63acb0a7440c9ef3043eeb199bd8d8ed85517d06053

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
Filesize
184KB

MD5
59a52cc9207803f4188816d8ba95f6bc

SHA1
f5285583c9e173561be04f5b14fe4135310ba480

SHA256
7feaaf08bdb73e12981f4f1c46e0e63cb42adcabf12389507473f861e44873f6

SHA512
f17a560bf9c1fce98bdf4112eb3c858743d190cd0c7ce7ea81812e2765694f1675d2d91ea68eb3ce5ccff4290865d363cda974624f7417826c53177430ea4383

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
Filesize
184KB

MD5
a348a6c26ac299e9941e558c4807adaa

SHA1
b95f5115b3be0544d4d17b9eb3b909eea8b88d28

SHA256
eed03f4ac49654156f3ecd46aff922d236bd4d88b87d081c0723c7a06e52aa04

SHA512
c8c379ca6f327f5807d1a04e39d476dfc671021b7b8411de8eb51c27ec1bb3d4c2d1ba9a6083ae85b3b24a427b1a469a6d2236189cf6ed8486de77bfe57890b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
Filesize
184KB

MD5
becd55f4941ce204bcbb68d71a34bd0e

SHA1
d76cc3680b898f4ff850da1fdb0069fd90098a94

SHA256
5e5a2e53d7308af16642e4125f3d4dd946a28f83c88b9adc56ee69402edf3b40

SHA512
0238c11513ee7223425029f7b3c1c7a6a85de3fc4d873cacc322dbb7e73f5f1e1e2a38adabe5255979f88afb78df07e68ebe506338fa1c7f43214459359caae4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads