b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe
Size

184KB
MD5

808d3ec94feca4ad652f3dc21f5a89e8
SHA1

933c494d7baf77397968decee8fd103c241f9a07
SHA256

b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5
SHA512

551c07462ebb54b9e9f51fb95f89fc191acb4e540d0a9b0a2bad6569cfb358e61e129c893ea9035fc0c9ce00fd507069b86368d76dfd107e178177a0105f98b3
SSDEEP

1536:RBSd6WBlvaJkogx1IyOAeawhG29yvZc8EmddOwLR2izPtKhlohj5nix/n:zzuaJkoYSyO2gG4WezwLRFFKhl2Vix/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-34961.exeUnicorn-20827.exeUnicorn-25234.exeUnicorn-46464.exeUnicorn-29251.exeUnicorn-59655.exeUnicorn-15120.exeUnicorn-45525.exeUnicorn-65390.exeUnicorn-59038.exeUnicorn-32718.exeUnicorn-54428.exeUnicorn-27314.exeUnicorn-42773.exeUnicorn-45980.exeUnicorn-39893.exeUnicorn-20027.exeUnicorn-52892.exeUnicorn-16474.exeUnicorn-27875.exeUnicorn-41065.exeUnicorn-12991.exeUnicorn-8777.exeUnicorn-46240.exeUnicorn-26566.exeUnicorn-16832.exeUnicorn-12425.exeUnicorn-32291.exeUnicorn-50737.exeUnicorn-50415.exeUnicorn-16145.exeUnicorn-15822.exeUnicorn-16721.exeUnicorn-4717.exeUnicorn-33367.exeUnicorn-49751.exeUnicorn-49751.exeUnicorn-3757.exeUnicorn-47675.exeUnicorn-17463.exeUnicorn-17140.exeUnicorn-17655.exeUnicorn-30653.exeUnicorn-15973.exeUnicorn-35839.exeUnicorn-22902.exeUnicorn-7774.exeUnicorn-7966.exeUnicorn-5698.exeUnicorn-58812.exeUnicorn-54406.exeUnicorn-8734.exeUnicorn-6466.exeUnicorn-23317.exeUnicorn-31122.exeUnicorn-11448.exeUnicorn-11220.exeUnicorn-9274.exeUnicorn-9144.exeUnicorn-9144.exeUnicorn-62066.exeUnicorn-55906.exeUnicorn-10042.exeUnicorn-29778.exe

pid	process
956	Unicorn-34961.exe
2384	Unicorn-20827.exe
2036	Unicorn-25234.exe
2816	Unicorn-46464.exe
2652	Unicorn-29251.exe
2080	Unicorn-59655.exe
1704	Unicorn-15120.exe
2720	Unicorn-45525.exe
2940	Unicorn-65390.exe
1948	Unicorn-59038.exe
2808	Unicorn-32718.exe
3020	Unicorn-54428.exe
2368	Unicorn-27314.exe
2132	Unicorn-42773.exe
392	Unicorn-45980.exe
600	Unicorn-39893.exe
356	Unicorn-20027.exe
1880	Unicorn-52892.exe
940	Unicorn-16474.exe
1788	Unicorn-27875.exe
352	Unicorn-41065.exe
1744	Unicorn-12991.exe
908	Unicorn-8777.exe
1700	Unicorn-46240.exe
2992	Unicorn-26566.exe
2404	Unicorn-16832.exe
1640	Unicorn-12425.exe
896	Unicorn-32291.exe
1724	Unicorn-50737.exe
1696	Unicorn-50415.exe
2768	Unicorn-16145.exe
1580	Unicorn-15822.exe
2492	Unicorn-16721.exe
2508	Unicorn-4717.exe
3060	Unicorn-33367.exe
1244	Unicorn-49751.exe
2676	Unicorn-49751.exe
2688	Unicorn-3757.exe
2732	Unicorn-47675.exe
1528	Unicorn-17463.exe
2828	Unicorn-17140.exe
2852	Unicorn-17655.exe
2568	Unicorn-30653.exe
2076	Unicorn-15973.exe
1988	Unicorn-35839.exe
2980	Unicorn-22902.exe
1144	Unicorn-7774.exe
1452	Unicorn-7966.exe
1568	Unicorn-5698.exe
1116	Unicorn-58812.exe
976	Unicorn-54406.exe
1128	Unicorn-8734.exe
892	Unicorn-6466.exe
2032	Unicorn-23317.exe
2088	Unicorn-31122.exe
936	Unicorn-11448.exe
1736	Unicorn-11220.exe
1080	Unicorn-9274.exe
2780	Unicorn-9144.exe
2548	Unicorn-9144.exe
2524	Unicorn-62066.exe
2480	Unicorn-55906.exe
2448	Unicorn-10042.exe
1428	Unicorn-29778.exe

Loads dropped DLL 64 IoCs

Processes:

b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exeUnicorn-34961.exeUnicorn-20827.exeUnicorn-25234.exeWerFault.exeUnicorn-46464.exeUnicorn-29251.exeUnicorn-59655.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-59038.exeUnicorn-45525.exeUnicorn-32718.exeUnicorn-15120.exeWerFault.exeWerFault.exe

pid	process
2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe
2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe
956	Unicorn-34961.exe
2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe
956	Unicorn-34961.exe
2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe
2384	Unicorn-20827.exe
2384	Unicorn-20827.exe
2036	Unicorn-25234.exe
956	Unicorn-34961.exe
2036	Unicorn-25234.exe
956	Unicorn-34961.exe
2572	WerFault.exe
2572	WerFault.exe
2572	WerFault.exe
2572	WerFault.exe
2572	WerFault.exe
2816	Unicorn-46464.exe
2816	Unicorn-46464.exe
2384	Unicorn-20827.exe
2384	Unicorn-20827.exe
2652	Unicorn-29251.exe
2652	Unicorn-29251.exe
2080	Unicorn-59655.exe
2080	Unicorn-59655.exe
2036	Unicorn-25234.exe
2036	Unicorn-25234.exe
2912	WerFault.exe
2912	WerFault.exe
2912	WerFault.exe
2912	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
2912	WerFault.exe
1944	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
2652	Unicorn-29251.exe
2652	Unicorn-29251.exe
864	WerFault.exe
1948	Unicorn-59038.exe
1948	Unicorn-59038.exe
2720	Unicorn-45525.exe
2720	Unicorn-45525.exe
2808	Unicorn-32718.exe
2808	Unicorn-32718.exe
1704	Unicorn-15120.exe
1704	Unicorn-15120.exe
2080	Unicorn-59655.exe
2080	Unicorn-59655.exe
2816	Unicorn-46464.exe
2816	Unicorn-46464.exe
696	WerFault.exe
696	WerFault.exe
696	WerFault.exe
696	WerFault.exe
696	WerFault.exe
1764	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2744	2264	WerFault.exe	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe
2572	956	WerFault.exe	Unicorn-34961.exe
2912	2384	WerFault.exe	Unicorn-20827.exe
1944	2036	WerFault.exe	Unicorn-25234.exe
864	2940	WerFault.exe	Unicorn-65390.exe
696	2816	WerFault.exe	Unicorn-46464.exe
1764	2652	WerFault.exe	Unicorn-29251.exe
1268	2080	WerFault.exe	Unicorn-59655.exe
2412	600	WerFault.exe	Unicorn-39893.exe
2180	1948	WerFault.exe	Unicorn-59038.exe
1672	2720	WerFault.exe	Unicorn-45525.exe
2924	2808	WerFault.exe	Unicorn-32718.exe
1932	1704	WerFault.exe	Unicorn-15120.exe
2668	896	WerFault.exe	Unicorn-32291.exe
1136	3020	WerFault.exe	Unicorn-54428.exe
1996	2368	WerFault.exe	Unicorn-27314.exe
584	2132	WerFault.exe	Unicorn-42773.exe
2004	392	WerFault.exe	Unicorn-45980.exe
108	1880	WerFault.exe	Unicorn-52892.exe
1868	356	WerFault.exe	Unicorn-20027.exe
2664	1528	WerFault.exe	Unicorn-17463.exe
2224	940	WerFault.exe	Unicorn-16474.exe
2312	1788	WerFault.exe	Unicorn-27875.exe
488	352	WerFault.exe	Unicorn-41065.exe
2188	1744	WerFault.exe	Unicorn-12991.exe
2976	1700	WerFault.exe	Unicorn-46240.exe
708	1640	WerFault.exe	Unicorn-12425.exe
2420	908	WerFault.exe	Unicorn-8777.exe
1524	2404	WerFault.exe	Unicorn-16832.exe
1572	2992	WerFault.exe	Unicorn-26566.exe
2172	1428	WerFault.exe	Unicorn-29778.exe
2820	2480	WerFault.exe	Unicorn-55906.exe
2804	1724	WerFault.exe	Unicorn-50737.exe
3032	1696	WerFault.exe	Unicorn-50415.exe
1612	2492	WerFault.exe	Unicorn-16721.exe
2752	2676	WerFault.exe	Unicorn-49751.exe
2736	2688	WerFault.exe	Unicorn-3757.exe
3076	1244	WerFault.exe	Unicorn-49751.exe
3184	2828	WerFault.exe	Unicorn-17140.exe
3224	2568	WerFault.exe	Unicorn-30653.exe
3268	1580	WerFault.exe	Unicorn-15822.exe
3360	2056	WerFault.exe	Unicorn-22319.exe
3372	3060	WerFault.exe	Unicorn-33367.exe
3404	2732	WerFault.exe	Unicorn-47675.exe
3452	2888	WerFault.exe	Unicorn-22319.exe
3444	2508	WerFault.exe	Unicorn-4717.exe
3496	2768	WerFault.exe	Unicorn-16145.exe
3520	2852	WerFault.exe	Unicorn-17655.exe
3540	2328	WerFault.exe	Unicorn-7051.exe
3884	2076	WerFault.exe	Unicorn-15973.exe
3348	2980	WerFault.exe	Unicorn-22902.exe
3592	2552	WerFault.exe	Unicorn-40.exe
3476	1144	WerFault.exe	Unicorn-7774.exe
3904	1128	WerFault.exe	Unicorn-8734.exe
3984	1452	WerFault.exe	Unicorn-7966.exe
3988	2088	WerFault.exe	Unicorn-31122.exe
4008	2448	WerFault.exe	Unicorn-10042.exe
4048	1116	WerFault.exe	Unicorn-58812.exe
3300	1080	WerFault.exe	Unicorn-9274.exe
3172	2524	WerFault.exe	Unicorn-62066.exe
3980	2608	WerFault.exe	Unicorn-47466.exe
4080	2836	WerFault.exe	Unicorn-42776.exe
3660	2780	WerFault.exe	Unicorn-9144.exe
4056	1860	WerFault.exe	Unicorn-62642.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exeUnicorn-34961.exeUnicorn-25234.exeUnicorn-20827.exeUnicorn-46464.exeUnicorn-29251.exeUnicorn-59655.exeUnicorn-65390.exeUnicorn-45525.exeUnicorn-59038.exeUnicorn-15120.exeUnicorn-32718.exeUnicorn-54428.exeUnicorn-27314.exeUnicorn-42773.exeUnicorn-45980.exeUnicorn-39893.exeUnicorn-52892.exeUnicorn-20027.exeUnicorn-16474.exeUnicorn-27875.exeUnicorn-41065.exeUnicorn-12991.exeUnicorn-8777.exeUnicorn-46240.exeUnicorn-26566.exeUnicorn-16832.exeUnicorn-12425.exeUnicorn-32291.exeUnicorn-50737.exeUnicorn-50415.exeUnicorn-16145.exeUnicorn-15822.exeUnicorn-16721.exeUnicorn-4717.exeUnicorn-33367.exeUnicorn-49751.exeUnicorn-49751.exeUnicorn-3757.exeUnicorn-47675.exeUnicorn-17463.exeUnicorn-17140.exeUnicorn-17655.exeUnicorn-30653.exeUnicorn-35839.exeUnicorn-15973.exeUnicorn-22902.exeUnicorn-7966.exeUnicorn-7774.exeUnicorn-5698.exeUnicorn-58812.exeUnicorn-8734.exeUnicorn-54406.exeUnicorn-6466.exeUnicorn-23317.exeUnicorn-11448.exeUnicorn-31122.exeUnicorn-9274.exeUnicorn-11220.exeUnicorn-9144.exeUnicorn-9144.exeUnicorn-62066.exeUnicorn-55906.exeUnicorn-10042.exe

pid	process
2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe
956	Unicorn-34961.exe
2036	Unicorn-25234.exe
2384	Unicorn-20827.exe
2816	Unicorn-46464.exe
2652	Unicorn-29251.exe
2080	Unicorn-59655.exe
2940	Unicorn-65390.exe
2720	Unicorn-45525.exe
1948	Unicorn-59038.exe
1704	Unicorn-15120.exe
2808	Unicorn-32718.exe
3020	Unicorn-54428.exe
2368	Unicorn-27314.exe
2132	Unicorn-42773.exe
392	Unicorn-45980.exe
600	Unicorn-39893.exe
1880	Unicorn-52892.exe
356	Unicorn-20027.exe
940	Unicorn-16474.exe
1788	Unicorn-27875.exe
352	Unicorn-41065.exe
1744	Unicorn-12991.exe
908	Unicorn-8777.exe
1700	Unicorn-46240.exe
2992	Unicorn-26566.exe
2404	Unicorn-16832.exe
1640	Unicorn-12425.exe
896	Unicorn-32291.exe
1724	Unicorn-50737.exe
1696	Unicorn-50415.exe
2768	Unicorn-16145.exe
1580	Unicorn-15822.exe
2492	Unicorn-16721.exe
2508	Unicorn-4717.exe
3060	Unicorn-33367.exe
1244	Unicorn-49751.exe
2676	Unicorn-49751.exe
2688	Unicorn-3757.exe
2732	Unicorn-47675.exe
1528	Unicorn-17463.exe
2828	Unicorn-17140.exe
2852	Unicorn-17655.exe
2568	Unicorn-30653.exe
1988	Unicorn-35839.exe
2076	Unicorn-15973.exe
2980	Unicorn-22902.exe
1452	Unicorn-7966.exe
1144	Unicorn-7774.exe
1568	Unicorn-5698.exe
1116	Unicorn-58812.exe
1128	Unicorn-8734.exe
976	Unicorn-54406.exe
892	Unicorn-6466.exe
2032	Unicorn-23317.exe
936	Unicorn-11448.exe
2088	Unicorn-31122.exe
1080	Unicorn-9274.exe
1736	Unicorn-11220.exe
2780	Unicorn-9144.exe
2548	Unicorn-9144.exe
2524	Unicorn-62066.exe
2480	Unicorn-55906.exe
2448	Unicorn-10042.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exeUnicorn-34961.exeUnicorn-20827.exeUnicorn-25234.exeUnicorn-46464.exeUnicorn-29251.exeUnicorn-59655.exeUnicorn-65390.exe

description	pid	process	target process
PID 2264 wrote to memory of 956	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	Unicorn-34961.exe
PID 2264 wrote to memory of 956	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	Unicorn-34961.exe
PID 2264 wrote to memory of 956	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	Unicorn-34961.exe
PID 2264 wrote to memory of 956	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	Unicorn-34961.exe
PID 2264 wrote to memory of 2384	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	Unicorn-20827.exe
PID 2264 wrote to memory of 2384	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	Unicorn-20827.exe
PID 2264 wrote to memory of 2384	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	Unicorn-20827.exe
PID 2264 wrote to memory of 2384	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	Unicorn-20827.exe
PID 956 wrote to memory of 2036	956	Unicorn-34961.exe	Unicorn-25234.exe
PID 956 wrote to memory of 2036	956	Unicorn-34961.exe	Unicorn-25234.exe
PID 956 wrote to memory of 2036	956	Unicorn-34961.exe	Unicorn-25234.exe
PID 956 wrote to memory of 2036	956	Unicorn-34961.exe	Unicorn-25234.exe
PID 2264 wrote to memory of 2744	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	WerFault.exe
PID 2264 wrote to memory of 2744	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	WerFault.exe
PID 2264 wrote to memory of 2744	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	WerFault.exe
PID 2264 wrote to memory of 2744	2264	b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe	WerFault.exe
PID 2384 wrote to memory of 2816	2384	Unicorn-20827.exe	Unicorn-46464.exe
PID 2384 wrote to memory of 2816	2384	Unicorn-20827.exe	Unicorn-46464.exe
PID 2384 wrote to memory of 2816	2384	Unicorn-20827.exe	Unicorn-46464.exe
PID 2384 wrote to memory of 2816	2384	Unicorn-20827.exe	Unicorn-46464.exe
PID 2036 wrote to memory of 2652	2036	Unicorn-25234.exe	Unicorn-29251.exe
PID 2036 wrote to memory of 2652	2036	Unicorn-25234.exe	Unicorn-29251.exe
PID 2036 wrote to memory of 2652	2036	Unicorn-25234.exe	Unicorn-29251.exe
PID 2036 wrote to memory of 2652	2036	Unicorn-25234.exe	Unicorn-29251.exe
PID 956 wrote to memory of 2080	956	Unicorn-34961.exe	Unicorn-59655.exe
PID 956 wrote to memory of 2080	956	Unicorn-34961.exe	Unicorn-59655.exe
PID 956 wrote to memory of 2080	956	Unicorn-34961.exe	Unicorn-59655.exe
PID 956 wrote to memory of 2080	956	Unicorn-34961.exe	Unicorn-59655.exe
PID 956 wrote to memory of 2572	956	Unicorn-34961.exe	WerFault.exe
PID 956 wrote to memory of 2572	956	Unicorn-34961.exe	WerFault.exe
PID 956 wrote to memory of 2572	956	Unicorn-34961.exe	WerFault.exe
PID 956 wrote to memory of 2572	956	Unicorn-34961.exe	WerFault.exe
PID 2816 wrote to memory of 1704	2816	Unicorn-46464.exe	Unicorn-15120.exe
PID 2816 wrote to memory of 1704	2816	Unicorn-46464.exe	Unicorn-15120.exe
PID 2816 wrote to memory of 1704	2816	Unicorn-46464.exe	Unicorn-15120.exe
PID 2816 wrote to memory of 1704	2816	Unicorn-46464.exe	Unicorn-15120.exe
PID 2384 wrote to memory of 2720	2384	Unicorn-20827.exe	Unicorn-45525.exe
PID 2384 wrote to memory of 2720	2384	Unicorn-20827.exe	Unicorn-45525.exe
PID 2384 wrote to memory of 2720	2384	Unicorn-20827.exe	Unicorn-45525.exe
PID 2384 wrote to memory of 2720	2384	Unicorn-20827.exe	Unicorn-45525.exe
PID 2652 wrote to memory of 2940	2652	Unicorn-29251.exe	Unicorn-65390.exe
PID 2652 wrote to memory of 2940	2652	Unicorn-29251.exe	Unicorn-65390.exe
PID 2652 wrote to memory of 2940	2652	Unicorn-29251.exe	Unicorn-65390.exe
PID 2652 wrote to memory of 2940	2652	Unicorn-29251.exe	Unicorn-65390.exe
PID 2080 wrote to memory of 2808	2080	Unicorn-59655.exe	Unicorn-32718.exe
PID 2080 wrote to memory of 2808	2080	Unicorn-59655.exe	Unicorn-32718.exe
PID 2080 wrote to memory of 2808	2080	Unicorn-59655.exe	Unicorn-32718.exe
PID 2080 wrote to memory of 2808	2080	Unicorn-59655.exe	Unicorn-32718.exe
PID 2036 wrote to memory of 1948	2036	Unicorn-25234.exe	Unicorn-59038.exe
PID 2036 wrote to memory of 1948	2036	Unicorn-25234.exe	Unicorn-59038.exe
PID 2036 wrote to memory of 1948	2036	Unicorn-25234.exe	Unicorn-59038.exe
PID 2036 wrote to memory of 1948	2036	Unicorn-25234.exe	Unicorn-59038.exe
PID 2384 wrote to memory of 2912	2384	Unicorn-20827.exe	WerFault.exe
PID 2384 wrote to memory of 2912	2384	Unicorn-20827.exe	WerFault.exe
PID 2384 wrote to memory of 2912	2384	Unicorn-20827.exe	WerFault.exe
PID 2384 wrote to memory of 2912	2384	Unicorn-20827.exe	WerFault.exe
PID 2036 wrote to memory of 1944	2036	Unicorn-25234.exe	WerFault.exe
PID 2036 wrote to memory of 1944	2036	Unicorn-25234.exe	WerFault.exe
PID 2036 wrote to memory of 1944	2036	Unicorn-25234.exe	WerFault.exe
PID 2036 wrote to memory of 1944	2036	Unicorn-25234.exe	WerFault.exe
PID 2940 wrote to memory of 864	2940	Unicorn-65390.exe	WerFault.exe
PID 2940 wrote to memory of 864	2940	Unicorn-65390.exe	WerFault.exe
PID 2940 wrote to memory of 864	2940	Unicorn-65390.exe	WerFault.exe
PID 2940 wrote to memory of 864	2940	Unicorn-65390.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe
"C:\Users\Admin\AppData\Local\Temp\b63ca3c7f1ddb900c9ae65c0e3a5c44a6edcd017b88947dd14c9c3225bf217e5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-65390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65390.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
6⤵
- Loads dropped DLL
- Program crash
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-50737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50737.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
9⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
10⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-51707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51707.exe
11⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
12⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
13⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
14⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
15⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
16⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
15⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
14⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 236
13⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
12⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 216
11⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
10⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
11⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
12⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-37542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37542.exe
13⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 244
14⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 236
13⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
12⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
11⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
10⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
9⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
10⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
11⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
12⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
13⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
14⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
15⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 236
14⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
13⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
12⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
11⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
10⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
8⤵
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
9⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe
10⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
11⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
12⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
13⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
14⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 220
15⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
14⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 236
13⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 236
12⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
11⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
10⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
11⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
12⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
13⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
14⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
13⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
12⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
11⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
10⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
9⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
8⤵
- Program crash
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-15973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15973.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
8⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
9⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
10⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
11⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 224
12⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
11⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 216
10⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
9⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
10⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 220
11⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
10⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
9⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
8⤵
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
11⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 220
12⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
11⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
10⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
9⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
8⤵
- Program crash
PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
7⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
8⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
10⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe
11⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
12⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 224
13⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 236
12⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
11⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
10⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
9⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-12277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12277.exe
11⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
12⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
13⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 236
12⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 236
11⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
9⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
10⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
11⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
12⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-24269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24269.exe
13⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
14⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 236
13⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
12⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 236
11⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
10⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
9⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
8⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-47466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47466.exe
7⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-19761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19761.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
10⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
11⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
12⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
13⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
12⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
11⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
9⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
8⤵
- Program crash
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
7⤵
- Program crash
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
6⤵
- Program crash
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
9⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
10⤵
PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 220
11⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
10⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
9⤵
- Program crash
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
8⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
10⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
11⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
12⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
13⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 220
14⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
13⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 236
12⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
10⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
9⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
8⤵
- Program crash
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
8⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
9⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
10⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
11⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
12⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
13⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
14⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
14⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
13⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
12⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
11⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
10⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-40258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40258.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
9⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-54655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54655.exe
10⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
11⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-7053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7053.exe
12⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 224
13⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
12⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
11⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
10⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
9⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
8⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
7⤵
- Program crash
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-7774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7774.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
8⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
10⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 244
11⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
9⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
8⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
7⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
8⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
10⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
11⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
12⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
13⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
13⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 236
12⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
11⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
10⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
9⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
8⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
8⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
11⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
12⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
13⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
14⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 236
13⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
12⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
10⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 216
9⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
8⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
7⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
11⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
12⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
13⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 236
13⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
12⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 236
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
9⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
8⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
7⤵
- Program crash
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
7⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
8⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-39557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39557.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
10⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
11⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
12⤵
PID:10100

C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
13⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
13⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
12⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
9⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
8⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
7⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
8⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-8443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8443.exe
9⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
10⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-21055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21055.exe
11⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
12⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
12⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
11⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
10⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
9⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
8⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
7⤵
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
6⤵
- Program crash
PID:488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
5⤵
- Program crash
PID:2180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
9⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
10⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
11⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
12⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
13⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
14⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
15⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 216
14⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
13⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 236
12⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 216
11⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
10⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 216
9⤵
- Program crash
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-18672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18672.exe
11⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
12⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 224
13⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
12⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
11⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
9⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 220
8⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-9144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9144.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
8⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
10⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-34515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34515.exe
11⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
12⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
13⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
14⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
14⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
13⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
12⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
11⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
8⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 244
9⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
8⤵
- Program crash
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
7⤵
- Program crash
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
9⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
11⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
12⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-55509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55509.exe
13⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
14⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
13⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
12⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 236
11⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
10⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
9⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
8⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
7⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
10⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
11⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
12⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
13⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
12⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
11⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
10⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 216
8⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
7⤵
- Program crash
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 240
6⤵
- Program crash
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
7⤵
- Executes dropped EXE
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
8⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
7⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
10⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
11⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
12⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
13⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 236
12⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 236
11⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
9⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
8⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
7⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
6⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
7⤵
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
8⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
7⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
9⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
10⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 240
11⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
10⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
9⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
8⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
7⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 220
6⤵
- Program crash
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
5⤵
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 244
6⤵
- Program crash
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-30653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30653.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
6⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
7⤵
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
10⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
11⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
12⤵
PID:9624

C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
13⤵
PID:11344

C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
14⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
13⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 216
12⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
11⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 236
8⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
7⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
9⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
10⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
11⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 220
12⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
11⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
10⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 236
9⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
8⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
7⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
6⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
7⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
8⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
9⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 224
10⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
9⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
8⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 236
7⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
6⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
5⤵
- Program crash
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
4⤵
- Program crash
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-15120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15120.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
6⤵
- Program crash
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-31122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31122.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
8⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
10⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
11⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
12⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
13⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10280 -s 224
14⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 236
13⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
12⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
11⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
9⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
8⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
7⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
10⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
11⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
12⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
13⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 236
13⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 236
12⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
11⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
10⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
9⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
8⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
7⤵
- Program crash
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe
7⤵
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 200
8⤵
- Program crash
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
7⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
6⤵
- Program crash
PID:708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
5⤵
- Program crash
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-17463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17463.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
7⤵
- Program crash
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
7⤵
- Program crash
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
6⤵
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
7⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
9⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-17904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17904.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
11⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
12⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
13⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 220
13⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
12⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
10⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
9⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
8⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
7⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27720.exe
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-2742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2742.exe
9⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-12319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12319.exe
10⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
11⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
12⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 236
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 236
10⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 236
9⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
8⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
7⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
6⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
7⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
8⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
10⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
11⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
12⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
11⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 236
9⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
7⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 220
6⤵
- Program crash
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 220
5⤵
- Program crash
PID:108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
8⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-3372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3372.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
10⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
11⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
12⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
13⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
14⤵
PID:11528

C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
15⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 216
14⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
13⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 236
12⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
11⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
10⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
11⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
12⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
13⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
13⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
12⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 236
11⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
10⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
9⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 240
8⤵
- Program crash
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
7⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
9⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
10⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-36893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36893.exe
11⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
12⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
13⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 236
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 236
11⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
10⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
8⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
7⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
7⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
9⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 244
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
7⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-22832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22832.exe
8⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
9⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
10⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
11⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
12⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 236
11⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
10⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
9⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
8⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
7⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
6⤵
- Program crash
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
7⤵
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
8⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
7⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
8⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
9⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
10⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
11⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
12⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
11⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
10⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
9⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
8⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
7⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
6⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
7⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
9⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
11⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-33697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33697.exe
12⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
11⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
10⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 236
9⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
8⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
7⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
6⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
5⤵
- Program crash
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-11220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11220.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe
7⤵
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 200
8⤵
- Program crash
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 216
7⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-20242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20242.exe
6⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
7⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
8⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
9⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
10⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
11⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
12⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
12⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
10⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 236
9⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
8⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
7⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
6⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-9144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9144.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
6⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
7⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
8⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
9⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
10⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
11⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 236
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
10⤵
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
9⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
8⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
7⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-42204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42204.exe
6⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-22391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22391.exe
7⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
8⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-11943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11943.exe
9⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
10⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
11⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
11⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
10⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
9⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
8⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
7⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
6⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
5⤵
- Program crash
PID:2420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
4⤵
- Program crash
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
2⤵
- Program crash
PID:2744

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15120.exe
Filesize
184KB

MD5
ffb486586d30c779fad1b801e0d85e98

SHA1
6938af2c7b095299fbf89dde381660a67ed03399

SHA256
acb75308262acf4c5601953426b8b207992dee33bac41c35b92e3b6177d01285

SHA512
f0dd2c0eae894281c880d3af003c46a7e80f7c28bbe6ddc805da1f2ee9e55f9ee0590445615232bdeff35228a429b32a87060106930ea9d43a204cf5a1338d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
Filesize
184KB

MD5
35efedaab1d52eb72160a7f1715190c2

SHA1
f8cf11f0f54c8ced95638e63501c109de2a0bcb1

SHA256
0c128bbe60e520ff4f520239d06ed2ac9d474fc6466c69a62f07bed20bcb0de1

SHA512
8fa784e5b3aaa7c3df8dc0b5fb156c22602ef4dbcafa9287f98da43daf5b203091dd0a731d35422be04e74ca60f83fefd60a6a97ae99467d7323e846d3e61cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
Filesize
184KB

MD5
363b46955f39d6307674e08c69e321f4

SHA1
c0c2e30a39269e1a5dfd5322bfb7fbb1f752a5d5

SHA256
165db6f6073b6b25c73e000b8d24f0a2395c6ed87b97f5bad5716fd52170cb07

SHA512
e0705f59e7e09af35696978d263a071ecb9230db18ccf7c5ed3c294b5875741a0df07d1290280804c539e18ec32e8113bdcd0a31379007bac724c38120c5f917

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
Filesize
184KB

MD5
8be24c66ae67959fc6f93094caad7d02

SHA1
4d064760570473c1a97ed8850ac8dced531b7927

SHA256
3becd2efdab946e4b72edefe5f651103ef9d9eeab3ff1b160405726846a35840

SHA512
fae30c864b8ca2fb31ea83307a4ac39e91b0b2324b46e883cfcc9bad575b38e81b187a8031116723c1cc1bcc44ecf6cb0b32e869a6cb5f69f63e29e5363bee2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
Filesize
184KB

MD5
f960aa4b1e229367796f70be2db20f13

SHA1
a578c4e3350185ff0908749812888e90dcdb5b28

SHA256
9ca1ae7b86e25bdaa4a0b04ca534261f81b7fe6244a07371346a0ee527fb4892

SHA512
9e3ec412f9a6821e02a36576b816ea739d45915c19cf2ee79c9edd1557957cc8cd72a94bb2aa60e224e917a5ca22415a514f78e261f5d451e4fb4bfe4a3045ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
Filesize
184KB

MD5
abdfaa7910039a96d8dbbfc471ba0d9c

SHA1
45989d3b1dea185d372af3f48d26ed68902db915

SHA256
9254703a50712fc135db4f351e1638b413fea6abe5f9b1f1c663620bd169204a

SHA512
f464d8c047e2c487a1be00ced0b619d15fa90deb21e242e0d4dc235b201caf080ef29c5246312c8c2fd50160e47da7176b1c7e77ae7443ef7f8ce3e0134d707f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40258.exe
Filesize
184KB

MD5
2d9ab999ec37d7152e26b3f0873e60a8

SHA1
db2b5a1221b3f76a58d419ed3d04aedcf758065e

SHA256
9a374e54c33c45c0e5fc9ccd673ef6616109a3357432dd4e70e509c9a63de085

SHA512
4a8fe1a407bd0015140b9d1ed344213d287d170c06e16e5c3c8f855f06707c47eda57146203e257943e5cd98200423d2e9d5d3c4a41c08344f26a79d7172d06d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
Filesize
184KB

MD5
9c181b2d565e9a608f507101ba1b5d03

SHA1
1a51b58e8e24fea60cbd827aaf6f49c06f7ea76d

SHA256
9cc1483c62351bcc5bcab7860e81526fafba354d0678f7da9d5e5a39e0f6f4e9

SHA512
0c71757ecba687c5c3c08a761811e7144e93e1bce636624a71d8f100b97407dc9b7989632dabb2d8ac14403a1e020f2af9bbc57dae8eea230cf3a2472d3ab4e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55509.exe
Filesize
184KB

MD5
09c22bce7050845353de912e6bab40fc

SHA1
8f903c006b077862733465df6925854a454b33bf

SHA256
8474c12a41aba7d75a63779f3ad93ba08284a6ff0953d90032388f33bc01c7d6

SHA512
c6c950bfc325b8240af0e9de6b6c52a19673ee6a70dfbe1e62f76c845076265d69586292297158e03c5629f32bf606447eabb4f0a3c0fb89f2f27f32a5b7c491

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
Filesize
184KB

MD5
223f75dbb8f34c9693a6fef01364b6c7

SHA1
55b4c09c102710920967d7f635f3299285c8ac1f

SHA256
1017204e4ffacbf624fd8990610f83eb76b2dc3dba39b1d5614d9ca518c43381

SHA512
4411270df9fe01edf92fa34664a1f5e31a1a6e0ea2aaa11d0f8bdb4d2123e011f033323cb003fbe559754a4c841c0b7e6a5c96b0a360ea3cedc895b557dba83a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
Filesize
184KB

MD5
ff846fea1e2c7ed181490bf2556511e9

SHA1
75fd24cfcb7d7e3a91e59862465cca9d70b53b14

SHA256
01255191459826042adf3924564be640b63b1f91ab7ad19ad7a1df49a9e05cde

SHA512
6b756706c813c85aa0fefbc4c6ad21ef9e6faf9e6428050e7d67fafc7ab0d8b3ad475fb7b41c5f8a61ce3797bc6b9f9f201ffd295768eb18e6436e3156485227

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
Filesize
184KB

MD5
1588c777091c5d0b1f6c546efbbd161a

SHA1
bc2026c802197cd216f77df19b5bf47108081742

SHA256
108dca3944b29e1ac4749d5894d627f0770358550112a42d0f2839eaf3e5310b

SHA512
dad2b1dbfa691a9ba79c1eaf5fc0290c1c9a957500b3a86a4fbd8eb63b59f743fc23b2e1f248dd5551dcef7584f7da46c57ecdce818e4dc97e867bb8ab748414

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
Filesize
184KB

MD5
13bf6ca969d110e2d180963f3fe448ab

SHA1
434a9cb63efa1a9ff398861aecf17918c31231b9

SHA256
ef9fa67e27c174436e5db23b10f2605ee402f7682106c97179fde55dfa8d5fc2

SHA512
77ea4a971b1b267fcdf04eac6599d68c4fec6e5139000bfcafb3d4d7506671fbbd67165b3755998dcb2a544b0c8e4bbc219611e235100b66dd7de41ff4ec4aaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
Filesize
184KB

MD5
70f07c6505fbbf2c19ada17a1d6e81cc

SHA1
5d534f7a8b9f50871532fd90a6e798b57f32fe2a

SHA256
38da8870c73de8abc916543f9a41745ac77cf54a5814b1ef4d4d2f0187407da3

SHA512
1e3564109ed4fb7ab87045b237da272f7c35dee81e852f7a003eb9e8fbc578cc499b7116be99e1c384de1d839f2c1ceb1d79ae906e4b4dff2de8580216284055

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
Filesize
184KB

MD5
2c08e071d16e448ae9818985821b4de7

SHA1
9efc8ecb16ee8d4d24060707eb6183432920fb60

SHA256
4c6b8791b997f4ddecf365397cd494777087b5c20b49808d6948e44c6f0ed506

SHA512
8245654f7a4694c9686f44ee42be4bc9af61808b67ad959b8236d77e4b6d4ca35d70b1cf1f8572336a9fbc78f140b27a1755aca8212ecc5e8004e8cc69ccd699

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
Filesize
184KB

MD5
b46f7f7414af04ba57c2600e7a56ca64

SHA1
2ada356b458bc98e86b329f56f1ecca3809dc54d

SHA256
9015a11c328a9e4973c071bb0c01130ae3af3ad88bbbede0dfe6ff3a67ce6284

SHA512
f54895222ddeae236f5e1d8e620a888d72b6eace661df12b1d40439ca20b33e50319f51da416823c2c90b0b4421efe105281c582ad0993a08e474c739fe0b90f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65390.exe
Filesize
184KB

MD5
eb74b84874f3c37f759a063d4324d46a

SHA1
f86bfe61958c1de323f4d30afb361da8a057d873

SHA256
d0c9309e7d92eae33fcb052fa0a4927c5b689ce31d70d3bbeb883874cb8bd6aa

SHA512
c96817d6f48f90f966d8ee8e9e01223ecc1dde66fd029b7091a6d35fffd46d17619dbc66c6136d41f2b3a220fb283ccf0258a43decc318b1aa0ab94906926a9f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads