b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe
Size

184KB
MD5

e650ea1928902f8160691502e805dd11
SHA1

affd4ad58f08ec5bba98df71a95e8f7f568dd8e4
SHA256

b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71
SHA512

2ee1d9c5b454cdf84327015c9e21914b0605e63b78a4dfc8e4ab540af9e7c5cb6d862fb733874e249e58608267236edea4bb096634c865a9e8d416815c62b413
SSDEEP

3072:AwV1CxoCY954jGQW4yrLZToshlnViFAn3:AwgoLKGQYLFoshlnViFA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-15430.exeUnicorn-8552.exeUnicorn-57488.exeUnicorn-42995.exeUnicorn-60592.exeUnicorn-25267.exeUnicorn-22023.exeUnicorn-13169.exeUnicorn-58841.exeUnicorn-52583.exeUnicorn-32909.exeUnicorn-27467.exeUnicorn-37777.exeUnicorn-9895.exeUnicorn-57643.exeUnicorn-23086.exeUnicorn-58603.exeUnicorn-47119.exeUnicorn-45303.exeUnicorn-39917.exeUnicorn-33887.exeUnicorn-48038.exeUnicorn-62314.exeUnicorn-6206.exeUnicorn-4130.exeUnicorn-6398.exeUnicorn-52070.exeUnicorn-57052.exeUnicorn-52646.exeUnicorn-1414.exeUnicorn-11035.exeUnicorn-11035.exeUnicorn-46168.exeUnicorn-31102.exeUnicorn-15415.exeUnicorn-11009.exeUnicorn-23003.exeUnicorn-26764.exeUnicorn-14341.exeUnicorn-46822.exeUnicorn-56251.exeUnicorn-27532.exeUnicorn-47590.exeUnicorn-56443.exeUnicorn-23963.exeUnicorn-60589.exeUnicorn-49287.exeUnicorn-55125.exeUnicorn-13869.exeUnicorn-11565.exeUnicorn-2323.exeUnicorn-15286.exeUnicorn-50289.exeUnicorn-30423.exeUnicorn-20392.exeUnicorn-42754.exeUnicorn-5675.exeUnicorn-25541.exeUnicorn-2017.exeUnicorn-15208.exeUnicorn-48229.exeUnicorn-28939.exeUnicorn-64264.exeUnicorn-52837.exe

pid	process
2760	Unicorn-15430.exe
2532	Unicorn-8552.exe
2676	Unicorn-57488.exe
2716	Unicorn-42995.exe
2424	Unicorn-60592.exe
2596	Unicorn-25267.exe
1552	Unicorn-22023.exe
932	Unicorn-13169.exe
1732	Unicorn-58841.exe
1680	Unicorn-52583.exe
1280	Unicorn-32909.exe
2644	Unicorn-27467.exe
2652	Unicorn-37777.exe
1316	Unicorn-9895.exe
3028	Unicorn-57643.exe
372	Unicorn-23086.exe
2796	Unicorn-58603.exe
3000	Unicorn-47119.exe
1100	Unicorn-45303.exe
968	Unicorn-39917.exe
1620	Unicorn-33887.exe
1852	Unicorn-48038.exe
1664	Unicorn-62314.exe
964	Unicorn-6206.exe
2328	Unicorn-4130.exe
2276	Unicorn-6398.exe
1136	Unicorn-52070.exe
2816	Unicorn-57052.exe
2880	Unicorn-52646.exe
2936	Unicorn-1414.exe
2552	Unicorn-11035.exe
2700	Unicorn-11035.exe
2556	Unicorn-46168.exe
2512	Unicorn-31102.exe
2456	Unicorn-15415.exe
2560	Unicorn-11009.exe
1192	Unicorn-23003.exe
572	Unicorn-26764.exe
1628	Unicorn-14341.exe
1568	Unicorn-46822.exe
2408	Unicorn-56251.exe
1036	Unicorn-27532.exe
292	Unicorn-47590.exe
2620	Unicorn-56443.exe
928	Unicorn-23963.exe
2412	Unicorn-60589.exe
2800	Unicorn-49287.exe
1976	Unicorn-55125.exe
1916	Unicorn-13869.exe
1636	Unicorn-11565.exe
2996	Unicorn-2323.exe
876	Unicorn-15286.exe
2312	Unicorn-50289.exe
1956	Unicorn-30423.exe
2156	Unicorn-20392.exe
2548	Unicorn-42754.exe
2052	Unicorn-5675.exe
2536	Unicorn-25541.exe
2756	Unicorn-2017.exe
2736	Unicorn-15208.exe
2640	Unicorn-48229.exe
2284	Unicorn-28939.exe
1080	Unicorn-64264.exe
2624	Unicorn-52837.exe

Loads dropped DLL 64 IoCs

Processes:

b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exeUnicorn-15430.exeUnicorn-8552.exeUnicorn-57488.exeWerFault.exeUnicorn-60592.exeUnicorn-25267.exeUnicorn-42995.exeWerFault.exeWerFault.exeUnicorn-13169.exeUnicorn-22023.exeUnicorn-58841.exeUnicorn-52583.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe
1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe
2760	Unicorn-15430.exe
2760	Unicorn-15430.exe
1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe
1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe
2532	Unicorn-8552.exe
2532	Unicorn-8552.exe
2760	Unicorn-15430.exe
2760	Unicorn-15430.exe
2676	Unicorn-57488.exe
2676	Unicorn-57488.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
2424	Unicorn-60592.exe
2424	Unicorn-60592.exe
2596	Unicorn-25267.exe
2596	Unicorn-25267.exe
2676	Unicorn-57488.exe
2676	Unicorn-57488.exe
2716	Unicorn-42995.exe
2716	Unicorn-42995.exe
2532	Unicorn-8552.exe
2532	Unicorn-8552.exe
2216	WerFault.exe
2216	WerFault.exe
2216	WerFault.exe
2216	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2216	WerFault.exe
932	Unicorn-13169.exe
932	Unicorn-13169.exe
2596	Unicorn-25267.exe
1552	Unicorn-22023.exe
2596	Unicorn-25267.exe
1552	Unicorn-22023.exe
1732	Unicorn-58841.exe
1732	Unicorn-58841.exe
2424	Unicorn-60592.exe
2424	Unicorn-60592.exe
1680	Unicorn-52583.exe
1680	Unicorn-52583.exe
2716	Unicorn-42995.exe
2716	Unicorn-42995.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
436	WerFault.exe
436	WerFault.exe
436	WerFault.exe
436	WerFault.exe
436	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2432	1308	WerFault.exe	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe
1992	2760	WerFault.exe	Unicorn-15430.exe
2216	2532	WerFault.exe	Unicorn-8552.exe
2344	2676	WerFault.exe	Unicorn-57488.exe
2036	2424	WerFault.exe	Unicorn-60592.exe
436	2596	WerFault.exe	Unicorn-25267.exe
2024	2716	WerFault.exe	Unicorn-42995.exe
2144	1732	WerFault.exe	Unicorn-58841.exe
1588	932	WerFault.exe	Unicorn-13169.exe
2748	1280	WerFault.exe	Unicorn-32909.exe
1344	1552	WerFault.exe	Unicorn-22023.exe
2400	1680	WerFault.exe	Unicorn-52583.exe
2988	2652	WerFault.exe	Unicorn-37777.exe
528	2644	WerFault.exe	Unicorn-27467.exe
1960	372	WerFault.exe	Unicorn-23086.exe
1028	2796	WerFault.exe	Unicorn-58603.exe
2340	3028	WerFault.exe	Unicorn-57643.exe
2348	1316	WerFault.exe	Unicorn-9895.exe
1868	3000	WerFault.exe	Unicorn-47119.exe
616	1100	WerFault.exe	Unicorn-45303.exe
1736	968	WerFault.exe	Unicorn-39917.exe
2680	1664	WerFault.exe	Unicorn-62314.exe
2772	2328	WerFault.exe	Unicorn-4130.exe
2888	2816	WerFault.exe	Unicorn-57052.exe
2692	1620	WerFault.exe	Unicorn-33887.exe
1484	1852	WerFault.exe	Unicorn-48038.exe
2924	2276	WerFault.exe	Unicorn-6398.exe
924	2880	WerFault.exe	Unicorn-52646.exe
1772	2756	WerFault.exe	Unicorn-2017.exe
2260	2560	WerFault.exe	Unicorn-11009.exe
324	2552	WerFault.exe	Unicorn-11035.exe
2804	1036	WerFault.exe	Unicorn-27532.exe
2844	1628	WerFault.exe	Unicorn-14341.exe
2648	292	WerFault.exe	Unicorn-47590.exe
2364	2408	WerFault.exe	Unicorn-56251.exe
588	2512	WerFault.exe	Unicorn-31102.exe
3096	1136	WerFault.exe	Unicorn-52070.exe
3244	964	WerFault.exe	Unicorn-6206.exe
3340	1192	WerFault.exe	Unicorn-23003.exe
3432	2996	WerFault.exe	Unicorn-2323.exe
3452	1636	WerFault.exe	Unicorn-11565.exe
3488	2700	WerFault.exe	Unicorn-11035.exe
3496	1956	WerFault.exe	Unicorn-30423.exe
3632	2284	WerFault.exe	Unicorn-28939.exe
3656	2736	WerFault.exe	Unicorn-15208.exe
3664	2456	WerFault.exe	Unicorn-15415.exe
3692	2620	WerFault.exe	Unicorn-56443.exe
3840	2312	WerFault.exe	Unicorn-50289.exe
3888	2556	WerFault.exe	Unicorn-46168.exe
3932	1916	WerFault.exe	Unicorn-13869.exe
3940	928	WerFault.exe	Unicorn-23963.exe
4008	876	WerFault.exe	Unicorn-15286.exe
3108	2156	WerFault.exe	Unicorn-20392.exe
3228	1568	WerFault.exe	Unicorn-46822.exe
3152	572	WerFault.exe	Unicorn-26764.exe
3348	2376	WerFault.exe	Unicorn-31217.exe
3388	1976	WerFault.exe	Unicorn-55125.exe
3504	2800	WerFault.exe	Unicorn-49287.exe
3672	2508	WerFault.exe	Unicorn-51833.exe
3768	3064	WerFault.exe	Unicorn-33110.exe
3784	2520	WerFault.exe	Unicorn-36392.exe
3816	2412	WerFault.exe	Unicorn-60589.exe
3992	2536	WerFault.exe	Unicorn-25541.exe
4004	2052	WerFault.exe	Unicorn-5675.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exeUnicorn-15430.exeUnicorn-8552.exeUnicorn-57488.exeUnicorn-60592.exeUnicorn-25267.exeUnicorn-42995.exeUnicorn-22023.exeUnicorn-58841.exeUnicorn-13169.exeUnicorn-32909.exeUnicorn-52583.exeUnicorn-27467.exeUnicorn-37777.exeUnicorn-9895.exeUnicorn-47119.exeUnicorn-57643.exeUnicorn-58603.exeUnicorn-23086.exeUnicorn-45303.exeUnicorn-39917.exeUnicorn-33887.exeUnicorn-48038.exeUnicorn-62314.exeUnicorn-6206.exeUnicorn-4130.exeUnicorn-52646.exeUnicorn-52070.exeUnicorn-57052.exeUnicorn-6398.exeUnicorn-11035.exeUnicorn-46168.exeUnicorn-11035.exeUnicorn-15415.exeUnicorn-31102.exeUnicorn-11009.exeUnicorn-56251.exeUnicorn-23003.exeUnicorn-26764.exeUnicorn-56443.exeUnicorn-23963.exeUnicorn-14341.exeUnicorn-47590.exeUnicorn-27532.exeUnicorn-46822.exeUnicorn-60589.exeUnicorn-49287.exeUnicorn-55125.exeUnicorn-13869.exeUnicorn-11565.exeUnicorn-2323.exeUnicorn-15286.exeUnicorn-50289.exeUnicorn-30423.exeUnicorn-20392.exeUnicorn-42754.exeUnicorn-25541.exeUnicorn-5675.exeUnicorn-15208.exeUnicorn-2017.exeUnicorn-48229.exeUnicorn-28939.exeUnicorn-64264.exeUnicorn-52837.exe

pid	process
1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe
2760	Unicorn-15430.exe
2532	Unicorn-8552.exe
2676	Unicorn-57488.exe
2424	Unicorn-60592.exe
2596	Unicorn-25267.exe
2716	Unicorn-42995.exe
1552	Unicorn-22023.exe
1732	Unicorn-58841.exe
932	Unicorn-13169.exe
1280	Unicorn-32909.exe
1680	Unicorn-52583.exe
2644	Unicorn-27467.exe
2652	Unicorn-37777.exe
1316	Unicorn-9895.exe
3000	Unicorn-47119.exe
3028	Unicorn-57643.exe
2796	Unicorn-58603.exe
372	Unicorn-23086.exe
1100	Unicorn-45303.exe
968	Unicorn-39917.exe
1620	Unicorn-33887.exe
1852	Unicorn-48038.exe
1664	Unicorn-62314.exe
964	Unicorn-6206.exe
2328	Unicorn-4130.exe
2880	Unicorn-52646.exe
1136	Unicorn-52070.exe
2816	Unicorn-57052.exe
2276	Unicorn-6398.exe
2552	Unicorn-11035.exe
2556	Unicorn-46168.exe
2700	Unicorn-11035.exe
2456	Unicorn-15415.exe
2512	Unicorn-31102.exe
2560	Unicorn-11009.exe
2408	Unicorn-56251.exe
1192	Unicorn-23003.exe
572	Unicorn-26764.exe
2620	Unicorn-56443.exe
928	Unicorn-23963.exe
1628	Unicorn-14341.exe
292	Unicorn-47590.exe
1036	Unicorn-27532.exe
1568	Unicorn-46822.exe
2412	Unicorn-60589.exe
2800	Unicorn-49287.exe
1976	Unicorn-55125.exe
1916	Unicorn-13869.exe
1636	Unicorn-11565.exe
2996	Unicorn-2323.exe
876	Unicorn-15286.exe
2312	Unicorn-50289.exe
1956	Unicorn-30423.exe
2156	Unicorn-20392.exe
2548	Unicorn-42754.exe
2536	Unicorn-25541.exe
2052	Unicorn-5675.exe
2736	Unicorn-15208.exe
2756	Unicorn-2017.exe
2640	Unicorn-48229.exe
2284	Unicorn-28939.exe
1080	Unicorn-64264.exe
1804	Unicorn-52837.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exeUnicorn-15430.exeUnicorn-8552.exeUnicorn-57488.exeUnicorn-60592.exeUnicorn-25267.exeUnicorn-42995.exeUnicorn-13169.exe

description	pid	process	target process
PID 1308 wrote to memory of 2760	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	Unicorn-15430.exe
PID 1308 wrote to memory of 2760	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	Unicorn-15430.exe
PID 1308 wrote to memory of 2760	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	Unicorn-15430.exe
PID 1308 wrote to memory of 2760	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	Unicorn-15430.exe
PID 2760 wrote to memory of 2532	2760	Unicorn-15430.exe	Unicorn-8552.exe
PID 2760 wrote to memory of 2532	2760	Unicorn-15430.exe	Unicorn-8552.exe
PID 2760 wrote to memory of 2532	2760	Unicorn-15430.exe	Unicorn-8552.exe
PID 2760 wrote to memory of 2532	2760	Unicorn-15430.exe	Unicorn-8552.exe
PID 1308 wrote to memory of 2676	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	Unicorn-57488.exe
PID 1308 wrote to memory of 2676	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	Unicorn-57488.exe
PID 1308 wrote to memory of 2676	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	Unicorn-57488.exe
PID 1308 wrote to memory of 2676	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	Unicorn-57488.exe
PID 1308 wrote to memory of 2432	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	WerFault.exe
PID 1308 wrote to memory of 2432	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	WerFault.exe
PID 1308 wrote to memory of 2432	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	WerFault.exe
PID 1308 wrote to memory of 2432	1308	b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe	WerFault.exe
PID 2532 wrote to memory of 2716	2532	Unicorn-8552.exe	Unicorn-42995.exe
PID 2532 wrote to memory of 2716	2532	Unicorn-8552.exe	Unicorn-42995.exe
PID 2532 wrote to memory of 2716	2532	Unicorn-8552.exe	Unicorn-42995.exe
PID 2532 wrote to memory of 2716	2532	Unicorn-8552.exe	Unicorn-42995.exe
PID 2760 wrote to memory of 2596	2760	Unicorn-15430.exe	Unicorn-25267.exe
PID 2760 wrote to memory of 2596	2760	Unicorn-15430.exe	Unicorn-25267.exe
PID 2760 wrote to memory of 2596	2760	Unicorn-15430.exe	Unicorn-25267.exe
PID 2760 wrote to memory of 2596	2760	Unicorn-15430.exe	Unicorn-25267.exe
PID 2676 wrote to memory of 2424	2676	Unicorn-57488.exe	Unicorn-60592.exe
PID 2676 wrote to memory of 2424	2676	Unicorn-57488.exe	Unicorn-60592.exe
PID 2676 wrote to memory of 2424	2676	Unicorn-57488.exe	Unicorn-60592.exe
PID 2676 wrote to memory of 2424	2676	Unicorn-57488.exe	Unicorn-60592.exe
PID 2760 wrote to memory of 1992	2760	Unicorn-15430.exe	WerFault.exe
PID 2760 wrote to memory of 1992	2760	Unicorn-15430.exe	WerFault.exe
PID 2760 wrote to memory of 1992	2760	Unicorn-15430.exe	WerFault.exe
PID 2760 wrote to memory of 1992	2760	Unicorn-15430.exe	WerFault.exe
PID 2424 wrote to memory of 1552	2424	Unicorn-60592.exe	Unicorn-22023.exe
PID 2424 wrote to memory of 1552	2424	Unicorn-60592.exe	Unicorn-22023.exe
PID 2424 wrote to memory of 1552	2424	Unicorn-60592.exe	Unicorn-22023.exe
PID 2424 wrote to memory of 1552	2424	Unicorn-60592.exe	Unicorn-22023.exe
PID 2596 wrote to memory of 932	2596	Unicorn-25267.exe	Unicorn-13169.exe
PID 2596 wrote to memory of 932	2596	Unicorn-25267.exe	Unicorn-13169.exe
PID 2596 wrote to memory of 932	2596	Unicorn-25267.exe	Unicorn-13169.exe
PID 2596 wrote to memory of 932	2596	Unicorn-25267.exe	Unicorn-13169.exe
PID 2676 wrote to memory of 1732	2676	Unicorn-57488.exe	Unicorn-58841.exe
PID 2676 wrote to memory of 1732	2676	Unicorn-57488.exe	Unicorn-58841.exe
PID 2676 wrote to memory of 1732	2676	Unicorn-57488.exe	Unicorn-58841.exe
PID 2676 wrote to memory of 1732	2676	Unicorn-57488.exe	Unicorn-58841.exe
PID 2716 wrote to memory of 1680	2716	Unicorn-42995.exe	Unicorn-52583.exe
PID 2716 wrote to memory of 1680	2716	Unicorn-42995.exe	Unicorn-52583.exe
PID 2716 wrote to memory of 1680	2716	Unicorn-42995.exe	Unicorn-52583.exe
PID 2716 wrote to memory of 1680	2716	Unicorn-42995.exe	Unicorn-52583.exe
PID 2532 wrote to memory of 1280	2532	Unicorn-8552.exe	Unicorn-32909.exe
PID 2532 wrote to memory of 1280	2532	Unicorn-8552.exe	Unicorn-32909.exe
PID 2532 wrote to memory of 1280	2532	Unicorn-8552.exe	Unicorn-32909.exe
PID 2532 wrote to memory of 1280	2532	Unicorn-8552.exe	Unicorn-32909.exe
PID 2532 wrote to memory of 2216	2532	Unicorn-8552.exe	WerFault.exe
PID 2532 wrote to memory of 2216	2532	Unicorn-8552.exe	WerFault.exe
PID 2532 wrote to memory of 2216	2532	Unicorn-8552.exe	WerFault.exe
PID 2532 wrote to memory of 2216	2532	Unicorn-8552.exe	WerFault.exe
PID 2676 wrote to memory of 2344	2676	Unicorn-57488.exe	WerFault.exe
PID 2676 wrote to memory of 2344	2676	Unicorn-57488.exe	WerFault.exe
PID 2676 wrote to memory of 2344	2676	Unicorn-57488.exe	WerFault.exe
PID 2676 wrote to memory of 2344	2676	Unicorn-57488.exe	WerFault.exe
PID 932 wrote to memory of 2644	932	Unicorn-13169.exe	Unicorn-27467.exe
PID 932 wrote to memory of 2644	932	Unicorn-13169.exe	Unicorn-27467.exe
PID 932 wrote to memory of 2644	932	Unicorn-13169.exe	Unicorn-27467.exe
PID 932 wrote to memory of 2644	932	Unicorn-13169.exe	Unicorn-27467.exe

C:\Users\Admin\AppData\Local\Temp\b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe
"C:\Users\Admin\AppData\Local\Temp\b6a6b5291cc7cf66411fb43dea760d8e32cf11cefe4044b43569cce0e7020e71.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-15430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15430.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
9⤵
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-51391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51391.exe
10⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
11⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
12⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
13⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-52150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52150.exe
14⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
14⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 236
13⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
12⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
11⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
10⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 236
9⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
8⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-17785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17785.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
10⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
11⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
12⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-49104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49104.exe
13⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 236
13⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
12⤵
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
11⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
10⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
9⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
8⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
9⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
10⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-49981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49981.exe
11⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
12⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
13⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
14⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
13⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
12⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
11⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 216
10⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
9⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-8076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8076.exe
8⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
10⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
11⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
12⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
13⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
12⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 236
11⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
10⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
9⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
8⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
7⤵
- Program crash
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
8⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
10⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
11⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
12⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
13⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
13⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
12⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
11⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
10⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
9⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
8⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
7⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
9⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
11⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
12⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 236
12⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 236
11⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
10⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
9⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
8⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
7⤵
- Program crash
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
6⤵
- Program crash
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-47119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47119.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-14341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14341.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
8⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
11⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
12⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
13⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 236
13⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 236
12⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 236
11⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
9⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
8⤵
- Program crash
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
8⤵
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
10⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
11⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
12⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
13⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
13⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
12⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 236
11⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 216
9⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
8⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
7⤵
- Program crash
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
10⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
11⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
12⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
13⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
12⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
11⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
9⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
8⤵
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
7⤵
- Program crash
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 220
6⤵
- Program crash
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
6⤵
- Executes dropped EXE
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-33110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33110.exe
7⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
8⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
10⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
11⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-35858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35858.exe
12⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
13⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 236
12⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 236
11⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
10⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
9⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
8⤵
- Program crash
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-64895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64895.exe
7⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
8⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
10⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-24511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24511.exe
11⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-10758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10758.exe
12⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
12⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
11⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 236
10⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
9⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
8⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
7⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
6⤵
- Program crash
PID:616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
5⤵
- Program crash
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
9⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
10⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
11⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
12⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
13⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
14⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
14⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
13⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
12⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
11⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 216
10⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
9⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
8⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
10⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
11⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
12⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
13⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
13⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
12⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
11⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
10⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
9⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
- Program crash
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
8⤵
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
8⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
7⤵
- Program crash
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
8⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-5179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5179.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
10⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-43853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43853.exe
11⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
12⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-30273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30273.exe
13⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 236
13⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 236
12⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
11⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
10⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
9⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
8⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
7⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
10⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-64522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64522.exe
11⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
11⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
12⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 236
12⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 220
11⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 236
10⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
9⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
8⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
7⤵
- Program crash
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
6⤵
- Program crash
PID:528

C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
9⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
11⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
12⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
12⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
11⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
10⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
9⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 216
8⤵
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
7⤵
- Program crash
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
7⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
8⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
10⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
11⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
11⤵
PID:8436

C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
12⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 220
11⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
9⤵
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
8⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
7⤵
- Program crash
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
6⤵
- Program crash
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
5⤵
- Program crash
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
7⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-37563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37563.exe
8⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-40806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40806.exe
10⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
11⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
12⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
13⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 236
12⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 236
11⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
10⤵
PID:2388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
9⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
8⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
7⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
9⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
10⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
11⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
12⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 236
11⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
10⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
8⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 216
6⤵
- Program crash
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-13869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13869.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
7⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-33607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33607.exe
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
11⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
12⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
12⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
11⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 236
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
9⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
8⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
7⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
6⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
7⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
8⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
10⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
10⤵
PID:7192

C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
11⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 236
11⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 240
10⤵
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
9⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
8⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
7⤵
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
6⤵
- Program crash
PID:324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 220
5⤵
- Program crash
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-31102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31102.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
11⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
12⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
12⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
11⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 240
9⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
8⤵
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
7⤵
- Program crash
PID:588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
6⤵
- Program crash
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
7⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
7⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-42396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42396.exe
9⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
10⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
11⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
12⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
12⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 236
11⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
10⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
9⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 216
8⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
7⤵
- Program crash
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
6⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
7⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
9⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
10⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
11⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
12⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
11⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 236
10⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 216
8⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
7⤵
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
6⤵
- Program crash
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
5⤵
- Program crash
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
8⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
11⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
12⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
13⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
13⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 236
12⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
11⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
10⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
9⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
8⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
7⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
10⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
11⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-55170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55170.exe
12⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 236
12⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
11⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
10⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
9⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
8⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
7⤵
- Program crash
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-55056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55056.exe
7⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
10⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
11⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
12⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
12⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
11⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
8⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
7⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
6⤵
- Program crash
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-2323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2323.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
7⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
11⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
12⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-39854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39854.exe
13⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
12⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
11⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
10⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
8⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
7⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
6⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-17984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17984.exe
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-13403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13403.exe
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
9⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 236
10⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
9⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
8⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
7⤵
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
6⤵
- Program crash
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 240
5⤵
- Program crash
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
7⤵
- Executes dropped EXE
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
9⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
10⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
11⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
12⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
13⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 236
12⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 236
11⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
10⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
8⤵
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
7⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
6⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
7⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
8⤵
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
7⤵
- Program crash
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
6⤵
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
6⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
7⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
8⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-53001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53001.exe
9⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
10⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-15413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15413.exe
11⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
12⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
12⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 236
11⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 236
10⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 216
9⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 216
8⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
7⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
6⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
7⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
8⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
9⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 220
11⤵
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
10⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
8⤵
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
7⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
6⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
5⤵
- Program crash
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
7⤵
- Program crash
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
6⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
7⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-14033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14033.exe
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
9⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
10⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
11⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 236
11⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 236
10⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 236
9⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
8⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
7⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
6⤵
- Program crash
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-10868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10868.exe
6⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
7⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
8⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
10⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-47044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47044.exe
11⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
11⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
10⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
9⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
8⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 216
7⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
6⤵
- Program crash
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
5⤵
- Program crash
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 220
4⤵
- Program crash
PID:2144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
2⤵
- Program crash
PID:2432

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
Filesize
184KB

MD5
fd970bad422e71805ae5a3449c215369

SHA1
ddfa7193c69ad7d1ea1bd15006ebbb7429a29495

SHA256
8d8cf60c95768e944c0b4e311ec78ebedec3e901e6b882f0d37a8d66191279ea

SHA512
31e579fa1f9e5476a3dec1565cc45429a613ea2f2081ba630a4c1ed322cd9951ad448e19049908134c1f2cefc5d1dfa4b8947ed6f75ebc6a152b4ba1f2c87435

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
Filesize
184KB

MD5
bb8c30c4a5b96f33b0ecd5ad76c61e51

SHA1
063ff8654a477cbd4fc1ef09e1864db607bd8cd3

SHA256
7ce8d98c66e3d1d175ababc0fc1dbe4d45dc9b410f842295c7de4797c1ea2555

SHA512
b1950cb8ebd56531c5e066a9f3158249429b7f8642ab793f32666d8a6fef1834b203c96a2ae7877cb4cfab2336c6339ad0163dc2560923f7aeb4beec90eaa9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
Filesize
184KB

MD5
0e505676ce896939eca87a6e42ebce4e

SHA1
629c57ba1cf9f9ad4a4022512e55a028cba1ab6a

SHA256
7d55d1115883c3359ccb26a9c2a7a268b9b076c0bf5f6055190b64f77f9f6331

SHA512
d1e2140578bb61cba54305f17a51481d84da5606555097bb1b29c3adb55c656524f9c298e2297d7b94c1625dc8e9073ac47f245467d4a4cbb8df22fb6622f3c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
Filesize
184KB

MD5
0e89f65bfb7b4aa5268211e01888b688

SHA1
be345313ab453a2d42fa01d3ba1c9d3b893df9fe

SHA256
934c421c9b390cf337b89aea4a5f55426365e576e42bb8fd3a7df246b98f9e3a

SHA512
65ee16dc734d8044a4cb808d3349785b1ba807fcaeac5d18e0f886c36daf3c64327818d178ee4bfe7b8f3cac6d13f0b42ef50fc892f1be0e509343b652752b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
Filesize
184KB

MD5
2e92aab4b8d89b85107dc7ebc42856a7

SHA1
d50f6eae8e35102e6590da1529b4967d0bb8769a

SHA256
629eeb76b946b732981ff5158c5f7bca5f54f29b0810fb4710e6c487b4b6f242

SHA512
e220a7ff709be275a446bdac8af7ff3f5e7f250ab4d3bd08a2ed22848b8f2cc0e6a957d0bff43cbe36887c3fcb4578f66245ecaf0a3d89940aab76c8e6321644

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
Filesize
184KB

MD5
025d37e2f62ee36150ccb5f75fe8b76b

SHA1
cadfaf1ab191f49571b9fadb9f49ce4364a42104

SHA256
1e8ba53d47e89f21839e211b8a79370b3fd3fa348cfa7978ca421ffbd4934c51

SHA512
2474c047adbd3785776322c43c0e2b2a2ee56e33cad923e0e46349d574a9973e2f285d3ec6f6837e1715ec2a2814ee2e45dc01e2e24927a6500bf14a91210b55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
Filesize
184KB

MD5
724ceadbb8a1f28ebb5ab319ce39c7f6

SHA1
0739f20f8b7f6f2c64b494f67c5c4b3ef88d73ab

SHA256
e29bfa4d3ab2219db0ed7e8b6e184fb287f043a3a6f191eac07cd38d751d31c9

SHA512
7e95d8f886c2761b600eeb7ed81b9d902cc170d05a2b67a298329e6e1a52982c9e088106e0a2d7a3a6890bfd2072de5db2af277bc264da17661826a7b6d4816c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
Filesize
184KB

MD5
0457eba73f7f7e114b38819487487f41

SHA1
1c7eddfb8b24ea62d967b99d416ca0b25da1e6cb

SHA256
6ee846ab49bdd235ed3c382ffab2f65e60723f2e0c594441df9fed2a28632ab7

SHA512
92a25419f9b2d54c42783a803dd9c96860747e3bebc0036de0b989ba378927a1c7e1ab457255aa8a6c6e4d528566796c17b9869d724d998fe275501a92daf331

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
Filesize
184KB

MD5
1c270890383263765473d6c275cd2b69

SHA1
e79cbe655343edb2a96b71b1675ec880f82ff683

SHA256
62130f6cd07d3ec4d6709175dbd90889c217baefd326303743acb4d3ad5e409f

SHA512
8eee29072907423368f3dd9f32ac9fc1410f02b65337034969878609255890620f1453a8576a82eef71f3cf1f92e42bb0f0df63d7b1c66e99a9326dbf198a730

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
Filesize
184KB

MD5
81bcbed375db107d82e8fc32fb610586

SHA1
d60c690f8cf924689012d561f68817ad9ee0acff

SHA256
e6e5b3ca075834630241db819efd2e0f06dac52153ebde6a96c8380102953457

SHA512
926a3dc9ad460c5e8b7bedea9994aeb5ba253aa6a6012604478093cc41d418ad4ad86350bcfece35596d652d34f0cb2aad3ea8dba26379f1d506a164623d7bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
Filesize
184KB

MD5
51f32a515a478630d8689deebf67cf8b

SHA1
bd1f4c31bee28fcf1c92072bfa77826c85f4f65f

SHA256
25207b66c52c0cb431bdeb0287fa0c32fa14c3f535903e2c212837eff23221f2

SHA512
310d2b193a528a0daa6082c227c5d8775cf18ba6b4092ecab57832b02f121936fd8198e7c15ed920ef753b8cc3e3876a5b8fe55837ca3d5782acd5d6aeb9ba2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
Filesize
184KB

MD5
9ddf06bafa4619e20dcfbfccf0f46c8d

SHA1
33750bf3a4f9b898e80783fdc4ba6d6c33fbeb55

SHA256
1504b93824be9266ce34661cacb4b6015c0d5c465a7d9a32d02a36c41e9dc470

SHA512
8866f0f9807e8085a8d94546d97bd18e204a36b46113f91eb8df2d8b63db35a238dda57176f971b4c389c922c3021781f85f394ed74c8555dc1fe62c82210741

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
Filesize
184KB

MD5
c8951cbc8850c45b6d3b1c0cb569a81f

SHA1
36dda8c62c32d359d9ae9540aa6bc7709dc394cc

SHA256
b77fb5c2cc0d44f53aced29b74805c82520306165ada9d3193edc60656ef1ffa

SHA512
9c4f2a2213b5721c51b9677470547d132602c16e812ca3e94be6feb685bd2a3c8ea90ee54cd0dcecb6e8aba8fe208c8dd3024f889b2776c093129b8e405f09e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
Filesize
184KB

MD5
8cbb22c41048f6393bd0cf0bc948aeb0

SHA1
fc36b671dd407dd7a410dc2e10b49f82db93a2e4

SHA256
171fdd769599038732d9a54089131251f7e880d9c611064f60aa6a71b2e7fb86

SHA512
d0817114649a3a4a6cd4559de39e874160209b344fafb2b31813b8d32723dc7d8af105c71e2f0ca52a11dad5ed7cbd5d67476ef15d5ad067d9b8a673968178aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
Filesize
184KB

MD5
c370cb5272901e8d5b4a212187cb4683

SHA1
b793a8aeb85d6fe2255d39aa38211f55ecc5ae46

SHA256
b71db275b123f675f174a8b5fde030e5609d2671beb8e199c26e1bc2c71997cb

SHA512
36af5a1920ca5e22781ace1c007d1fca284e7be87a58f3ba412daa811f6e5c1d699f3f4a1a568ab2ee8deb484c2f54dc32dfdd130fe2cc9cf54da7f153e9548f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
Filesize
184KB

MD5
3ddb8af1c666725047123ec5beee8b80

SHA1
3462b818fd42ca44c694c0c7ffabc357cb0d13b9

SHA256
a7763ea0801c889b327ff6dee2d23ff8e91c69d058b28673c29f4080166bfabc

SHA512
6c2579415c4e4ac924e5aa09eb77fe7a5f71c6486e7bd958c5673c058c569d619482e4b4f8b9fcf3f810fc20413a0563f2e540fa61c02061eabc8adaf3999f1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15430.exe
Filesize
184KB

MD5
9ee2456a9766b2b42ed0f527bd5cf056

SHA1
d8467f27f62d317b26f2072c672f8f71346e3846

SHA256
b73c87f96460335b40cd34d4bc78726921ddd9a7bab10626ac85c246ddc6cdf3

SHA512
9431336e4b477b047a87ce00ec02d2093577661ca7a509a9fb1eb9ce68416749887a818c3358fdd1d78188067a2629c06a5c872f74f0a44c4b014dfa57cd8aab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
Filesize
184KB

MD5
ca5b56b6c160dab3e149576f735b92c4

SHA1
ab73262d0a730e08c20b419c0a5488c5d7e517f0

SHA256
e4079482f2b21ad298649e88d82bc8eb2936f68acd79f00f79cc12647d2bdb23

SHA512
239cd03a363cb29949560d8b1c817f33f68f416928fbfc4bb10951768e1039df67d59289864463a06aaea3c89b4174e2c0454c9e1dd2d9acd0300d1456b97f1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
Filesize
184KB

MD5
5594f4887f9073668803d265db368c4b

SHA1
dee313d63cab208ba58e9e008f6649e0551d9a17

SHA256
94cd50e63fc051861d63c6fc666e9e01b70d64bd6e983ad13efe7a628fef4020

SHA512
2603b92c860923a84372f641e51d0b087ac176cff17badda51e93988ef7a4cc5a305dff8d23c1a66823919cba148541779cf10c4b9d0cce183b0874c1beac97b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
Filesize
184KB

MD5
7c10d4287be3b7917a3613a1682e9a7c

SHA1
2763bda730e208dc8b97730795fd48d68aceb33f

SHA256
59f8cabcb260b81902b75968898084945d7f7ff484e96653c315d4a24d0b4b85

SHA512
b114937ec4fb4811ed6c28f333a8e3846a072b34381f8a042aec1e5e62925dd5e049fb9100b5f042076303cbe71d63a0e0acf19e50710c0710c4369823a6bdd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
Filesize
184KB

MD5
920e24e716112da3d194db26bf86cf3b

SHA1
4e4094f110295a51df7ef2f1ebd64451ca8343b0

SHA256
3db402bbc5eeff36c03cea28883b6e1b9b95419c05a6c833a9b9eac09d4765bb

SHA512
638b000affdc365d58810e3b7722d435f26c3c475818d27788fe9d4d21a59a8c8da49f3078b630d2bb5511025b5cea231dbeb45e3a9b3e8bc7e1037a51ff1ca5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
Filesize
184KB

MD5
d71024281131cc78004a0b34f41de098

SHA1
8c0ca627e0e30d451585f21c7eea794f8bc2c9ec

SHA256
13fadfc075dd92d2d5e6b1e3ef2a388cd3e9cc24105a32dd999827c8071b514c

SHA512
89967350a1ecea0d05d2c3874251d67ecacbce9bdb4b185f5e3365f3493939c0d06074142fa7cbee4e5f34d64d32ad6d0cc36f9bd32fe229a1c3e4ba4d23ad4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
Filesize
184KB

MD5
959d9591ec3773b56fed9841151250c0

SHA1
b2396687ad2902f1f0f580c257ffb197c56d3b8c

SHA256
a344de14c65df3ee75b6d473c704cb7d16769c66354b761228fd4b193763ea70

SHA512
b45b8c9be6e4f8fdde64b9605c84927dbcefda829c7c4b8ed94f3fcde30e12ac7f517e3c0acba6dba5efd0b1f480188a2de5bee0fa1c1f29993d7e8b5e855321

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
Filesize
184KB

MD5
4c2007d9a7c7402f33f51356fdca085e

SHA1
214eb7f857e01c17f9e0449dbeb6cebc392785b8

SHA256
f284c7c1fc80742b8c0913485e6ab47a810bb3f4197a4105a39546594cf61664

SHA512
a47ee4089bdaec5ea13ecc1c7c6888e6c5b40c3a6193cc3401f75f822d76db1cd7258c825238931bd585b8054aaddb43060ae0ea2cfd856e3aae5a3c8fa81633

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
Filesize
184KB

MD5
999465baad40dfd4c151e57eeb9b99de

SHA1
2a0c1ec35f1abdbc9546bbe94327abf0a43a7e53

SHA256
5d835c8555fa8be5fd82144f2869b8b918a941c45b2d9759ebb5dc3e2a53bce2

SHA512
974b93dfc6603d1491f6551060355a719882f95c86243d836e7220220ab59e0e3fd03d6045a754108bbe2066567e72f9eb214de98372e41cab772ce396bb52cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
Filesize
184KB

MD5
fd32225cc4f03977fc1bc9ef2a51c2d2

SHA1
0b8e905ceb43d881247ea14b5ec29159bc9a1094

SHA256
65387c62af7b1dcde2f8a3c67f17bf9f78f38bdb65072d08451ff92251aa46eb

SHA512
3567b900213896ab8424d6cec849ec6d863cee8c91c330e7bccb4a5affaf94edca5cd093d961a2a60547639ae3ff7d316c6de87d863deda492afa90c5f8441e6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads