b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe
Size

184KB
MD5

b39b42049503a0daaf1f000e75525864
SHA1

a642f033ad241ddda5e87b74cf0035a214f5e4db
SHA256

b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111
SHA512

5d16b6a0cacdbd3c418267c6a3500d09a43b8a9074908485eed55c8e14a1b2933628f91abe870923c6c071b15790e7e90dd4050f3e8f8cbfba38ba4e0e1f18a5
SSDEEP

3072:FHO3Y9ofbKhQdaate8wLRkC4klnViFan3:FHroIMaayL+C4klnViFa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-51917.exeUnicorn-33062.exeUnicorn-13196.exeUnicorn-39720.exeUnicorn-36190.exeUnicorn-54987.exeUnicorn-33213.exeUnicorn-33213.exeUnicorn-35901.exeUnicorn-48900.exeUnicorn-48708.exeUnicorn-50006.exeUnicorn-46477.exeUnicorn-421.exeUnicorn-29564.exeUnicorn-16566.exeUnicorn-16566.exeUnicorn-29372.exeUnicorn-39451.exeUnicorn-52258.exeUnicorn-3057.exeUnicorn-39259.exeUnicorn-52943.exeUnicorn-42632.exeUnicorn-9767.exeUnicorn-5169.exeUnicorn-58776.exeUnicorn-25912.exeUnicorn-22382.exeUnicorn-17773.exeUnicorn-922.exeUnicorn-53268.exeUnicorn-39620.exeUnicorn-36029.exeUnicorn-15971.exeUnicorn-35645.exeUnicorn-51981.exeUnicorn-15587.exeUnicorn-54669.exeUnicorn-54669.exeUnicorn-21805.exeUnicorn-55546.exeUnicorn-34611.exeUnicorn-50948.exeUnicorn-39018.exeUnicorn-29750.exeUnicorn-29750.exeUnicorn-46086.exeUnicorn-26028.exeUnicorn-62230.exeUnicorn-42172.exeUnicorn-52438.exeUnicorn-36102.exeUnicorn-16367.exeUnicorn-61654.exeUnicorn-31804.exeUnicorn-64799.exeUnicorn-11877.exeUnicorn-15406.exeUnicorn-1950.exeUnicorn-18287.exeUnicorn-34623.exeUnicorn-14565.exeUnicorn-14565.exe

pid	process
1992	Unicorn-51917.exe
2540	Unicorn-33062.exe
3040	Unicorn-13196.exe
2604	Unicorn-39720.exe
2696	Unicorn-36190.exe
3028	Unicorn-54987.exe
2964	Unicorn-33213.exe
2252	Unicorn-33213.exe
2976	Unicorn-35901.exe
2388	Unicorn-48900.exe
1640	Unicorn-48708.exe
2652	Unicorn-50006.exe
1412	Unicorn-46477.exe
2260	Unicorn-421.exe
2868	Unicorn-29564.exe
1256	Unicorn-16566.exe
2628	Unicorn-16566.exe
1804	Unicorn-29372.exe
824	Unicorn-39451.exe
1880	Unicorn-52258.exe
2148	Unicorn-3057.exe
2308	Unicorn-39259.exe
1940	Unicorn-52943.exe
1608	Unicorn-42632.exe
2220	Unicorn-9767.exe
896	Unicorn-5169.exe
692	Unicorn-58776.exe
1980	Unicorn-25912.exe
312	Unicorn-22382.exe
1684	Unicorn-17773.exe
2096	Unicorn-922.exe
2588	Unicorn-53268.exe
2672	Unicorn-39620.exe
2848	Unicorn-36029.exe
2712	Unicorn-15971.exe
2700	Unicorn-35645.exe
2480	Unicorn-51981.exe
2440	Unicorn-15587.exe
2808	Unicorn-54669.exe
2816	Unicorn-54669.exe
1600	Unicorn-21805.exe
2972	Unicorn-55546.exe
2968	Unicorn-34611.exe
1592	Unicorn-50948.exe
1484	Unicorn-39018.exe
2052	Unicorn-29750.exe
2296	Unicorn-29750.exe
2072	Unicorn-46086.exe
772	Unicorn-26028.exe
1832	Unicorn-62230.exe
2840	Unicorn-42172.exe
2280	Unicorn-52438.exe
2008	Unicorn-36102.exe
604	Unicorn-16367.exe
320	Unicorn-61654.exe
1272	Unicorn-31804.exe
2208	Unicorn-64799.exe
1752	Unicorn-11877.exe
1744	Unicorn-15406.exe
2156	Unicorn-1950.exe
3052	Unicorn-18287.exe
2120	Unicorn-34623.exe
2860	Unicorn-14565.exe
2452	Unicorn-14565.exe

Loads dropped DLL 64 IoCs

Processes:

b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exeUnicorn-51917.exeUnicorn-33062.exeUnicorn-13196.exeWerFault.exeUnicorn-39720.exeUnicorn-36190.exeUnicorn-54987.exeWerFault.exeWerFault.exeUnicorn-33213.exeUnicorn-35901.exeUnicorn-33213.exeUnicorn-48708.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe
1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe
1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe
1992	Unicorn-51917.exe
1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe
1992	Unicorn-51917.exe
2540	Unicorn-33062.exe
2540	Unicorn-33062.exe
1992	Unicorn-51917.exe
1992	Unicorn-51917.exe
3040	Unicorn-13196.exe
3040	Unicorn-13196.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2604	Unicorn-39720.exe
2696	Unicorn-36190.exe
2696	Unicorn-36190.exe
2604	Unicorn-39720.exe
3028	Unicorn-54987.exe
3028	Unicorn-54987.exe
2540	Unicorn-33062.exe
2540	Unicorn-33062.exe
3040	Unicorn-13196.exe
3040	Unicorn-13196.exe
356	WerFault.exe
356	WerFault.exe
356	WerFault.exe
356	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
356	WerFault.exe
1928	WerFault.exe
2252	Unicorn-33213.exe
2252	Unicorn-33213.exe
2604	Unicorn-39720.exe
2604	Unicorn-39720.exe
2976	Unicorn-35901.exe
2976	Unicorn-35901.exe
3028	Unicorn-54987.exe
3028	Unicorn-54987.exe
2964	Unicorn-33213.exe
1640	Unicorn-48708.exe
1640	Unicorn-48708.exe
2964	Unicorn-33213.exe
2696	Unicorn-36190.exe
2696	Unicorn-36190.exe
680	WerFault.exe
680	WerFault.exe
612	WerFault.exe
680	WerFault.exe
612	WerFault.exe
680	WerFault.exe
612	WerFault.exe
612	WerFault.exe
680	WerFault.exe
612	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2460	1992	WerFault.exe	Unicorn-51917.exe
356	2540	WerFault.exe	Unicorn-33062.exe
1928	3040	WerFault.exe	Unicorn-13196.exe
612	2696	WerFault.exe	Unicorn-36190.exe
680	2604	WerFault.exe	Unicorn-39720.exe
1464	3028	WerFault.exe	Unicorn-54987.exe
1784	2260	WerFault.exe	Unicorn-421.exe
1972	2252	WerFault.exe	Unicorn-33213.exe
1704	2388	WerFault.exe	Unicorn-48900.exe
1688	2976	WerFault.exe	Unicorn-35901.exe
2188	2964	WerFault.exe	Unicorn-33213.exe
1956	1640	WerFault.exe	Unicorn-48708.exe
1816	2652	WerFault.exe	Unicorn-50006.exe
2776	1412	WerFault.exe	Unicorn-46477.exe
1700	2868	WerFault.exe	Unicorn-29564.exe
1380	1256	WerFault.exe	Unicorn-16566.exe
1292	1804	WerFault.exe	Unicorn-29372.exe
2068	2628	WerFault.exe	Unicorn-16566.exe
2920	824	WerFault.exe	Unicorn-39451.exe
2748	2148	WerFault.exe	Unicorn-3057.exe
760	1880	WerFault.exe	Unicorn-52258.exe
2432	2308	WerFault.exe	Unicorn-39259.exe
2456	1608	WerFault.exe	Unicorn-42632.exe
2224	1940	WerFault.exe	Unicorn-52943.exe
1184	2220	WerFault.exe	Unicorn-9767.exe
1760	1980	WerFault.exe	Unicorn-25912.exe
1252	896	WerFault.exe	Unicorn-5169.exe
1868	692	WerFault.exe	Unicorn-58776.exe
2288	312	WerFault.exe	Unicorn-22382.exe
2084	2588	WerFault.exe	Unicorn-53268.exe
1796	2712	WerFault.exe	Unicorn-15971.exe
2024	2700	WerFault.exe	Unicorn-35645.exe
2980	2440	WerFault.exe	Unicorn-15587.exe
2864	1592	WerFault.exe	Unicorn-50948.exe
2876	1484	WerFault.exe	Unicorn-39018.exe
1604	2816	WerFault.exe	Unicorn-54669.exe
2372	2096	WerFault.exe	Unicorn-922.exe
1716	2480	WerFault.exe	Unicorn-51981.exe
2820	2848	WerFault.exe	Unicorn-36029.exe
2552	2672	WerFault.exe	Unicorn-39620.exe
3184	1684	WerFault.exe	Unicorn-17773.exe
3256	2972	WerFault.exe	Unicorn-55546.exe
3284	1600	WerFault.exe	Unicorn-21805.exe
3364	2968	WerFault.exe	Unicorn-34611.exe
3652	2296	WerFault.exe	Unicorn-29750.exe
3720	2808	WerFault.exe	Unicorn-54669.exe
3736	2072	WerFault.exe	Unicorn-46086.exe
3728	2052	WerFault.exe	Unicorn-29750.exe
3820	772	WerFault.exe	Unicorn-26028.exe
3828	2840	WerFault.exe	Unicorn-42172.exe
3916	2008	WerFault.exe	Unicorn-36102.exe
3956	1832	WerFault.exe	Unicorn-62230.exe
3648	2452	WerFault.exe	Unicorn-14565.exe
3688	3052	WerFault.exe	Unicorn-18287.exe
3816	2860	WerFault.exe	Unicorn-14565.exe
3944	2640	WerFault.exe	Unicorn-30901.exe
4004	2120	WerFault.exe	Unicorn-34623.exe
4016	2444	WerFault.exe	Unicorn-15442.exe
3704	800	WerFault.exe	Unicorn-269.exe
3308	320	WerFault.exe	Unicorn-61654.exe
3192	1752	WerFault.exe	Unicorn-11877.exe
3840	2580	WerFault.exe	Unicorn-12007.exe
3928	2660	WerFault.exe	Unicorn-30901.exe
3996	2264	WerFault.exe	Unicorn-7710.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exeUnicorn-51917.exeUnicorn-33062.exeUnicorn-13196.exeUnicorn-39720.exeUnicorn-36190.exeUnicorn-54987.exeUnicorn-33213.exeUnicorn-33213.exeUnicorn-35901.exeUnicorn-48900.exeUnicorn-48708.exeUnicorn-50006.exeUnicorn-46477.exeUnicorn-421.exeUnicorn-29564.exeUnicorn-16566.exeUnicorn-16566.exeUnicorn-29372.exeUnicorn-39451.exeUnicorn-3057.exeUnicorn-52258.exeUnicorn-39259.exeUnicorn-52943.exeUnicorn-42632.exeUnicorn-9767.exeUnicorn-58776.exeUnicorn-5169.exeUnicorn-25912.exeUnicorn-22382.exeUnicorn-922.exeUnicorn-17773.exeUnicorn-53268.exeUnicorn-39620.exeUnicorn-36029.exeUnicorn-15971.exeUnicorn-51981.exeUnicorn-35645.exeUnicorn-15587.exeUnicorn-54669.exeUnicorn-21805.exeUnicorn-54669.exeUnicorn-34611.exeUnicorn-55546.exeUnicorn-50948.exeUnicorn-39018.exeUnicorn-29750.exeUnicorn-29750.exeUnicorn-46086.exeUnicorn-26028.exeUnicorn-62230.exeUnicorn-42172.exeUnicorn-36102.exeUnicorn-52438.exeUnicorn-16367.exeUnicorn-61654.exeUnicorn-31804.exeUnicorn-64799.exeUnicorn-1950.exeUnicorn-15406.exeUnicorn-11877.exeUnicorn-18287.exeUnicorn-34623.exeUnicorn-14565.exe

pid	process
1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe
1992	Unicorn-51917.exe
2540	Unicorn-33062.exe
3040	Unicorn-13196.exe
2604	Unicorn-39720.exe
2696	Unicorn-36190.exe
3028	Unicorn-54987.exe
2252	Unicorn-33213.exe
2964	Unicorn-33213.exe
2976	Unicorn-35901.exe
2388	Unicorn-48900.exe
1640	Unicorn-48708.exe
2652	Unicorn-50006.exe
1412	Unicorn-46477.exe
2260	Unicorn-421.exe
2868	Unicorn-29564.exe
1256	Unicorn-16566.exe
2628	Unicorn-16566.exe
1804	Unicorn-29372.exe
824	Unicorn-39451.exe
2148	Unicorn-3057.exe
1880	Unicorn-52258.exe
2308	Unicorn-39259.exe
1940	Unicorn-52943.exe
1608	Unicorn-42632.exe
2220	Unicorn-9767.exe
692	Unicorn-58776.exe
896	Unicorn-5169.exe
1980	Unicorn-25912.exe
312	Unicorn-22382.exe
2096	Unicorn-922.exe
1684	Unicorn-17773.exe
2588	Unicorn-53268.exe
2672	Unicorn-39620.exe
2848	Unicorn-36029.exe
2712	Unicorn-15971.exe
2480	Unicorn-51981.exe
2700	Unicorn-35645.exe
2440	Unicorn-15587.exe
2808	Unicorn-54669.exe
1600	Unicorn-21805.exe
2816	Unicorn-54669.exe
2968	Unicorn-34611.exe
2972	Unicorn-55546.exe
1592	Unicorn-50948.exe
1484	Unicorn-39018.exe
2052	Unicorn-29750.exe
2296	Unicorn-29750.exe
2072	Unicorn-46086.exe
772	Unicorn-26028.exe
1832	Unicorn-62230.exe
2840	Unicorn-42172.exe
2008	Unicorn-36102.exe
2280	Unicorn-52438.exe
604	Unicorn-16367.exe
320	Unicorn-61654.exe
1272	Unicorn-31804.exe
2208	Unicorn-64799.exe
2156	Unicorn-1950.exe
1744	Unicorn-15406.exe
1752	Unicorn-11877.exe
3052	Unicorn-18287.exe
2120	Unicorn-34623.exe
2860	Unicorn-14565.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exeUnicorn-51917.exeUnicorn-33062.exeUnicorn-13196.exeUnicorn-36190.exeUnicorn-39720.exeUnicorn-54987.exeUnicorn-33213.exe

description	pid	process	target process
PID 1652 wrote to memory of 1992	1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe	Unicorn-51917.exe
PID 1652 wrote to memory of 1992	1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe	Unicorn-51917.exe
PID 1652 wrote to memory of 1992	1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe	Unicorn-51917.exe
PID 1652 wrote to memory of 1992	1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe	Unicorn-51917.exe
PID 1652 wrote to memory of 3040	1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe	Unicorn-13196.exe
PID 1652 wrote to memory of 3040	1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe	Unicorn-13196.exe
PID 1652 wrote to memory of 3040	1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe	Unicorn-13196.exe
PID 1652 wrote to memory of 3040	1652	b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe	Unicorn-13196.exe
PID 1992 wrote to memory of 2540	1992	Unicorn-51917.exe	Unicorn-33062.exe
PID 1992 wrote to memory of 2540	1992	Unicorn-51917.exe	Unicorn-33062.exe
PID 1992 wrote to memory of 2540	1992	Unicorn-51917.exe	Unicorn-33062.exe
PID 1992 wrote to memory of 2540	1992	Unicorn-51917.exe	Unicorn-33062.exe
PID 2540 wrote to memory of 2604	2540	Unicorn-33062.exe	Unicorn-39720.exe
PID 2540 wrote to memory of 2604	2540	Unicorn-33062.exe	Unicorn-39720.exe
PID 2540 wrote to memory of 2604	2540	Unicorn-33062.exe	Unicorn-39720.exe
PID 2540 wrote to memory of 2604	2540	Unicorn-33062.exe	Unicorn-39720.exe
PID 1992 wrote to memory of 2696	1992	Unicorn-51917.exe	Unicorn-36190.exe
PID 1992 wrote to memory of 2696	1992	Unicorn-51917.exe	Unicorn-36190.exe
PID 1992 wrote to memory of 2696	1992	Unicorn-51917.exe	Unicorn-36190.exe
PID 1992 wrote to memory of 2696	1992	Unicorn-51917.exe	Unicorn-36190.exe
PID 3040 wrote to memory of 3028	3040	Unicorn-13196.exe	Unicorn-54987.exe
PID 3040 wrote to memory of 3028	3040	Unicorn-13196.exe	Unicorn-54987.exe
PID 3040 wrote to memory of 3028	3040	Unicorn-13196.exe	Unicorn-54987.exe
PID 3040 wrote to memory of 3028	3040	Unicorn-13196.exe	Unicorn-54987.exe
PID 1992 wrote to memory of 2460	1992	Unicorn-51917.exe	WerFault.exe
PID 1992 wrote to memory of 2460	1992	Unicorn-51917.exe	WerFault.exe
PID 1992 wrote to memory of 2460	1992	Unicorn-51917.exe	WerFault.exe
PID 1992 wrote to memory of 2460	1992	Unicorn-51917.exe	WerFault.exe
PID 2696 wrote to memory of 2964	2696	Unicorn-36190.exe	Unicorn-33213.exe
PID 2696 wrote to memory of 2964	2696	Unicorn-36190.exe	Unicorn-33213.exe
PID 2696 wrote to memory of 2964	2696	Unicorn-36190.exe	Unicorn-33213.exe
PID 2696 wrote to memory of 2964	2696	Unicorn-36190.exe	Unicorn-33213.exe
PID 2604 wrote to memory of 2252	2604	Unicorn-39720.exe	Unicorn-33213.exe
PID 2604 wrote to memory of 2252	2604	Unicorn-39720.exe	Unicorn-33213.exe
PID 2604 wrote to memory of 2252	2604	Unicorn-39720.exe	Unicorn-33213.exe
PID 2604 wrote to memory of 2252	2604	Unicorn-39720.exe	Unicorn-33213.exe
PID 3028 wrote to memory of 2976	3028	Unicorn-54987.exe	Unicorn-35901.exe
PID 3028 wrote to memory of 2976	3028	Unicorn-54987.exe	Unicorn-35901.exe
PID 3028 wrote to memory of 2976	3028	Unicorn-54987.exe	Unicorn-35901.exe
PID 3028 wrote to memory of 2976	3028	Unicorn-54987.exe	Unicorn-35901.exe
PID 2540 wrote to memory of 2388	2540	Unicorn-33062.exe	Unicorn-48900.exe
PID 2540 wrote to memory of 2388	2540	Unicorn-33062.exe	Unicorn-48900.exe
PID 2540 wrote to memory of 2388	2540	Unicorn-33062.exe	Unicorn-48900.exe
PID 2540 wrote to memory of 2388	2540	Unicorn-33062.exe	Unicorn-48900.exe
PID 3040 wrote to memory of 1640	3040	Unicorn-13196.exe	Unicorn-48708.exe
PID 3040 wrote to memory of 1640	3040	Unicorn-13196.exe	Unicorn-48708.exe
PID 3040 wrote to memory of 1640	3040	Unicorn-13196.exe	Unicorn-48708.exe
PID 3040 wrote to memory of 1640	3040	Unicorn-13196.exe	Unicorn-48708.exe
PID 2540 wrote to memory of 356	2540	Unicorn-33062.exe	WerFault.exe
PID 2540 wrote to memory of 356	2540	Unicorn-33062.exe	WerFault.exe
PID 2540 wrote to memory of 356	2540	Unicorn-33062.exe	WerFault.exe
PID 2540 wrote to memory of 356	2540	Unicorn-33062.exe	WerFault.exe
PID 3040 wrote to memory of 1928	3040	Unicorn-13196.exe	WerFault.exe
PID 3040 wrote to memory of 1928	3040	Unicorn-13196.exe	WerFault.exe
PID 3040 wrote to memory of 1928	3040	Unicorn-13196.exe	WerFault.exe
PID 3040 wrote to memory of 1928	3040	Unicorn-13196.exe	WerFault.exe
PID 2252 wrote to memory of 2652	2252	Unicorn-33213.exe	Unicorn-50006.exe
PID 2252 wrote to memory of 2652	2252	Unicorn-33213.exe	Unicorn-50006.exe
PID 2252 wrote to memory of 2652	2252	Unicorn-33213.exe	Unicorn-50006.exe
PID 2252 wrote to memory of 2652	2252	Unicorn-33213.exe	Unicorn-50006.exe
PID 2604 wrote to memory of 1412	2604	Unicorn-39720.exe	Unicorn-46477.exe
PID 2604 wrote to memory of 1412	2604	Unicorn-39720.exe	Unicorn-46477.exe
PID 2604 wrote to memory of 1412	2604	Unicorn-39720.exe	Unicorn-46477.exe
PID 2604 wrote to memory of 1412	2604	Unicorn-39720.exe	Unicorn-46477.exe

C:\Users\Admin\AppData\Local\Temp\b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe
"C:\Users\Admin\AppData\Local\Temp\b8271d6e54ad06e0224395ed3b86d4fbf48764008cd218e9dcf79a7dd3749111.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-17773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17773.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
10⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
11⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
12⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
13⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
14⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
15⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
15⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
14⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
13⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
12⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
11⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 216
10⤵
- Program crash
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-6366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6366.exe
9⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
11⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
12⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
13⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
14⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
14⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
13⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
12⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
11⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 216
10⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
9⤵
- Program crash
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 236
8⤵
- Program crash
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
9⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
10⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
11⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
12⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
13⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
14⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
14⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 236
13⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
12⤵
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
11⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
10⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
9⤵
- Program crash
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
8⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
10⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
9⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 220
8⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
7⤵
- Program crash
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-39620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39620.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-33107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33107.exe
9⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
10⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
11⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
12⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
13⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
14⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 236
14⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 236
13⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
12⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
11⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
10⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
9⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-6366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6366.exe
8⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
10⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
11⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
12⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
13⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
13⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
12⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
11⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 220
10⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
9⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 220
8⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-41691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41691.exe
8⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
9⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
10⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
11⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
12⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
13⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
14⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 236
13⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 236
12⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 236
11⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
10⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
9⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
8⤵
- Program crash
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
7⤵
- Program crash
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
6⤵
- Program crash
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
9⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
11⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe
12⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
13⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
14⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
14⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
13⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
12⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
11⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
10⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
11⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
12⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
13⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
13⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
12⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
11⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
10⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
11⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-39145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39145.exe
12⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
13⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
13⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
12⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
11⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
9⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
8⤵
- Program crash
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
10⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
11⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-13407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13407.exe
12⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 236
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
11⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
10⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
9⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
8⤵
- Program crash
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
7⤵
- Program crash
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-15971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15971.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
8⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
10⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-39649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39649.exe
11⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe
12⤵
PID:8812

C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
13⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 220
12⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
11⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
10⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
11⤵
PID:8976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
12⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
12⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
11⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
10⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-7710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7710.exe
7⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
10⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 204
11⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
10⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
- Program crash
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
7⤵
- Program crash
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
6⤵
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
5⤵
- Loads dropped DLL
- Program crash
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-62230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62230.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
8⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
10⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
11⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe
12⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
13⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 236
13⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
12⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
11⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
9⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
8⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
7⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
10⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
11⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
12⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
10⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
9⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
8⤵
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
7⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
7⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
9⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
10⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
11⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
12⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
12⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 236
10⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
9⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 216
8⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
7⤵
- Program crash
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
6⤵
- Program crash
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
5⤵
- Program crash
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
9⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
10⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-45250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45250.exe
11⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
12⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
13⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
14⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 220
14⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
13⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
12⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
11⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
10⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
11⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
12⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-22249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22249.exe
13⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 236
13⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
12⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
11⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
10⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
8⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
9⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
11⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
12⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
13⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 236
13⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
12⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
9⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 220
8⤵
- Program crash
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-14565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14565.exe
7⤵
- Executes dropped EXE
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
8⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
11⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
12⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
13⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 236
13⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
12⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
9⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
8⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
7⤵
- Program crash
PID:1184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
6⤵
- Program crash
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
8⤵
PID:800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 220
9⤵
- Program crash
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
8⤵
- Program crash
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
7⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
11⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
12⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
11⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
10⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
8⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 220
7⤵
- Program crash
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-14565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14565.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
7⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
9⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
11⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
12⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
13⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 216
12⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
11⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 236
10⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
10⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
11⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
12⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 236
11⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 236
10⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 220
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
8⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
7⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
6⤵
- Program crash
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
5⤵
- Program crash
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-1566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1566.exe
7⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
8⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
10⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
11⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-19342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19342.exe
12⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
13⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
13⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
12⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
11⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
10⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
11⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
12⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
10⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
9⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
7⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-63354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63354.exe
10⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
11⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
12⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 220
12⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 220
11⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 236
8⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
7⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
6⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
7⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
9⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
10⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
11⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
12⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
12⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 236
11⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
10⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
8⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
7⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
6⤵
- Program crash
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
6⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
8⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
9⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
10⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
11⤵
PID:11072

C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
11⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 220
11⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
10⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
9⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
8⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
7⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
6⤵
- Program crash
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
5⤵
- Program crash
PID:1292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
6⤵
- Program crash
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
8⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe
11⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
12⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
13⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
13⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
12⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
11⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
10⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
10⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
11⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
12⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 216
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 220
11⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
10⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
9⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
7⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
11⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\Unicorn-53364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53364.exe
12⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 236
12⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
11⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
10⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
9⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
8⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
7⤵
- Program crash
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
7⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-53136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53136.exe
10⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
11⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
12⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
12⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
11⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
10⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
7⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
9⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
10⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
11⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
12⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
11⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 236
10⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
8⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
7⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
6⤵
- Program crash
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 220
5⤵
- Program crash
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-42632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42632.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
8⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
10⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
11⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exe
12⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
13⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
13⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
12⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
11⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
10⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
9⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
8⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-5790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5790.exe
7⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-17205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17205.exe
10⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
11⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
12⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-8257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8257.exe
13⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
12⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
11⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 236
10⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
8⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
7⤵
- Program crash
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
7⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
9⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
10⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
11⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
12⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
12⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
11⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 236
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
9⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
8⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-38976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38976.exe
7⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
9⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe
10⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
11⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
12⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 236
11⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
10⤵
PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
8⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
7⤵
- Program crash
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
6⤵
- Program crash
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
7⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
8⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
9⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
11⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
12⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-61163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61163.exe
13⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
12⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
11⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 236
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
9⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
7⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
8⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
9⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-14598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14598.exe
10⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
11⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
11⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
10⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
9⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
8⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
7⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-4311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4311.exe
6⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
7⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
9⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
10⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-958.exe
11⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
11⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
10⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
9⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
8⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
7⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
6⤵
- Program crash
PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
5⤵
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
7⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
11⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
12⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-12053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12053.exe
13⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
13⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
12⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
11⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
10⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
11⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
12⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
12⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
11⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
10⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
8⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
7⤵
- Program crash
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
6⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
10⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe
11⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
12⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
12⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
11⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
10⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 216
8⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
9⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
10⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
11⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 220
10⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
9⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
8⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 220
7⤵
- Program crash
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 220
6⤵
- Program crash
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
7⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
9⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
10⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
12⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
12⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
11⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-35086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35086.exe
9⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 220
10⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 220
9⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
8⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
7⤵
- Program crash
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
6⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
7⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
8⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
9⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
10⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
11⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 220
11⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
10⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
9⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
7⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 220
6⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
5⤵
- Program crash
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:312

C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
6⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
7⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
8⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-56561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56561.exe
9⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
10⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
11⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 220
11⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
10⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
9⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
8⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 216
7⤵
PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
6⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
5⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
6⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
7⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
8⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
9⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
10⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
11⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 220
11⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
10⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
9⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
8⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 216
7⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
6⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
5⤵
- Program crash
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 220
4⤵
- Program crash
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1928

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
Filesize
184KB

MD5
8bb331680903f97b3fff6c269ad67613

SHA1
a81e837468daf8c96fbf04e4822dc57ecb938f82

SHA256
bea33926db5711509f22a5bd3bc613c72ea07c475064352ddb02ea0f58e76380

SHA512
ef083ef7bcbce015daa02438598072de42035c0b930e1c675c344561cb0368c3e06b502b60b19266f2b7d2b4ba5cc9182f4ced83f94044b23070427c5ac6ff48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
Filesize
184KB

MD5
ee5c538e7722617fb7111322106470ff

SHA1
7a19160db17b0919914a8533a1ea5ae674723cac

SHA256
d23b2c458216cc5aa326d79dfa38c3520d2bd4eca92592a2831cb8879bfa9e1d

SHA512
c00fd9e8dd5c9dfb2373218d87f04fc15f12918495efcb4a38832410b1adcfa05432679a1f288f51de4ff0d3a4b40e274f2297ae5ef93e5d393ea4e9abc738ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
Filesize
184KB

MD5
82d0ff7a420bd1f12ed412bf54a992dc

SHA1
fcf69339ca285400ba840826fd8489d4394ca8ab

SHA256
b4372798c71455d79ac3c252a6a3548df9e9eb921c1f2f49ce9c6484cc8012f1

SHA512
645910c62f60eac81c72cffc325c63bab63ff605c62dcbaef06cf4e1099997bc89e607af08319fc12d77513468f308e7f928ef773d9dc88716624671b88a5519

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
Filesize
184KB

MD5
997d27dc2bab4c079531a5d352e7f17a

SHA1
ac7bc203354098f72296e1d1634408147dbc97d4

SHA256
fbc0ccb687e3bf742d01ece188105a26fc6b195d3cb9dcca55156eeedc5c7133

SHA512
4a0c8cc881d60af12c687eeb93367306f6864957d1fef4c18bfea4c36bd0ed36f923fe1e31f7df025b5448af61a0114e67a48742c28a7a5b1384312f2567d379

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
Filesize
184KB

MD5
0dc3113eec53cb929bab8aa39f72fce5

SHA1
e5bb2949b7fcdce0f70be904b7c339b38e57c361

SHA256
6067add526b6735286ae49caaaab0375795b8bce2013161ab469873a93db2873

SHA512
145253c8df1e9d7edf3adc74d79c827374f980fe2a1cb26efffb2201ac2ab26db9c4d8443b803da11be516ee2d4b3d615c406da4564bdd7582042ca6c3fea435

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
Filesize
184KB

MD5
86e39b6ec746f4495a69eabd0c6047a8

SHA1
ec2077d8cb246e6fa3b990661221cdc45aa752b3

SHA256
1061e34e557ceb4e56a79969b0ec205e693423d287a0113f2bcc19601e3d3bb8

SHA512
b33393c701fbdd794e417430540772c99ef096c9e6ea57a868029c1d308e06838cb25294e13e225356971f7c7cf009ca09c69ac384f4d8c245fe2d0c9979be68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
Filesize
184KB

MD5
7d0300ec7315489e1a298ba6d59d55ed

SHA1
792933dbb0926398dcef3e2abf2b3a2d72b4ee7d

SHA256
5f3ecca804b85bb1bd5a984caf538f8a898aa35cc7e8eb0fa8f711a9e9529527

SHA512
339da060876ae2344c758a45aa0fbdcbfe26cd4b001066c53588898b8985d6878435c4c87e8e2a95ed0d2873edbc8fc372a6ddf8c5483e3ff8d4de67935df753

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
Filesize
184KB

MD5
011a20c1b6599c2bbeae945a19ac592c

SHA1
0dcba22e0ae57a9aba8d6a2be692bd4eda1079f7

SHA256
90ed8018cc25c6a0388120aca173be0518d2e5167e809ae8cde6b036f50649f7

SHA512
7fc6c9f4412aa93b09e8ea7b1e70fe23322c449f6cfe700d157de29bea17a95cf5d6f9c87e99f783df8479789917933aad3116286767be39358f459f54d78bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exe
Filesize
184KB

MD5
affd493009490d5766e3338853073fe9

SHA1
2921590138d960bbc17a10a644d8fa3d8b947fe1

SHA256
5f9492fc4ea91182d8a4c736bf8ad918b1e7ac2fd67f588985f7b085d3994654

SHA512
6584d4c0cb0a46c2f501271dc8373ad5920b9a6a69fbe63abd9c43b1a42681cc8993d9a153c8e9cbd76ae3aa352f21fa729a9ac2625072b27a30de2f61d1023a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
Filesize
184KB

MD5
532b64307faa4d52668cb9ac1a4c483a

SHA1
cf1a715c82b8a950d2c641f71627258052e9ddd7

SHA256
2ffe37dc6b9273bf230cfdf409bb75a9c0136723e6bef00c5e5563a6365a82f2

SHA512
363428f4bddababf56f0316e6421d7b92cb869180259f144df2211039c6af45a0c278dddd0dd4a169e65a6b79ef00803650ad696c9a87265e3d14bcb7271cef8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
Filesize
184KB

MD5
9e6e65f887573097deae5c3d33bbbf25

SHA1
14f533b87550c321c65942b092d277d66e1a2d25

SHA256
031fac3f125fe0c222753ba7633fb8df9731e695981a2a40dd800846619c85de

SHA512
0839fdc5f36cbc09690427919d54891ee288d3ae18012ad8824276f190e962b0c2fe6037f1c3bb5ed2073ff291c6b78cb304f2685a2e998683836a260445f58f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
Filesize
184KB

MD5
4c7e52092a6a35263f5bc5d9e439bc36

SHA1
e1d47e7f06a6fa85cba9f709ea096c36c3953220

SHA256
b2ce8ac5a80022c5ab031e9e04d84236892f2c54dc8852a8f82e2cf86788fd9f

SHA512
5187aa4c1bdb1c98fa88f9d14018773caa0a22404da9c7e5d963e511247ad4601185a8a6517cff752ba026d6639d68bc05b2b6c55bcc7ccec95fdaad2094997c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
Filesize
184KB

MD5
e71acaf4b9fe92971e94179f7e9bb482

SHA1
a90e874929dd14b8f2c3594aebd61405cf4e39d3

SHA256
28579b421597bfa79127955830b11f57df9c82fff7d57850402eccb5c9f6c4fb

SHA512
32bdb3527e3b07c44d86d1370474d61c5bed2cf0ffc58dbd8507c5cbce49e2d69935493952c85ce827e56311749f42af294e2f9784bcd0fef15fa187d01b76fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
Filesize
184KB

MD5
f39d1b566eb44abd4fe15125dd303186

SHA1
91624dc6bd8a06a81eaf31dcde06d949f440c3f6

SHA256
1013cc6a1baee5aa2bb45a71a5bf089694ff4de51061d9c9351bf4ee4e1f51f4

SHA512
47e9f9b1b0dae84c0d588894995e705d2ce7160559dcd8897c5fd18409f5790aaf86fdd8f2eb590f3bee0e42a51dfd0b3a277cf64d33ad9f1dfc6e4c730f3432

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
Filesize
184KB

MD5
0152af029dfdab1a0cd52ae96571f008

SHA1
81008b03a1b211d4d9fb2f374ac111425c2a2275

SHA256
2f53dd1f6a958c67a25117d923ae08d53210cf940be8b49cab9418528218dd97

SHA512
807fe44154b0d62d76d6617e9ec40f85e1b92b6f5211e0e8b9949ba0cef21701ef59072a943d438d7b4bb32674c2f9fda45e57378e5719568b46d0ebe41818c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
Filesize
184KB

MD5
4e85d773a829cfedca1d959a3b0b2e0b

SHA1
0815e9536ab3cbaea04fab7313d4de3d8107f2d5

SHA256
80fe00ed57b3395c0b8ba185d3a13e2a3006bcc94b108b5258f28f22a88a00f0

SHA512
b5679d8cb8c7317bd69c9a70deac10921ffa03353f2bbf9c9204f4401d898a209b82eb4c0c28fd2e3ba79194ff8c887fde62926bce52ee7747f0a58b6680f67f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
Filesize
184KB

MD5
be166f8ddf13f6af08bcd6f814cde578

SHA1
299c3c8735bfa13443f1c75141bbbbe1d5244d84

SHA256
b9d1251ee1f46701ad511936fb3c7f88e65628dc191a34e0728f9b1fa83ee504

SHA512
000c8807e815bd381d234f11f3a3d28bd90a20e77eea9e6c9dc5a8bc24fcded919de27bdadfd4f865811d80461aca4c13c5b8633d5d6d87c17737dcec9f467b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
Filesize
184KB

MD5
c362cef1fa17dff32938e15c44e8376b

SHA1
d0ec8799a3c33d2530d86f6f47c3e22a00ccd7ad

SHA256
610bae8ca4dc8dbb1db73d3aa50eb9cfdcdcb9d3114816a7b5a5d87e7b0811ee

SHA512
be709eaf82da81b02ca68b65d5c796d4e025a0098a7cce86d82578e2f6219f3b88eca7ccaf71029f5e215fedcef0ed4dc43f29c4dd88536e34325f3946914137

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
Filesize
184KB

MD5
b515059e37145468b97d9ff99c37fca7

SHA1
7f24ad06a2e5e9d4672968556a4506f7ef56a395

SHA256
767feb7263b1b39130047ca259743fb15fc0c87b137b3b5821ea8b50e454c562

SHA512
e556890f39381034810477d5c0cc7c176cddbf74d26ec5cdce4bb6867acd03a3f2a7dea15835de5de1ce075bbd1fa919cb0f309a629e2d93182d40e3dac650db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
Filesize
184KB

MD5
e864279e1a3de1c7ffb93c6676754198

SHA1
1d01fea1635b35015ce7a833123dac2417e9057c

SHA256
5c27dbdc07385e63443eb32231bce59401813cbb75d27538ab6ee0f93b5c299b

SHA512
d20b37476c2591d89f9c65ace8b82d58c040abac0fac32412591a320aa86b062e9ffcbbde6835360dc7374be8837de0de8a48f276f716b23b779f9c3ad557894

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads