a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe
Size

184KB
MD5

29645aa52669e06a2c5771104d8b762e
SHA1

265a0d767d0a781cabed8854f5d1248c874f465a
SHA256

a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a
SHA512

ffb7f211c72cc332d37a5d58fc00d22a570ceade42296aae1ea2f1889d7b4536a73d150c0619c55ef251e2e11d5f41a3e1b1d64062193cab39f3304c6ea66f75
SSDEEP

1536:LBSJ6jZl03Nxotx1BqOAlawMG29yvZc8SmddjLLR2Vz4tfhl5hj5nizpvE:t343NxoTzqOTdG4We0LLRKWfhlnViFs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-42741.exeUnicorn-1737.exeUnicorn-58234.exeUnicorn-13647.exeUnicorn-33513.exeUnicorn-50726.exeUnicorn-38337.exeUnicorn-29432.exeUnicorn-42430.exeUnicorn-32851.exeUnicorn-52717.exeUnicorn-563.exeUnicorn-18893.exeUnicorn-32083.exeUnicorn-22292.exeUnicorn-10190.exeUnicorn-2702.exeUnicorn-2380.exeUnicorn-23206.exeUnicorn-34476.exeUnicorn-36553.exeUnicorn-3942.exeUnicorn-21478.exeUnicorn-5943.exeUnicorn-32647.exeUnicorn-10494.exeUnicorn-31320.exeUnicorn-28824.exeUnicorn-41822.exeUnicorn-11802.exeUnicorn-9726.exeUnicorn-1937.exeUnicorn-49877.exeUnicorn-14744.exeUnicorn-2129.exeUnicorn-24962.exeUnicorn-20397.exeUnicorn-57485.exeUnicorn-53982.exeUnicorn-25908.exeUnicorn-9078.exeUnicorn-39482.exeUnicorn-26676.exeUnicorn-51476.exeUnicorn-18446.exeUnicorn-65077.exeUnicorn-39281.exeUnicorn-6478.exeUnicorn-56878.exeUnicorn-36654.exeUnicorn-6800.exeUnicorn-50360.exeUnicorn-21518.exeUnicorn-3982.exeUnicorn-37745.exeUnicorn-23848.exeUnicorn-50031.exeUnicorn-16652.exeUnicorn-1541.exeUnicorn-27861.exeUnicorn-17769.exeUnicorn-8744.exeUnicorn-22511.exeUnicorn-40073.exe

pid	process
2248	Unicorn-42741.exe
2680	Unicorn-1737.exe
2424	Unicorn-58234.exe
2516	Unicorn-13647.exe
1556	Unicorn-33513.exe
1540	Unicorn-50726.exe
372	Unicorn-38337.exe
1052	Unicorn-29432.exe
460	Unicorn-42430.exe
1832	Unicorn-32851.exe
1664	Unicorn-52717.exe
2020	Unicorn-563.exe
1776	Unicorn-18893.exe
800	Unicorn-32083.exe
2588	Unicorn-22292.exe
2724	Unicorn-10190.exe
2916	Unicorn-2702.exe
2904	Unicorn-2380.exe
1572	Unicorn-23206.exe
328	Unicorn-34476.exe
976	Unicorn-36553.exe
920	Unicorn-3942.exe
980	Unicorn-21478.exe
1740	Unicorn-5943.exe
2072	Unicorn-32647.exe
2928	Unicorn-10494.exe
2268	Unicorn-31320.exe
1588	Unicorn-28824.exe
1712	Unicorn-41822.exe
2204	Unicorn-11802.exe
1464	Unicorn-9726.exe
2472	Unicorn-1937.exe
2488	Unicorn-49877.exe
2560	Unicorn-14744.exe
2556	Unicorn-2129.exe
2468	Unicorn-24962.exe
1428	Unicorn-20397.exe
536	Unicorn-57485.exe
1940	Unicorn-53982.exe
1680	Unicorn-25908.exe
2432	Unicorn-9078.exe
1944	Unicorn-39482.exe
1956	Unicorn-26676.exe
2120	Unicorn-51476.exe
2908	Unicorn-18446.exe
1816	Unicorn-65077.exe
1484	Unicorn-39281.exe
1968	Unicorn-6478.exe
1972	Unicorn-56878.exe
1068	Unicorn-36654.exe
840	Unicorn-6800.exe
3036	Unicorn-50360.exe
880	Unicorn-21518.exe
1716	Unicorn-3982.exe
1216	Unicorn-37745.exe
2236	Unicorn-23848.exe
2332	Unicorn-50031.exe
2500	Unicorn-16652.exe
1308	Unicorn-1541.exe
624	Unicorn-27861.exe
1112	Unicorn-17769.exe
1488	Unicorn-8744.exe
3020	Unicorn-22511.exe
1128	Unicorn-40073.exe

Loads dropped DLL 64 IoCs

Processes:

a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exeUnicorn-42741.exeUnicorn-1737.exeUnicorn-58234.exeWerFault.exeUnicorn-13647.exeUnicorn-50726.exeWerFault.exeWerFault.exeUnicorn-33513.exeUnicorn-38337.exeUnicorn-29432.exeUnicorn-42430.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-32851.exeUnicorn-52717.exe

pid	process
2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe
2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe
2248	Unicorn-42741.exe
2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe
2248	Unicorn-42741.exe
2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe
2248	Unicorn-42741.exe
2680	Unicorn-1737.exe
2680	Unicorn-1737.exe
2424	Unicorn-58234.exe
2248	Unicorn-42741.exe
2424	Unicorn-58234.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2516	Unicorn-13647.exe
2516	Unicorn-13647.exe
1540	Unicorn-50726.exe
1540	Unicorn-50726.exe
2680	Unicorn-1737.exe
2680	Unicorn-1737.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe
1556	Unicorn-33513.exe
1556	Unicorn-33513.exe
372	Unicorn-38337.exe
372	Unicorn-38337.exe
2516	Unicorn-13647.exe
2516	Unicorn-13647.exe
1052	Unicorn-29432.exe
1052	Unicorn-29432.exe
1540	Unicorn-50726.exe
460	Unicorn-42430.exe
460	Unicorn-42430.exe
1540	Unicorn-50726.exe
3012	WerFault.exe
3012	WerFault.exe
3012	WerFault.exe
3012	WerFault.exe
3012	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2712	WerFault.exe
2720	WerFault.exe
1832	Unicorn-32851.exe
1832	Unicorn-32851.exe
1664	Unicorn-52717.exe
372	Unicorn-38337.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2612	2812	WerFault.exe	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe
2100	2248	WerFault.exe	Unicorn-42741.exe
2196	2680	WerFault.exe	Unicorn-1737.exe
1912	2424	WerFault.exe	Unicorn-58234.exe
3012	2516	WerFault.exe	Unicorn-13647.exe
2712	1556	WerFault.exe	Unicorn-33513.exe
2720	1540	WerFault.exe	Unicorn-50726.exe
1668	372	WerFault.exe	Unicorn-38337.exe
1508	1052	WerFault.exe	Unicorn-29432.exe
2728	460	WerFault.exe	Unicorn-42430.exe
2524	328	WerFault.exe	Unicorn-34476.exe
2764	1832	WerFault.exe	Unicorn-32851.exe
2784	1664	WerFault.exe	Unicorn-52717.exe
680	2020	WerFault.exe	Unicorn-563.exe
576	800	WerFault.exe	Unicorn-32083.exe
760	2588	WerFault.exe	Unicorn-22292.exe
1348	1776	WerFault.exe	Unicorn-18893.exe
3056	2724	WerFault.exe	Unicorn-10190.exe
2536	2904	WerFault.exe	Unicorn-2380.exe
2700	1572	WerFault.exe	Unicorn-23206.exe
2616	2916	WerFault.exe	Unicorn-2702.exe
1212	976	WerFault.exe	Unicorn-36553.exe
1188	920	WerFault.exe	Unicorn-3942.exe
2140	980	WerFault.exe	Unicorn-21478.exe
2344	2072	WerFault.exe	Unicorn-32647.exe
2752	1740	WerFault.exe	Unicorn-5943.exe
1896	2488	WerFault.exe	Unicorn-49877.exe
1424	2268	WerFault.exe	Unicorn-31320.exe
1512	2556	WerFault.exe	Unicorn-2129.exe
720	1428	WerFault.exe	Unicorn-20397.exe
2088	2928	WerFault.exe	Unicorn-10494.exe
1748	1944	WerFault.exe	Unicorn-39482.exe
2428	1816	WerFault.exe	Unicorn-65077.exe
2316	1968	WerFault.exe	Unicorn-6478.exe
2132	1680	WerFault.exe	Unicorn-25908.exe
3104	1484	WerFault.exe	Unicorn-39281.exe
3340	840	WerFault.exe	Unicorn-6800.exe
3368	1956	WerFault.exe	Unicorn-26676.exe
3556	2332	WerFault.exe	Unicorn-50031.exe
3624	624	WerFault.exe	Unicorn-27861.exe
3724	2472	WerFault.exe	Unicorn-1937.exe
3732	2204	WerFault.exe	Unicorn-11802.exe
3764	1972	WerFault.exe	Unicorn-56878.exe
3844	1940	WerFault.exe	Unicorn-53982.exe
3860	1464	WerFault.exe	Unicorn-9726.exe
3892	2432	WerFault.exe	Unicorn-9078.exe
3912	2120	WerFault.exe	Unicorn-51476.exe
3920	2560	WerFault.exe	Unicorn-14744.exe
3944	2908	WerFault.exe	Unicorn-18446.exe
3980	536	WerFault.exe	Unicorn-57485.exe
3992	1588	WerFault.exe	Unicorn-28824.exe
4068	880	WerFault.exe	Unicorn-21518.exe
3124	1712	WerFault.exe	Unicorn-41822.exe
3140	1716	WerFault.exe	Unicorn-3982.exe
3168	2468	WerFault.exe	Unicorn-24962.exe
3176	3036	WerFault.exe	Unicorn-50360.exe
3512	2236	WerFault.exe	Unicorn-23848.exe
3868	2396	WerFault.exe	Unicorn-51588.exe
3336	1308	WerFault.exe	Unicorn-1541.exe
3404	2032	WerFault.exe	Unicorn-42621.exe
3428	2380	WerFault.exe	Unicorn-3057.exe
3540	2632	WerFault.exe	Unicorn-62688.exe
3592	1068	WerFault.exe	Unicorn-36654.exe
4076	1128	WerFault.exe	Unicorn-40073.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exeUnicorn-42741.exeUnicorn-1737.exeUnicorn-58234.exeUnicorn-13647.exeUnicorn-50726.exeUnicorn-33513.exeUnicorn-38337.exeUnicorn-29432.exeUnicorn-42430.exeUnicorn-32851.exeUnicorn-52717.exeUnicorn-563.exeUnicorn-32083.exeUnicorn-18893.exeUnicorn-22292.exeUnicorn-10190.exeUnicorn-2702.exeUnicorn-2380.exeUnicorn-23206.exeUnicorn-34476.exeUnicorn-3942.exeUnicorn-21478.exeUnicorn-36553.exeUnicorn-5943.exeUnicorn-32647.exeUnicorn-10494.exeUnicorn-31320.exeUnicorn-11802.exeUnicorn-9726.exeUnicorn-28824.exeUnicorn-41822.exeUnicorn-14744.exeUnicorn-1937.exeUnicorn-49877.exeUnicorn-2129.exeUnicorn-24962.exeUnicorn-20397.exeUnicorn-57485.exeUnicorn-53982.exeUnicorn-25908.exeUnicorn-9078.exeUnicorn-39482.exeUnicorn-26676.exeUnicorn-51476.exeUnicorn-18446.exeUnicorn-65077.exeUnicorn-39281.exeUnicorn-6478.exeUnicorn-56878.exeUnicorn-36654.exeUnicorn-50360.exeUnicorn-6800.exeUnicorn-3982.exeUnicorn-21518.exeUnicorn-37745.exeUnicorn-50031.exeUnicorn-16652.exeUnicorn-1541.exeUnicorn-27861.exeUnicorn-22511.exeUnicorn-8744.exeUnicorn-17769.exeUnicorn-40073.exe

pid	process
2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe
2248	Unicorn-42741.exe
2680	Unicorn-1737.exe
2424	Unicorn-58234.exe
2516	Unicorn-13647.exe
1540	Unicorn-50726.exe
1556	Unicorn-33513.exe
372	Unicorn-38337.exe
1052	Unicorn-29432.exe
460	Unicorn-42430.exe
1832	Unicorn-32851.exe
1664	Unicorn-52717.exe
2020	Unicorn-563.exe
800	Unicorn-32083.exe
1776	Unicorn-18893.exe
2588	Unicorn-22292.exe
2724	Unicorn-10190.exe
2916	Unicorn-2702.exe
2904	Unicorn-2380.exe
1572	Unicorn-23206.exe
328	Unicorn-34476.exe
920	Unicorn-3942.exe
980	Unicorn-21478.exe
976	Unicorn-36553.exe
1740	Unicorn-5943.exe
2072	Unicorn-32647.exe
2928	Unicorn-10494.exe
2268	Unicorn-31320.exe
2204	Unicorn-11802.exe
1464	Unicorn-9726.exe
1588	Unicorn-28824.exe
1712	Unicorn-41822.exe
2560	Unicorn-14744.exe
2472	Unicorn-1937.exe
2488	Unicorn-49877.exe
2556	Unicorn-2129.exe
2468	Unicorn-24962.exe
1428	Unicorn-20397.exe
536	Unicorn-57485.exe
1940	Unicorn-53982.exe
1680	Unicorn-25908.exe
2432	Unicorn-9078.exe
1944	Unicorn-39482.exe
1956	Unicorn-26676.exe
2120	Unicorn-51476.exe
2908	Unicorn-18446.exe
1816	Unicorn-65077.exe
1484	Unicorn-39281.exe
1968	Unicorn-6478.exe
1972	Unicorn-56878.exe
1068	Unicorn-36654.exe
3036	Unicorn-50360.exe
840	Unicorn-6800.exe
1716	Unicorn-3982.exe
880	Unicorn-21518.exe
1216	Unicorn-37745.exe
2332	Unicorn-50031.exe
2500	Unicorn-16652.exe
1308	Unicorn-1541.exe
624	Unicorn-27861.exe
3020	Unicorn-22511.exe
1488	Unicorn-8744.exe
1112	Unicorn-17769.exe
1128	Unicorn-40073.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exeUnicorn-42741.exeUnicorn-1737.exeUnicorn-58234.exeUnicorn-13647.exeUnicorn-50726.exeUnicorn-33513.exeUnicorn-38337.exe

description	pid	process	target process
PID 2812 wrote to memory of 2248	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	Unicorn-42741.exe
PID 2812 wrote to memory of 2248	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	Unicorn-42741.exe
PID 2812 wrote to memory of 2248	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	Unicorn-42741.exe
PID 2812 wrote to memory of 2248	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	Unicorn-42741.exe
PID 2248 wrote to memory of 2680	2248	Unicorn-42741.exe	Unicorn-1737.exe
PID 2248 wrote to memory of 2680	2248	Unicorn-42741.exe	Unicorn-1737.exe
PID 2248 wrote to memory of 2680	2248	Unicorn-42741.exe	Unicorn-1737.exe
PID 2248 wrote to memory of 2680	2248	Unicorn-42741.exe	Unicorn-1737.exe
PID 2812 wrote to memory of 2424	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	Unicorn-58234.exe
PID 2812 wrote to memory of 2424	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	Unicorn-58234.exe
PID 2812 wrote to memory of 2424	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	Unicorn-58234.exe
PID 2812 wrote to memory of 2424	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	Unicorn-58234.exe
PID 2812 wrote to memory of 2612	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	WerFault.exe
PID 2812 wrote to memory of 2612	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	WerFault.exe
PID 2812 wrote to memory of 2612	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	WerFault.exe
PID 2812 wrote to memory of 2612	2812	a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe	WerFault.exe
PID 2680 wrote to memory of 1556	2680	Unicorn-1737.exe	Unicorn-33513.exe
PID 2680 wrote to memory of 1556	2680	Unicorn-1737.exe	Unicorn-33513.exe
PID 2680 wrote to memory of 1556	2680	Unicorn-1737.exe	Unicorn-33513.exe
PID 2680 wrote to memory of 1556	2680	Unicorn-1737.exe	Unicorn-33513.exe
PID 2248 wrote to memory of 2516	2248	Unicorn-42741.exe	Unicorn-13647.exe
PID 2248 wrote to memory of 2516	2248	Unicorn-42741.exe	Unicorn-13647.exe
PID 2248 wrote to memory of 2516	2248	Unicorn-42741.exe	Unicorn-13647.exe
PID 2248 wrote to memory of 2516	2248	Unicorn-42741.exe	Unicorn-13647.exe
PID 2424 wrote to memory of 1540	2424	Unicorn-58234.exe	Unicorn-50726.exe
PID 2424 wrote to memory of 1540	2424	Unicorn-58234.exe	Unicorn-50726.exe
PID 2424 wrote to memory of 1540	2424	Unicorn-58234.exe	Unicorn-50726.exe
PID 2424 wrote to memory of 1540	2424	Unicorn-58234.exe	Unicorn-50726.exe
PID 2248 wrote to memory of 2100	2248	Unicorn-42741.exe	WerFault.exe
PID 2248 wrote to memory of 2100	2248	Unicorn-42741.exe	WerFault.exe
PID 2248 wrote to memory of 2100	2248	Unicorn-42741.exe	WerFault.exe
PID 2248 wrote to memory of 2100	2248	Unicorn-42741.exe	WerFault.exe
PID 2516 wrote to memory of 372	2516	Unicorn-13647.exe	Unicorn-38337.exe
PID 2516 wrote to memory of 372	2516	Unicorn-13647.exe	Unicorn-38337.exe
PID 2516 wrote to memory of 372	2516	Unicorn-13647.exe	Unicorn-38337.exe
PID 2516 wrote to memory of 372	2516	Unicorn-13647.exe	Unicorn-38337.exe
PID 1540 wrote to memory of 1052	1540	Unicorn-50726.exe	Unicorn-29432.exe
PID 1540 wrote to memory of 1052	1540	Unicorn-50726.exe	Unicorn-29432.exe
PID 1540 wrote to memory of 1052	1540	Unicorn-50726.exe	Unicorn-29432.exe
PID 1540 wrote to memory of 1052	1540	Unicorn-50726.exe	Unicorn-29432.exe
PID 2680 wrote to memory of 460	2680	Unicorn-1737.exe	Unicorn-42430.exe
PID 2680 wrote to memory of 460	2680	Unicorn-1737.exe	Unicorn-42430.exe
PID 2680 wrote to memory of 460	2680	Unicorn-1737.exe	Unicorn-42430.exe
PID 2680 wrote to memory of 460	2680	Unicorn-1737.exe	Unicorn-42430.exe
PID 2680 wrote to memory of 2196	2680	Unicorn-1737.exe	WerFault.exe
PID 2680 wrote to memory of 2196	2680	Unicorn-1737.exe	WerFault.exe
PID 2680 wrote to memory of 2196	2680	Unicorn-1737.exe	WerFault.exe
PID 2680 wrote to memory of 2196	2680	Unicorn-1737.exe	WerFault.exe
PID 2424 wrote to memory of 1912	2424	Unicorn-58234.exe	WerFault.exe
PID 2424 wrote to memory of 1912	2424	Unicorn-58234.exe	WerFault.exe
PID 2424 wrote to memory of 1912	2424	Unicorn-58234.exe	WerFault.exe
PID 2424 wrote to memory of 1912	2424	Unicorn-58234.exe	WerFault.exe
PID 1556 wrote to memory of 1832	1556	Unicorn-33513.exe	Unicorn-32851.exe
PID 1556 wrote to memory of 1832	1556	Unicorn-33513.exe	Unicorn-32851.exe
PID 1556 wrote to memory of 1832	1556	Unicorn-33513.exe	Unicorn-32851.exe
PID 1556 wrote to memory of 1832	1556	Unicorn-33513.exe	Unicorn-32851.exe
PID 372 wrote to memory of 1664	372	Unicorn-38337.exe	Unicorn-52717.exe
PID 372 wrote to memory of 1664	372	Unicorn-38337.exe	Unicorn-52717.exe
PID 372 wrote to memory of 1664	372	Unicorn-38337.exe	Unicorn-52717.exe
PID 372 wrote to memory of 1664	372	Unicorn-38337.exe	Unicorn-52717.exe
PID 2516 wrote to memory of 2020	2516	Unicorn-13647.exe	Unicorn-563.exe
PID 2516 wrote to memory of 2020	2516	Unicorn-13647.exe	Unicorn-563.exe
PID 2516 wrote to memory of 2020	2516	Unicorn-13647.exe	Unicorn-563.exe
PID 2516 wrote to memory of 2020	2516	Unicorn-13647.exe	Unicorn-563.exe

C:\Users\Admin\AppData\Local\Temp\a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe
"C:\Users\Admin\AppData\Local\Temp\a98fe8ed6993c697d380ac430dd164718a13de47ca85440b4506bdedd320126a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-42741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42741.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-33513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33513.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-57485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57485.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-1541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1541.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
10⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
11⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
12⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-51916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51916.exe
13⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-20252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20252.exe
14⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
15⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
15⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
14⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
13⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
12⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
11⤵
- Program crash
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
10⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
11⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
12⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
13⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
14⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 236
14⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 236
13⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
12⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
11⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 220
10⤵
- Program crash
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-11173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11173.exe
9⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
10⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
11⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
12⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
13⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 236
13⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
12⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
11⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
10⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
9⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
9⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
10⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
11⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
12⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
13⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-17658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17658.exe
14⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
13⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
12⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
11⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
10⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 236
9⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
8⤵
- Program crash
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-53982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53982.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
10⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
11⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
12⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
13⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 236
13⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
12⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
11⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
9⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
8⤵
- Program crash
PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
7⤵
- Program crash
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
9⤵
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
10⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-7085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7085.exe
11⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
12⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
13⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
14⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
14⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
13⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
12⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
11⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 216
10⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
9⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
8⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
10⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
11⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
12⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
13⤵
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
13⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
12⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
11⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
9⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
8⤵
- Program crash
PID:720

C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
8⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
9⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-22000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22000.exe
10⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-48749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48749.exe
11⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
12⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 220
13⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 236
12⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
11⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
10⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-15154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15154.exe
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
11⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe
12⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 188
13⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
12⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
11⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
10⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
8⤵
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
- Program crash
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
6⤵
- Program crash
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:460

C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
8⤵
- Executes dropped EXE
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-16383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16383.exe
9⤵
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
10⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
11⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
12⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
13⤵
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
13⤵
PID:1080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
12⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
11⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 236
10⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
9⤵
- Program crash
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
8⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
10⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
11⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
12⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
13⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
13⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 236
12⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
11⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
9⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
- Program crash
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
8⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
11⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
12⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 236
12⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 236
11⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
10⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 216
9⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
8⤵
- Program crash
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
7⤵
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
8⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
10⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
11⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
12⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
13⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
13⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
12⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
11⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
10⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 236
9⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 236
8⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
7⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
9⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
10⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
11⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
11⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
9⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
8⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
7⤵
- Program crash
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
6⤵
- Program crash
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-56878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56878.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
8⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
9⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
11⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
12⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 236
12⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
10⤵
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
9⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
8⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
7⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
8⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
11⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
12⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
12⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 236
11⤵
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
10⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
9⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
8⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
7⤵
- Program crash
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
7⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-62196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62196.exe
8⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
9⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-28777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28777.exe
11⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
12⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
12⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 236
11⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 236
10⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
9⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
8⤵
- Program crash
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
7⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-15193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15193.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
10⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 236
11⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 236
10⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 236
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
8⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
7⤵
- Program crash
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 220
6⤵
- Program crash
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 460 -s 240
5⤵
- Program crash
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
9⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe
11⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
12⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
13⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
13⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 236
12⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
11⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
10⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
9⤵
- Program crash
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
8⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
10⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
11⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
12⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
12⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
11⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
10⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 216
9⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
8⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
8⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
10⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
11⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
12⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
12⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
11⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
10⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
9⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
8⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
7⤵
- Program crash
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
8⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-43377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43377.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-13426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13426.exe
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
11⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
12⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
13⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 216
13⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
12⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 236
11⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
10⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
9⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
10⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
11⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
12⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 236
12⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 236
11⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
10⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
9⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
7⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
9⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
11⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 236
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
10⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
8⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
7⤵
- Program crash
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
6⤵
- Program crash
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
8⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
9⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
10⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
11⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
12⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
13⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 236
13⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 236
12⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
11⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
10⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
9⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
8⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
7⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-29345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29345.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
10⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
11⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
12⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
12⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 236
11⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
8⤵
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 220
7⤵
- Program crash
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
7⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
8⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
9⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
10⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
11⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
12⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
12⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
11⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
9⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
8⤵
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
7⤵
- Program crash
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
6⤵
- Program crash
PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 240
5⤵
- Program crash
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-26676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26676.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-13954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13954.exe
7⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
9⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
10⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
11⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
12⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
12⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
8⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
7⤵
- Program crash
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
6⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-42220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42220.exe
7⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-9593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9593.exe
8⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
9⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
10⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
11⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 236
11⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
10⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 236
9⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
8⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
7⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
6⤵
- Program crash
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
5⤵
- Program crash
PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
9⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
10⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
11⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
12⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
13⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
13⤵
PID:2856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
12⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
11⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
10⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
9⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
8⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5542.exe
10⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
11⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
12⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
13⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
12⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
11⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
9⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
8⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
8⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-9547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9547.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
10⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
11⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
12⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
13⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
13⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 236
12⤵
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
11⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
9⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
8⤵
- Program crash
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
7⤵
- Program crash
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-27712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27712.exe
8⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-37709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37709.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
10⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
11⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
12⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 236
12⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
11⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
10⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
9⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
8⤵
- Program crash
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-44359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44359.exe
7⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-49087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49087.exe
9⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe
10⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-65146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65146.exe
11⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
10⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
8⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
7⤵
- Program crash
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
6⤵
- Program crash
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
6⤵
- Program crash
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
5⤵
- Program crash
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
8⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
11⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
12⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
12⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
11⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
10⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
9⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
8⤵
- Program crash
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe
7⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-35551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35551.exe
10⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
11⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 236
11⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 236
10⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 236
8⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
7⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
8⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-52305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52305.exe
11⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
12⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
12⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
11⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
10⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
9⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
8⤵
- Program crash
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
7⤵
- Program crash
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
6⤵
- Program crash
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-25908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25908.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
10⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
11⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
12⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
12⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 236
11⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
9⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
8⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
7⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-53936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53936.exe
7⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
8⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-39355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39355.exe
9⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
10⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
9⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
8⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
7⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
6⤵
- Program crash
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
5⤵
- Program crash
PID:576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
2⤵
- Program crash
PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe

Filesize
184KB

MD5
5a6a9c7810171c7ac19da063fe04a572

SHA1
cc174c3d6d89600843a6d847bbfee78685c568a9

SHA256
ed7a3add34bd697f3931a530bee13f7bb6fd714b71c5d6e02942fd1b21976766

SHA512
ff310861bf427ea8280304ed82b46874d7b4f2903675ee13ce53fe99233f1a6b06ecc0923949ab08fbbc34a0895fb79013f06dfde2a92bf706ba883cfbbdce75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe

Filesize
184KB

MD5
6a039272b6a87315fd1fdf78d8c235ed

SHA1
968237769a527d2b98c1ddc9c06424daf8a3d2e8

SHA256
74342b777d1187f905942d93fcddb791d43478343e38e8b5d17cb61a13168bec

SHA512
e9da48050758d21459312512d2fd8749b8f4aa19b70ecd197cd1869f816515d0668b9d357af9485c23594f0d1937a8f54873ae903535d00e61581f920520b749

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe

Filesize
184KB

MD5
b2a3592b5192342b3e4c87b8db4821bd

SHA1
fe09f30c468f280d7604591e60d56d79a4613761

SHA256
63f2a7cbe12e8fd52763980b81ebcb65b102d3b661e5d4c0339518bc7b149993

SHA512
dc7d3895329dbaba3c7d9f67b3b857aea1986e31ef35a9f051e2e6c1ed45ffe8fce9b65b0e18ae664da5a90166cd9f5fee630a5f431fd6cfbb74bc045248e61b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe

Filesize
184KB

MD5
3ce51f3137690f12e194585555cb8106

SHA1
ab6e1598b9a645732eb03cd6afd40ee7dee17c23

SHA256
17dbb0ebb0dd86b46ce151870cf2746c1f5eb98c90e29804bb3e8542bf7c96ab

SHA512
c4fbba01c25b850dd576c3027263f2fbfeac635d6bada7b0680f2870b6e878a6a7565d6f84118ef0610b541b4560cf45ef6b3a57c2eeb7a4cf2cb9ba26bac033

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe

Filesize
184KB

MD5
f98794fdd64bde21dbfaccafc93084ff

SHA1
edd40b81c0d5e5ff2cff8c8a98069db5b6966cb2

SHA256
459c5f77c49bcc113f4f37a66d009ac2c645e012a0746ef0ba95c7d084d825e6

SHA512
ce6c2d7e646b97c29845d6a29b61989d41eb30c3c3393d72cb06d2d076613adedd87ea5a0be45a390840bbd24892e279a3125cb6e901c3e3a6e88020569cab5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe

Filesize
184KB

MD5
dcef53859f2d1828d674818bde1ee6cd

SHA1
4515773f01c5cab83c2eebe9bf1d48097b222298

SHA256
372bfe7c83c97aa181386399e2f3fc58dbb7f3771ae5aa41f9b0169ae46bb521

SHA512
d5df4e9bd4c97bea4651255e4747f2ca5ee4617b6d31f0165efdaaa8dc37c32033c6f07cd7ce4ce4e43cd049d3a20ba8c754b128f1d1795120fc6c6708c5246a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe

Filesize
184KB

MD5
9055579a36ecf6d808fd57f6718cf73f

SHA1
97002805b3265aeb2fbcc0d82c833ff7f78bdc85

SHA256
777c3e80c44297ab3eb0db721c6ad55f2eef2c11b9d723838ee85c129fa9286e

SHA512
ea8417f387cd94d124440e300832ddb87317e038640b559669b9a3ec2b10068af80071da1c56bbc6693974373570581ebc23e5da5dd7b9a52cc18ac6da4f581f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe

Filesize
184KB

MD5
20562f254385b105f0b8b502fa7b250c

SHA1
8fdd591c74300ee2cb673a0e0ac3b50e219c99c8

SHA256
261819e6149ea372b431e8e990e450bdedc624d6eb636a3ec93b2ee776381c0a

SHA512
e9cb5ebb32496e606c69daf3f7bd3681ef2f3b70f8b1b776a999a68a09e1f8f5a5c570547eff9a2d5d93493b66e59f97f0983e533208b893e143471b0400bbb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe

Filesize
184KB

MD5
1e5f6ac4663d1b58af56f08e6dd458da

SHA1
64539583f0bc1cf7b879345f5cf9281548feef90

SHA256
11bdd2dd33f9fa354fa63ca887731f7d4ee3d44cdecf5d74c91c4e1b46bd5e6f

SHA512
91ae4dbfead6df460e0a569f6b812f1b5f55b6eb7dd6a0122520687c40f922d2c70ec3eb7ac0f4c1e26a45d6e0a712ec83d644575c596821a965a92ebdf0eec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe

Filesize
184KB

MD5
54ff9c0d72a0bcbdc10cadb833d33f7e

SHA1
268732b1491567498dbff4e0f722788a34d5c5d3

SHA256
1a1e999d77bb40ba35311c3dd0ddb1d30d8e23c84a0b98b3d9c90e8f5485f3e6

SHA512
26cc5caf524dc848ae71b150bf9c4e96af6163a36f15596719a15122b4425273a175b9d06b6f8d8a66d8821a430ea8da8ef3e25b19942cf9a306160515535fce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe

Filesize
184KB

MD5
74382f532ba319a5c9ec146e7b7a8e2f

SHA1
0085bb93d09eab13bbafa9de9e9f6e05d9b2d313

SHA256
085b73051bf1e3d5e28e96e027e3d363316e850fa26ba43140941b40f6481f36

SHA512
c60ab57f012a21e5a6ab5595a3d65f0090b24a350085bb37f152beeaa271041b433bcd8879381882d449c77bdab7280c220f1c761b2ace7c77abfe667873f8ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe

Filesize
184KB

MD5
936667a239b20c9ce2b4d3245551023a

SHA1
f83d2d1694069b79e16023ad64e30de23fb969a6

SHA256
d99a939a07c8bb1f48fb00ffacdea4d71038b7a3aa58186170a6e9338bf24e79

SHA512
e50b5260a889e0e48330de76dfb941434a115e36897b1c2c5863b333614e0b73393ac5fa8ac8c9ff891fb351aae48b7ed1fcd0703e47791a7249c2c3d9a7e59b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33513.exe

Filesize
184KB

MD5
68b3d37bb67e98565109ad193f103607

SHA1
fb129c2eb3be462af04f55ae53ba22062a401b54

SHA256
bc6a82df22f0de33054739f101bd08e789e362a27a3592c8a37b81066fe401ab

SHA512
dc7a7f3af7190218277d8739ff83d39a3dd5d23974c86e35100a05615c0596aa117fe2d3601916dc6e8bb22cad9528d7903109b39055e41d556372cb1f8c4533

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe

Filesize
184KB

MD5
9768a435eb3f76b5292a25cf83014d55

SHA1
0dcc073cfc734a4063637eb0fc5ffefb20ed4eec

SHA256
96694d93b46374e3bb3e24950e2d45856449a2103e73ea9c00e14691510453dd

SHA512
af38b15f23fcce3639533f990885571a6b71b8d7eabbeeda546a49f6e9a1a44cef8bf41b2f4e2c6db2b1826e73af327d80f7d4c818a5c370ad460cca1ad23819

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe

Filesize
184KB

MD5
f192059298170e260dee7d5db66fbd7f

SHA1
7714e39400cb3e8fd1bab74f8e6c009b45bedc29

SHA256
61b9477625bf9e2a17b89c4af64a237eabe3be07f99ef88df9e8fda00b3d9558

SHA512
7f6e40f55263be51462428422dad6cfa3da0278fc73cc8bf8a463c9d98f278c4c43cfc7b9a7e718249ac1fdb6e843ea7439503f5b963863f8701eaf8fdb9dc73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42741.exe

Filesize
184KB

MD5
45a2a10670f4b05eb5c8650f9c68f767

SHA1
99929a9f3a9934f454e3ad5db7230a508d6a5361

SHA256
979298c9586df1e240ccc53d3f897ef7ef2a8b3baf65a4446429573267834d6c

SHA512
8d8ac3c3d3ffe05f1c4bdc5df399df1eca9aff59a81c8ed1cfe1747514766d0e31be607a6eb8e759e0cff0fb1ebe3aec87d8316f585f590d9fb45714d92cbbd9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-563.exe

Filesize
184KB

MD5
f990a920222c7726640bff3610cfcd1a

SHA1
5e243f4ea2150ab23e328fcd84093e46cef61b7f

SHA256
646799257a45b6bc26346ee0f945600513903f81d134ac2d9edc07e63056b7cc

SHA512
3349f459540d2766ae917ee6291f39b63a6cf48d95ceebc4e9a5e7f4bca8747b93fbc59c9fbf1d164a1fc8093690dce82a2369d6dcf3198e51cb2acc443d396c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe

Filesize
184KB

MD5
8b7e17c27b5b00a76ce0931d8f4b7d5e

SHA1
f4bab65b5ec6d96a2e03021ee41afc1543e1403e

SHA256
ef3ead7cc09ad120bee4f3f21769cc9634bb67303b0eed3260410e53323af26a

SHA512
1df040c15a52c506787fa3be4b4d5720ded9bd68792a7eb1aa75e3bac90ff4886d92317bbb0c19d3881aacd908f66396004171ac1f8e6bd58c84d4737fc32653

Download Submit