714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe
Size

184KB
MD5

2e49c585e9ea22e805f2b4fb78e16f9c
SHA1

ad1c93f74bf1cce3b755723f66a9dc466b3cf7b4
SHA256

714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d
SHA512

b24b748db75ab3ce365d6a974dbda5ecbbc59716e1b51d57d345a69518d0649717b8a3b9c331373c37768a7597be6b6325371f3d8ba24430fe4e11b5b3c6020c
SSDEEP

3072:LKH3JkoT2k4TbG4We/nLRbs+hs2ViFgnd:LKyoC/G4dLZs+hs2ViFg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-32998.exeUnicorn-7507.exeUnicorn-57263.exeUnicorn-30511.exeUnicorn-50377.exeUnicorn-11565.exeUnicorn-14772.exeUnicorn-12312.exeUnicorn-21078.exeUnicorn-5296.exeUnicorn-29800.exeUnicorn-49666.exeUnicorn-10771.exeUnicorn-47803.exeUnicorn-1295.exeUnicorn-51887.exeUnicorn-38037.exeUnicorn-42121.exeUnicorn-22255.exeUnicorn-52982.exeUnicorn-46205.exeUnicorn-22277.exeUnicorn-26937.exeUnicorn-7071.exeUnicorn-57663.exeUnicorn-11155.exeUnicorn-47357.exeUnicorn-58218.exeUnicorn-29075.exeUnicorn-13293.exeUnicorn-13293.exeUnicorn-6516.exeUnicorn-16906.exeUnicorn-47632.exeUnicorn-31850.exeUnicorn-37326.exeUnicorn-2515.exeUnicorn-41410.exeUnicorn-29520.exeUnicorn-29520.exeUnicorn-22744.exeUnicorn-45857.exeUnicorn-34996.exeUnicorn-8353.exeUnicorn-12629.exeUnicorn-58301.exeUnicorn-23490.exeUnicorn-43356.exeUnicorn-8820.exeUnicorn-19681.exeUnicorn-16989.exeUnicorn-47715.exeUnicorn-27849.exeUnicorn-59775.exeUnicorn-13267.exeUnicorn-37217.exeUnicorn-52162.exeUnicorn-14658.exeUnicorn-64414.exeUnicorn-57637.exeUnicorn-31187.exeUnicorn-64435.exeUnicorn-48654.exeUnicorn-7066.exe

pid	process
2296	Unicorn-32998.exe
2216	Unicorn-7507.exe
2480	Unicorn-57263.exe
2740	Unicorn-30511.exe
2868	Unicorn-50377.exe
2548	Unicorn-11565.exe
2560	Unicorn-14772.exe
1996	Unicorn-12312.exe
2012	Unicorn-21078.exe
1440	Unicorn-5296.exe
1620	Unicorn-29800.exe
1544	Unicorn-49666.exe
1716	Unicorn-10771.exe
2376	Unicorn-47803.exe
780	Unicorn-1295.exe
1144	Unicorn-51887.exe
1692	Unicorn-38037.exe
2812	Unicorn-42121.exe
1860	Unicorn-22255.exe
1132	Unicorn-52982.exe
2284	Unicorn-46205.exe
3068	Unicorn-22277.exe
1632	Unicorn-26937.exe
2392	Unicorn-7071.exe
2064	Unicorn-57663.exe
2280	Unicorn-11155.exe
2272	Unicorn-47357.exe
2292	Unicorn-58218.exe
2196	Unicorn-29075.exe
2984	Unicorn-13293.exe
2928	Unicorn-13293.exe
2996	Unicorn-6516.exe
1152	Unicorn-16906.exe
2764	Unicorn-47632.exe
2628	Unicorn-31850.exe
2592	Unicorn-37326.exe
2960	Unicorn-2515.exe
1796	Unicorn-41410.exe
1968	Unicorn-29520.exe
1936	Unicorn-29520.exe
624	Unicorn-22744.exe
888	Unicorn-45857.exe
2820	Unicorn-34996.exe
1564	Unicorn-8353.exe
1776	Unicorn-12629.exe
1264	Unicorn-58301.exe
1260	Unicorn-23490.exe
264	Unicorn-43356.exe
1628	Unicorn-8820.exe
2368	Unicorn-19681.exe
556	Unicorn-16989.exe
2468	Unicorn-47715.exe
2248	Unicorn-27849.exe
1948	Unicorn-59775.exe
2420	Unicorn-13267.exe
1068	Unicorn-37217.exe
2728	Unicorn-52162.exe
2652	Unicorn-14658.exe
2684	Unicorn-64414.exe
2952	Unicorn-57637.exe
1696	Unicorn-31187.exe
2504	Unicorn-64435.exe
2252	Unicorn-48654.exe
2576	Unicorn-7066.exe

Loads dropped DLL 64 IoCs

Processes:

714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exeUnicorn-32998.exeUnicorn-57263.exeWerFault.exeWerFault.exeUnicorn-30511.exeUnicorn-50377.exeWerFault.exeUnicorn-11565.exeUnicorn-14772.exeUnicorn-12312.exeWerFault.exeWerFault.exeUnicorn-21078.exeUnicorn-5296.exeUnicorn-10771.exeUnicorn-49666.exe

pid	process
2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe
2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe
2296	Unicorn-32998.exe
2296	Unicorn-32998.exe
2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe
2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe
2296	Unicorn-32998.exe
2296	Unicorn-32998.exe
2480	Unicorn-57263.exe
2480	Unicorn-57263.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2740	Unicorn-30511.exe
2740	Unicorn-30511.exe
2868	Unicorn-50377.exe
2868	Unicorn-50377.exe
2480	Unicorn-57263.exe
2480	Unicorn-57263.exe
344	WerFault.exe
344	WerFault.exe
344	WerFault.exe
344	WerFault.exe
344	WerFault.exe
2548	Unicorn-11565.exe
2548	Unicorn-11565.exe
2740	Unicorn-30511.exe
2740	Unicorn-30511.exe
2560	Unicorn-14772.exe
2868	Unicorn-50377.exe
2868	Unicorn-50377.exe
1996	Unicorn-12312.exe
2560	Unicorn-14772.exe
1996	Unicorn-12312.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2012	Unicorn-21078.exe
2012	Unicorn-21078.exe
2548	Unicorn-11565.exe
2548	Unicorn-11565.exe
1440	Unicorn-5296.exe
1440	Unicorn-5296.exe
1716	Unicorn-10771.exe
1716	Unicorn-10771.exe
1544	Unicorn-49666.exe
1544	Unicorn-49666.exe
2560	Unicorn-14772.exe
2560	Unicorn-14772.exe
1996	Unicorn-12312.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1300	2444	WerFault.exe	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe
2872	2216	WerFault.exe	Unicorn-7507.exe
2680	2296	WerFault.exe	Unicorn-32998.exe
344	2480	WerFault.exe	Unicorn-57263.exe
2268	2740	WerFault.exe	Unicorn-30511.exe
2112	2868	WerFault.exe	Unicorn-50377.exe
1524	2548	WerFault.exe	Unicorn-11565.exe
1356	2560	WerFault.exe	Unicorn-14772.exe
1868	1996	WerFault.exe	Unicorn-12312.exe
1588	2284	WerFault.exe	Unicorn-46205.exe
300	1132	WerFault.exe	Unicorn-52982.exe
2100	2012	WerFault.exe	Unicorn-21078.exe
2796	1440	WerFault.exe	Unicorn-5296.exe
2708	1716	WerFault.exe	Unicorn-10771.exe
2716	1544	WerFault.exe	Unicorn-49666.exe
2788	1620	WerFault.exe	Unicorn-29800.exe
304	2292	WerFault.exe	Unicorn-58218.exe
632	780	WerFault.exe	Unicorn-1295.exe
2380	2376	WerFault.exe	Unicorn-47803.exe
2288	1144	WerFault.exe	Unicorn-51887.exe
820	1692	WerFault.exe	Unicorn-38037.exe
1360	2812	WerFault.exe	Unicorn-42121.exe
1540	1860	WerFault.exe	Unicorn-22255.exe
1724	2820	WerFault.exe	Unicorn-34996.exe
2304	2196	WerFault.exe	Unicorn-29075.exe
2156	2064	WerFault.exe	Unicorn-57663.exe
1040	2392	WerFault.exe	Unicorn-7071.exe
2916	2280	WerFault.exe	Unicorn-11155.exe
2920	1632	WerFault.exe	Unicorn-26937.exe
2668	3068	WerFault.exe	Unicorn-22277.exe
2244	1628	WerFault.exe	Unicorn-8820.exe
2536	2272	WerFault.exe	Unicorn-47357.exe
812	1152	WerFault.exe	Unicorn-16906.exe
2008	2984	WerFault.exe	Unicorn-13293.exe
292	2996	WerFault.exe	Unicorn-6516.exe
2372	2928	WerFault.exe	Unicorn-13293.exe
992	264	WerFault.exe	Unicorn-43356.exe
756	2628	WerFault.exe	Unicorn-31850.exe
660	2592	WerFault.exe	Unicorn-37326.exe
3096	2764	WerFault.exe	Unicorn-47632.exe
3104	2960	WerFault.exe	Unicorn-2515.exe
3136	1796	WerFault.exe	Unicorn-41410.exe
3208	1936	WerFault.exe	Unicorn-29520.exe
3248	1968	WerFault.exe	Unicorn-29520.exe
3300	1260	WerFault.exe	Unicorn-23490.exe
3316	1264	WerFault.exe	Unicorn-58301.exe
3340	624	WerFault.exe	Unicorn-22744.exe
3364	888	WerFault.exe	Unicorn-45857.exe
3396	1776	WerFault.exe	Unicorn-12629.exe
3404	1564	WerFault.exe	Unicorn-8353.exe
3452	1832	WerFault.exe	Unicorn-58789.exe
3748	3064	WerFault.exe	Unicorn-45167.exe
3896	1700	WerFault.exe	Unicorn-31331.exe
3880	2504	WerFault.exe	Unicorn-64435.exe
3872	752	WerFault.exe	Unicorn-54129.exe
4016	2240	WerFault.exe	Unicorn-927.exe
4076	2468	WerFault.exe	Unicorn-47715.exe
3496	2368	WerFault.exe	Unicorn-19681.exe
3324	2248	WerFault.exe	Unicorn-27849.exe
3644	1068	WerFault.exe	Unicorn-37217.exe
3660	2684	WerFault.exe	Unicorn-64414.exe
3844	1668	WerFault.exe	Unicorn-45961.exe
3904	2420	WerFault.exe	Unicorn-13267.exe
4032	2652	WerFault.exe	Unicorn-14658.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exeUnicorn-32998.exeUnicorn-7507.exeUnicorn-57263.exeUnicorn-30511.exeUnicorn-50377.exeUnicorn-11565.exeUnicorn-14772.exeUnicorn-12312.exeUnicorn-21078.exeUnicorn-5296.exeUnicorn-49666.exeUnicorn-10771.exeUnicorn-29800.exeUnicorn-47803.exeUnicorn-1295.exeUnicorn-51887.exeUnicorn-38037.exeUnicorn-42121.exeUnicorn-22255.exeUnicorn-52982.exeUnicorn-46205.exeUnicorn-22277.exeUnicorn-7071.exeUnicorn-26937.exeUnicorn-57663.exeUnicorn-11155.exeUnicorn-47357.exeUnicorn-58218.exeUnicorn-29075.exeUnicorn-13293.exeUnicorn-6516.exeUnicorn-13293.exeUnicorn-16906.exeUnicorn-47632.exeUnicorn-31850.exeUnicorn-37326.exeUnicorn-2515.exeUnicorn-41410.exeUnicorn-29520.exeUnicorn-29520.exeUnicorn-22744.exeUnicorn-45857.exeUnicorn-34996.exeUnicorn-8353.exeUnicorn-12629.exeUnicorn-58301.exeUnicorn-23490.exeUnicorn-43356.exeUnicorn-8820.exeUnicorn-19681.exeUnicorn-47715.exeUnicorn-16989.exeUnicorn-27849.exeUnicorn-59775.exeUnicorn-13267.exeUnicorn-37217.exeUnicorn-52162.exeUnicorn-14658.exeUnicorn-64414.exeUnicorn-57637.exeUnicorn-31187.exeUnicorn-64435.exeUnicorn-48654.exe

pid	process
2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe
2296	Unicorn-32998.exe
2216	Unicorn-7507.exe
2480	Unicorn-57263.exe
2740	Unicorn-30511.exe
2868	Unicorn-50377.exe
2548	Unicorn-11565.exe
2560	Unicorn-14772.exe
1996	Unicorn-12312.exe
2012	Unicorn-21078.exe
1440	Unicorn-5296.exe
1544	Unicorn-49666.exe
1716	Unicorn-10771.exe
1620	Unicorn-29800.exe
2376	Unicorn-47803.exe
780	Unicorn-1295.exe
1144	Unicorn-51887.exe
1692	Unicorn-38037.exe
2812	Unicorn-42121.exe
1860	Unicorn-22255.exe
1132	Unicorn-52982.exe
2284	Unicorn-46205.exe
3068	Unicorn-22277.exe
2392	Unicorn-7071.exe
1632	Unicorn-26937.exe
2064	Unicorn-57663.exe
2280	Unicorn-11155.exe
2272	Unicorn-47357.exe
2292	Unicorn-58218.exe
2196	Unicorn-29075.exe
2984	Unicorn-13293.exe
2996	Unicorn-6516.exe
2928	Unicorn-13293.exe
1152	Unicorn-16906.exe
2764	Unicorn-47632.exe
2628	Unicorn-31850.exe
2592	Unicorn-37326.exe
2960	Unicorn-2515.exe
1796	Unicorn-41410.exe
1936	Unicorn-29520.exe
1968	Unicorn-29520.exe
624	Unicorn-22744.exe
888	Unicorn-45857.exe
2820	Unicorn-34996.exe
1564	Unicorn-8353.exe
1776	Unicorn-12629.exe
1264	Unicorn-58301.exe
1260	Unicorn-23490.exe
264	Unicorn-43356.exe
1628	Unicorn-8820.exe
2368	Unicorn-19681.exe
2468	Unicorn-47715.exe
556	Unicorn-16989.exe
2248	Unicorn-27849.exe
1948	Unicorn-59775.exe
2420	Unicorn-13267.exe
1068	Unicorn-37217.exe
2728	Unicorn-52162.exe
2652	Unicorn-14658.exe
2684	Unicorn-64414.exe
2952	Unicorn-57637.exe
1696	Unicorn-31187.exe
2504	Unicorn-64435.exe
2252	Unicorn-48654.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exeUnicorn-32998.exeUnicorn-7507.exeUnicorn-57263.exeUnicorn-30511.exeUnicorn-50377.exeUnicorn-11565.exeUnicorn-14772.exe

description	pid	process	target process
PID 2444 wrote to memory of 2296	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	Unicorn-32998.exe
PID 2444 wrote to memory of 2296	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	Unicorn-32998.exe
PID 2444 wrote to memory of 2296	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	Unicorn-32998.exe
PID 2444 wrote to memory of 2296	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	Unicorn-32998.exe
PID 2296 wrote to memory of 2216	2296	Unicorn-32998.exe	Unicorn-7507.exe
PID 2296 wrote to memory of 2216	2296	Unicorn-32998.exe	Unicorn-7507.exe
PID 2296 wrote to memory of 2216	2296	Unicorn-32998.exe	Unicorn-7507.exe
PID 2296 wrote to memory of 2216	2296	Unicorn-32998.exe	Unicorn-7507.exe
PID 2444 wrote to memory of 2480	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	Unicorn-57263.exe
PID 2444 wrote to memory of 2480	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	Unicorn-57263.exe
PID 2444 wrote to memory of 2480	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	Unicorn-57263.exe
PID 2444 wrote to memory of 2480	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	Unicorn-57263.exe
PID 2444 wrote to memory of 1300	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	WerFault.exe
PID 2444 wrote to memory of 1300	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	WerFault.exe
PID 2444 wrote to memory of 1300	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	WerFault.exe
PID 2444 wrote to memory of 1300	2444	714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe	WerFault.exe
PID 2296 wrote to memory of 2740	2296	Unicorn-32998.exe	Unicorn-30511.exe
PID 2296 wrote to memory of 2740	2296	Unicorn-32998.exe	Unicorn-30511.exe
PID 2296 wrote to memory of 2740	2296	Unicorn-32998.exe	Unicorn-30511.exe
PID 2296 wrote to memory of 2740	2296	Unicorn-32998.exe	Unicorn-30511.exe
PID 2216 wrote to memory of 2872	2216	Unicorn-7507.exe	WerFault.exe
PID 2216 wrote to memory of 2872	2216	Unicorn-7507.exe	WerFault.exe
PID 2216 wrote to memory of 2872	2216	Unicorn-7507.exe	WerFault.exe
PID 2216 wrote to memory of 2872	2216	Unicorn-7507.exe	WerFault.exe
PID 2480 wrote to memory of 2868	2480	Unicorn-57263.exe	Unicorn-50377.exe
PID 2480 wrote to memory of 2868	2480	Unicorn-57263.exe	Unicorn-50377.exe
PID 2480 wrote to memory of 2868	2480	Unicorn-57263.exe	Unicorn-50377.exe
PID 2480 wrote to memory of 2868	2480	Unicorn-57263.exe	Unicorn-50377.exe
PID 2296 wrote to memory of 2680	2296	Unicorn-32998.exe	WerFault.exe
PID 2296 wrote to memory of 2680	2296	Unicorn-32998.exe	WerFault.exe
PID 2296 wrote to memory of 2680	2296	Unicorn-32998.exe	WerFault.exe
PID 2296 wrote to memory of 2680	2296	Unicorn-32998.exe	WerFault.exe
PID 2740 wrote to memory of 2548	2740	Unicorn-30511.exe	Unicorn-11565.exe
PID 2740 wrote to memory of 2548	2740	Unicorn-30511.exe	Unicorn-11565.exe
PID 2740 wrote to memory of 2548	2740	Unicorn-30511.exe	Unicorn-11565.exe
PID 2740 wrote to memory of 2548	2740	Unicorn-30511.exe	Unicorn-11565.exe
PID 2868 wrote to memory of 2560	2868	Unicorn-50377.exe	Unicorn-14772.exe
PID 2868 wrote to memory of 2560	2868	Unicorn-50377.exe	Unicorn-14772.exe
PID 2868 wrote to memory of 2560	2868	Unicorn-50377.exe	Unicorn-14772.exe
PID 2868 wrote to memory of 2560	2868	Unicorn-50377.exe	Unicorn-14772.exe
PID 2480 wrote to memory of 1996	2480	Unicorn-57263.exe	Unicorn-12312.exe
PID 2480 wrote to memory of 1996	2480	Unicorn-57263.exe	Unicorn-12312.exe
PID 2480 wrote to memory of 1996	2480	Unicorn-57263.exe	Unicorn-12312.exe
PID 2480 wrote to memory of 1996	2480	Unicorn-57263.exe	Unicorn-12312.exe
PID 2480 wrote to memory of 344	2480	Unicorn-57263.exe	WerFault.exe
PID 2480 wrote to memory of 344	2480	Unicorn-57263.exe	WerFault.exe
PID 2480 wrote to memory of 344	2480	Unicorn-57263.exe	WerFault.exe
PID 2480 wrote to memory of 344	2480	Unicorn-57263.exe	WerFault.exe
PID 2548 wrote to memory of 2012	2548	Unicorn-11565.exe	Unicorn-21078.exe
PID 2548 wrote to memory of 2012	2548	Unicorn-11565.exe	Unicorn-21078.exe
PID 2548 wrote to memory of 2012	2548	Unicorn-11565.exe	Unicorn-21078.exe
PID 2548 wrote to memory of 2012	2548	Unicorn-11565.exe	Unicorn-21078.exe
PID 2740 wrote to memory of 1440	2740	Unicorn-30511.exe	Unicorn-5296.exe
PID 2740 wrote to memory of 1440	2740	Unicorn-30511.exe	Unicorn-5296.exe
PID 2740 wrote to memory of 1440	2740	Unicorn-30511.exe	Unicorn-5296.exe
PID 2740 wrote to memory of 1440	2740	Unicorn-30511.exe	Unicorn-5296.exe
PID 2868 wrote to memory of 1620	2868	Unicorn-50377.exe	Unicorn-29800.exe
PID 2868 wrote to memory of 1620	2868	Unicorn-50377.exe	Unicorn-29800.exe
PID 2868 wrote to memory of 1620	2868	Unicorn-50377.exe	Unicorn-29800.exe
PID 2868 wrote to memory of 1620	2868	Unicorn-50377.exe	Unicorn-29800.exe
PID 2560 wrote to memory of 1716	2560	Unicorn-14772.exe	Unicorn-10771.exe
PID 2560 wrote to memory of 1716	2560	Unicorn-14772.exe	Unicorn-10771.exe
PID 2560 wrote to memory of 1716	2560	Unicorn-14772.exe	Unicorn-10771.exe
PID 2560 wrote to memory of 1716	2560	Unicorn-14772.exe	Unicorn-10771.exe

C:\Users\Admin\AppData\Local\Temp\714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe
"C:\Users\Admin\AppData\Local\Temp\714f8448018293b3b4a2b4285bc4d4c2a48071ffdba45c2715c7108b6de3c21d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-32998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32998.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-21078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21078.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
10⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
11⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
12⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
13⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
14⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
15⤵
PID:10520

C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
16⤵
PID:11828

C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
17⤵
PID:12724

C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
18⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11828 -s 216
17⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
15⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
14⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
13⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
12⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
11⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
11⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-3260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3260.exe
12⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-58979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58979.exe
13⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe
14⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-50422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50422.exe
15⤵
PID:11692

C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
16⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11692 -s 216
16⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
15⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
14⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 236
13⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
12⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
11⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
10⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
9⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
10⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-40502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40502.exe
11⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-62383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62383.exe
12⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
13⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
14⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
15⤵
PID:11800

C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
16⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11800 -s 216
16⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10948 -s 216
15⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 216
14⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
13⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
12⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
10⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
9⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
9⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
11⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 224
12⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
11⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
10⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe
9⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
11⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
12⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
13⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
14⤵
PID:12304

C:\Users\Admin\AppData\Local\Temp\Unicorn-54221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54221.exe
15⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12304 -s 216
15⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 216
14⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
13⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
12⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
10⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
9⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
8⤵
- Program crash
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
9⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
10⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
11⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
12⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 244
13⤵
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
12⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
11⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
9⤵
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 220
10⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
8⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-9967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9967.exe
10⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
11⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-26307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26307.exe
12⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
13⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
14⤵
PID:12368

C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
15⤵
PID:13048

C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
16⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12368 -s 216
15⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 216
14⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
13⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
12⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 236
11⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
10⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
9⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
8⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
7⤵
- Program crash
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-7071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7071.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-47632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47632.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
9⤵
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
10⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
11⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
12⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 220
13⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
12⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
11⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 236
10⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
10⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
11⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
12⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
13⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
14⤵
PID:12500

C:\Users\Admin\AppData\Local\Temp\Unicorn-11901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11901.exe
15⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10512 -s 216
14⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
13⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 220
12⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
11⤵
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
10⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 220
9⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
8⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
9⤵
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 240
10⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 216
9⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
8⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-64046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64046.exe
10⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-57422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57422.exe
11⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 220
12⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
11⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
10⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
10⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
11⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 224
12⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
11⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 236
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
8⤵
- Program crash
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
7⤵
- Program crash
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
6⤵
- Program crash
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-41410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41410.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
9⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
10⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
11⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
12⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
13⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
14⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
15⤵
PID:12264

C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
16⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12264 -s 216
16⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 216
15⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 236
14⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 236
13⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
12⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
11⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
10⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
11⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
12⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 240
13⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
12⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
11⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
10⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-7829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7829.exe
10⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
11⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
12⤵
PID:8976

C:\Users\Admin\AppData\Local\Temp\Unicorn-57552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57552.exe
13⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10436 -s 220
14⤵
PID:1044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
13⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
12⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
11⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
10⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
9⤵
- Program crash
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
8⤵
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
9⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
8⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
8⤵
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 220
9⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
10⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
10⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
11⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
12⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
13⤵
PID:11876

C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
14⤵
PID:12468

C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
15⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11876 -s 236
14⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 236
12⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
11⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 220
10⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
8⤵
- Program crash
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
7⤵
- Program crash
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-31187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31187.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
8⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
9⤵
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 224
10⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
9⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
8⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-36125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36125.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
11⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
12⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 240
13⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 236
12⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 236
11⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
10⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
9⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
7⤵
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
7⤵
- Program crash
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
6⤵
- Program crash
PID:632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
5⤵
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
9⤵
- Program crash
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 236
8⤵
- Program crash
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
8⤵
PID:1832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
9⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
10⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
11⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 240
12⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 236
11⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
9⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
8⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
7⤵
- Program crash
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-3558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3558.exe
8⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
10⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
11⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
12⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
13⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
14⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
15⤵
PID:11676

C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
16⤵
PID:13000

C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
17⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11676 -s 236
16⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
15⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 236
14⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 236
13⤵
PID:9356

C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
12⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-6021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6021.exe
13⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
14⤵
PID:12072

C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
15⤵
PID:12912

C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
16⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12072 -s 216
15⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 236
14⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 220
12⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
11⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
9⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-37360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37360.exe
11⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-3940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3940.exe
12⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 220
13⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 236
12⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
11⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
10⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
9⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-53397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53397.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
11⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
12⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
13⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe
14⤵
PID:11720

C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
15⤵
PID:12380

C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
16⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11720 -s 236
15⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
14⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
13⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
12⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
11⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
9⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 220
8⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
7⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-8265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8265.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
11⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
12⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe
13⤵
PID:11344

C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
14⤵
PID:13192

C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
15⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11344 -s 216
14⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 236
13⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
12⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
11⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
10⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
9⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
10⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-10930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10930.exe
11⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
12⤵
PID:10552

C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
13⤵
PID:11656

C:\Users\Admin\AppData\Local\Temp\Unicorn-27112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27112.exe
14⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11656 -s 216
14⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10552 -s 216
13⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
12⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 220
11⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
10⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
9⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
7⤵
- Program crash
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
6⤵
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-48675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48675.exe
8⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
11⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
12⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 220
13⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 236
12⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
11⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 216
9⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
8⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 224
9⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
8⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
7⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
10⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
11⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
12⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 240
13⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
12⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 236
11⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
10⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
9⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
8⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
7⤵
- Program crash
PID:660

C:\Users\Admin\AppData\Local\Temp\Unicorn-13267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13267.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-26117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26117.exe
7⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-20902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20902.exe
8⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 220
9⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
8⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
7⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
8⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
9⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
10⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
11⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
12⤵
PID:11456

C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
13⤵
PID:13268

C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
14⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11456 -s 236
13⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 236
12⤵
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
11⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 236
10⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 236
9⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
8⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
7⤵
- Program crash
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 220
6⤵
- Program crash
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
5⤵
- Program crash
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
10⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
11⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
12⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
13⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
14⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 220
15⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 220
14⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
13⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
12⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
11⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 248
10⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
9⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-41213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41213.exe
10⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
11⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
12⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 224
13⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
12⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
11⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
10⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
9⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
9⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
10⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-54892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54892.exe
11⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
12⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-28445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28445.exe
13⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-12051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12051.exe
14⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-24600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24600.exe
15⤵
PID:11696

C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
16⤵
PID:13236

C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
17⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11696 -s 216
16⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 236
15⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 220
14⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
13⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
12⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
11⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-50899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50899.exe
11⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
12⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 224
13⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 220
12⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
11⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
10⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
9⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 220
8⤵
- Program crash
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-45857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45857.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
8⤵
- Executes dropped EXE
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
9⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
10⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
11⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 220
12⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
11⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
11⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
12⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
13⤵
PID:11000

C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
14⤵
PID:11548

C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
15⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11548 -s 236
15⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 216
14⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
13⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
12⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
11⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
10⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
8⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
10⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
11⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
12⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
13⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
14⤵
PID:12584

C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
15⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
16⤵
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12584 -s 216
15⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
14⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
13⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
12⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
11⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 220
8⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
7⤵
- Program crash
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
7⤵
- Program crash
PID:304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
6⤵
- Program crash
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-12629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12629.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
8⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-62380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62380.exe
9⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
10⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
11⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-62876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62876.exe
12⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
12⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
13⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
14⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
15⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11372 -s 244
16⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10924 -s 236
15⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
14⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 236
13⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 240
12⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
11⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
10⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
11⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
12⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
13⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 220
14⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
13⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
12⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
11⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
10⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
9⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
8⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-59495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59495.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
11⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 220
12⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 236
11⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
10⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
9⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 220
8⤵
- Program crash
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
7⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
8⤵
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 244
9⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
10⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 224
11⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
8⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
7⤵
- Program crash
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
7⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
8⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
10⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
11⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
12⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
13⤵
PID:10608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
14⤵
PID:11968

C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
15⤵
PID:13076

C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
16⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11968 -s 236
15⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10608 -s 236
14⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
13⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
12⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
11⤵
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
10⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 236
9⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-57912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57912.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
9⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 224
10⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
9⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
8⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-30262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30262.exe
7⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-57165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57165.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe
9⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 220
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 216
8⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 220
7⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
6⤵
- Program crash
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
5⤵
- Program crash
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 220
6⤵
- Program crash
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
7⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-21924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21924.exe
8⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-59835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59835.exe
11⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
12⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
12⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
11⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 236
9⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
9⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
10⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
11⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
12⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
13⤵
PID:11976

C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
14⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11976 -s 216
14⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 236
13⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
11⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
8⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 248
7⤵
- Program crash
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
6⤵
PID:672

C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
7⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
8⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 220
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
8⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
7⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
8⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-63810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63810.exe
9⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
10⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
11⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
11⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
12⤵
PID:12696

C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
13⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10752 -s 216
12⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 240
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 236
10⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
9⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
8⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
7⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
6⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
5⤵
- Program crash
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-42121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42121.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
8⤵
PID:292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
8⤵
- Program crash
PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
7⤵
- Program crash
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
7⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
8⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
11⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 224
12⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
11⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
10⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 216
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
10⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
11⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
12⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
13⤵
PID:11528

C:\Users\Admin\AppData\Local\Temp\Unicorn-39172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39172.exe
14⤵
PID:13164

C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
15⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11528 -s 216
14⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 236
13⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
12⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
11⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
10⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
8⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
7⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
9⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
11⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
12⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
13⤵
PID:12456

C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
14⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12456 -s 236
14⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11048 -s 216
13⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 236
10⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 236
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
7⤵
- Program crash
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
6⤵
- Program crash
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
7⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
8⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
10⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 220
11⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 216
9⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 248
8⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
7⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
9⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
10⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
11⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
12⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
13⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
14⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
13⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 236
11⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
10⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
9⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
8⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
7⤵
- Program crash
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
6⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
7⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-61441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61441.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-50616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50616.exe
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-44594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44594.exe
10⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
11⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 224
12⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 236
11⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 236
10⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-53828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53828.exe
7⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
8⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
9⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
10⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-63774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63774.exe
11⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
12⤵
PID:12428

C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
13⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 216
12⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
11⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
10⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
9⤵
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
8⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
7⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
6⤵
- Program crash
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
5⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 244
5⤵
- Program crash
PID:300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
4⤵
- Program crash
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
2⤵
- Program crash
PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12629.exe

Filesize
184KB

MD5
45c7fffa099508d78ab1c8fb4a305322

SHA1
54ab811f885d2b2b36c1723b61872ffa8a0b9868

SHA256
bf223a20acda3d867305160d8cfb868c941794c25756c7c6d2978c7bb642b094

SHA512
3142db5d1187ef6dedf45551b6990db2fa10efb8e3a1d2ea56b63ca0a111de116a292d6510e20db45ec56c212ecd7df13775832a93d71515f79dd0b9042e2915

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe

Filesize
184KB

MD5
4062e5684c78f43eefaaea339bd7155b

SHA1
8cc6c40b8b7bb6e34ca4a09f4310d5f784ef3eef

SHA256
5e5542f3fbe8ad6dcc18ef0070718f8b57857a400fe2c4006e57eb2f08ea42af

SHA512
0af6b4d0d620f9fb6c0f83dd0d7ea85419953793e37dbf041ecffaec22b241290e3543c42c9794d773f576b0980a3c7388d89c2d5ede5f3eb23b285d1df6fe4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe

Filesize
184KB

MD5
4a4b99bf95a362ab86838269c9c56f77

SHA1
78fa7b3985beb0ce5c997a0d137b4d1dbc645593

SHA256
63561993584070031d7ed7efccbc6ffd8a66937ffc97142a0dbf0c3b058e0762

SHA512
f49955f11449cc04f10da0e950039b8952c46d33ccf268eb3792c604f5fefca61ba51ce80c39cffe5ae8c601461fce4895c9426c0cbcb8498d7d7ba0e30ecdad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe

Filesize
184KB

MD5
cb79827be0c796f7a4a126c19c13d887

SHA1
1ce6bb8a8629fc0437dedff65f1d7285fd1303c5

SHA256
32e5b9968b8ffeee9ad122910face827120fd4ee6977581c91d9240eef90a800

SHA512
20ce5be2c69c2433d007256cab0dade06f5775913df3f68eaac1274378af80ecae9aa01291099c1c296efb126b0a3d3e7b9dcb615f576d98c61a30b3005dfcc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe

Filesize
184KB

MD5
714936edc43d1fd23113871321a778d1

SHA1
09712585f91e44f461854ee36a8733bcb8e65ae3

SHA256
72d9577380696381236fba93f3689640505decef634bf11402090f84cdb91034

SHA512
4c86ba125192eb2524708a15164411a3c91330cb31eb093d7ff9fb9ce0f9649a82a7c5f9d3bf7c1706a25a224ef08856394b658a56620fb1202ad627ff6bfb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe

Filesize
184KB

MD5
89ce9660594ded1178e28c5f84b72106

SHA1
be07031ad35e7cda739a6b3f6109173adf9fb7a1

SHA256
28b77671b51a84996b4a7463599aa9d7bc32ca100c26f89c35ced99ec7847c15

SHA512
6a381115c34d09c95bc025028a0c8d3914e1b4639efcc7ad9bb5f82fceed6c8f9e6d078625a81b5551b0d379a0a00d249345e3d13ffc3b3debb8f3cdcddc43df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe

Filesize
184KB

MD5
da22fda3903ee381fcb2347f98d538ab

SHA1
905c81984bfcb6d7b2fc686955156ecc1fd32769

SHA256
220d0d563276a4a490a0510c2a8d0a11cb13bf6cb5a238b97a920bcbdfb2a841

SHA512
76eafe96d9b3d3782b87cad72023f4b0ffd1a97d8eecccc5bbf3985db8317b24a62604de7b6bad1136f6bc77967dec7f76efc86dd8d6cbd2f786fcb83574fcca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe

Filesize
184KB

MD5
41e426756a9d590decacc1a02ac82b0b

SHA1
e1dc291cd3e0f3c6a173a31c0eb834fc1897f236

SHA256
f4916a2c2cea0b25ff65060caf0b25ad445b08acae6d3cce66d33d97949d621e

SHA512
c79e624626b54787072ad61042787201da07f27a0fe3346b3183ef57c6004ce21feedd3e79885990d3b563f6b7822d57a3a27a6e30a17d063c4ded88f96d7279

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe

Filesize
184KB

MD5
4d40b09837e3bc03f68b83efd39886d7

SHA1
0931fdc241db2765b4608730ff08aaf0f1e0ae2d

SHA256
79bcf07fd0582335fca9dfca6b5ec313357f99fdf5a98ec53edc6a883fa77563

SHA512
c118e0e9ef4907ac683d3b1446cd0f4f017e0a9548143ae6fbf8716c7c6ad1ab935131829176dc5b6ca8f06b878ded7f7cd1e2a0e9733026c06206bc7ecef6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe

Filesize
184KB

MD5
37cd5e3fbafd262f544ebf9d7fd604d3

SHA1
d2685b32cd8e27faccef0e200b610c3b679dfa62

SHA256
01a30f1f14b6c492de7dc485bf64e2f5cdbaecc9b772fa2852f6e0ce959cb9d9

SHA512
e8adf3ecbe1d8c156ca626f0e95048a3db79fa9fb4b8b6b23d8a900025ee77fe6461fff414f80a64a65213e181134c67c0ecb312ba86b1a87d3154b4bfaf3fc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63774.exe

Filesize
184KB

MD5
fb58a78bfb3b432aec8107676b036fff

SHA1
c285edf22d0f762bdd2e6583f5bcc869557c491e

SHA256
74487b082eba26f18db5782be21b2151d9414657b062634299ae5b622d76f3b5

SHA512
7bb530160ecbd756b51756086a43154e10fe87cd4485853bc27dac3bef42ad44b3e58c5aae7d6fa4fa1590fa06b814b8f4e11e90492b11c87320e94e147addf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe

Filesize
184KB

MD5
f25e769d263aaf16dea1fd248408cf0b

SHA1
b1d3edf3f5ed05954ee0bb9b848b904f58e1abdf

SHA256
ab770188a59e006bc09d86284fd30c2be5a7647a0e0b427067e6506384f513a6

SHA512
0dbb14a9ad45e43353d54a1f819bdab0e8acbb9c6073187026640d34516b9bfaac2c3cdc6558aaab5429953de37f1a454dd493037ebbe2f9351cc16b2d02ee51

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe

Filesize
184KB

MD5
8ab4b7323acca34886c91bfdc661151a

SHA1
128b2dd857b00b53ffbdf440b0d70a30cff1227b

SHA256
70efbcc1a1c646db6fec30aca70e7f5d8202fe397c799eb9f938b74d28f5e3da

SHA512
09f6cfe9de4a7535f7acde88cc9de7f4df4ac0541d2421475b9a9737356365513e13a5e50a09627c1a3f6d4045ff4c36bb2313494ab880f3248c7a34200f4f36

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe

Filesize
184KB

MD5
82a98ea74e10728c41de48b3d7d5c9f8

SHA1
ce1da9c993fbb1a614d2341afaf152dd303236c1

SHA256
22caea715fdc1ffc0fd81f1038276fcc88f40584fee083c66930207d7cb31e6a

SHA512
5be84577390412a42dc50275f49ea6182f993011ad9eb3cb5d2d623ca072614e5320732e250aa102eb70ae31b5f66c01d4321ac28939173a198a4ac29b4244e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe

Filesize
184KB

MD5
d8c7ef04fc27efb584df6ead1dbbc118

SHA1
a4c42dcc1a2930775e5951429d7b561e7635c3fe

SHA256
061b2c293001b867bbddecc1667b3c85c744d94838361aa179ded3e94c521d1c

SHA512
cbb59441637579cfc0c7bc91e9f13b151c0bdf919de1f91d51c042efb496ffebfaab43d42677a2c0611369494f069a0001a15262d9277df7f1800d2d303bbcf1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe

Filesize
184KB

MD5
5a84d68c84436856c4bc1c1330775ca0

SHA1
659f4ca8189d6b6e51201615d7aec38265515a48

SHA256
319ca64f21f142c91091590d61bf2c8b2a7a37eaa54ec102754354ddb1e76195

SHA512
af7945072a3a6c4ac3ae9827612cf65b7f8524c76346619cef35fbaa8ffd0a479eeedab3e77af26f0f61862c39b2569f071695cd223f4017fd229560c5c7017d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21078.exe

Filesize
184KB

MD5
542466cc95aee2ab47a48903ba87a1e0

SHA1
4aea7ec62b495b1aa9e148f693bc37a4827ddebb

SHA256
1bb98575364eb1e1a3402cec88fd28b2c57dcaba7a7da9cda93afacfdb0a0574

SHA512
2a6ccee6df53de364855022c6123bf659f481297587253413687a818b91c0c5b39161d9acc9495d90f6a6edab0d1cfba8d43ea953a3882e8f950aec380a12642

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe

Filesize
184KB

MD5
5cad22e91d2bd3b4dcd596731a98310a

SHA1
daa1a7b8abf68e180c1cd58a896413f972934762

SHA256
65e1f0e3c3e7c9a01fd4d67bfd91dff18d45cc314458c099016769afc32548af

SHA512
cd3951c82a402ebef24b110154eceafa887801dce285314eb6adde9b09ce588f4c4ebe28601ecb97ef2a1e640d823dca1265e7e19910b87099ab018a698e69d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe

Filesize
184KB

MD5
4df41fefea35c66d0c1349797fdd5c54

SHA1
ff3d0bd599c8ad891b30e2af070c814a57e3f578

SHA256
376212f58374ef44860e1ae29a6955aadf25295a8490bd428e96d4eee5157c08

SHA512
f3ea16ef58c66f30af60a054ea5205744e534aac843c814c50ea8a14f43fd61778df0a1f1425e43feb3b629af49db9878d081a1210dad3c165d59f3ea4711ab3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32998.exe

Filesize
184KB

MD5
c3008219879a501e92dc4e32b0d6d03c

SHA1
b34013ec4ee6c4d234452af47a7fc7ff9c6f49e8

SHA256
1425ea29cd12140b11c0ed6d1749c3e3419bc5dd890fbf8645c09a1013ebebbd

SHA512
d1d317ab2310b501839b6639b16e2d1d1f97eccab296e6c593db062a68b1550cb12e47ed22be132d5631ff6c921b15e06e5be5488726791b5fa526c48b72efea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe

Filesize
184KB

MD5
1ee8aa712636a28cb40b8717e4550555

SHA1
5cd02aeed546ccda2e15590f7b2f1f3c741857d0

SHA256
c90c16c7f51e785cf9bafd44f581ad04a39e4f217f34724f7f15966b89d91521

SHA512
fac855e1da0803311d41753cad3602ae0d72a285164487b5066c5771b47d526096ec5ad7432222bc7e9c9f5c45ad16d643a2c96ec76c6b4256990dea87a65868

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe

Filesize
184KB

MD5
7d9bbf5963c83118732ca3d83eb0e0ee

SHA1
c66aff25db8715a2f3e35de81cf7488cba51e2a3

SHA256
baf7f49ee326c7eb52fab89f0a7796aebacbed3b16fc7fab8c434a02563b8a53

SHA512
69a4c327edec0bac5063978c9fdd99a88d24768f166781a161240d0daf354b56bf5234880209593b59ec2e35e1acccbfc2c05201e6ba51ba56a3a40250eb19d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe

Filesize
184KB

MD5
717f1f69e658a6c8bea4b8e2e1b6d5d8

SHA1
647f2593b319edcd5ff5e3b51c2ed1bdbc910458

SHA256
03978fbec47e97c6553d070e5bbc365935273a2a781ddf0c31838cf8cab624a9

SHA512
63902bd880f071ef0e42b9e77a9fb3475a899b86a7bd257c46b7e6b167a15cc54aee8cae1a1e4b858fb716a81d462f18183d9e0513441720c57067b05464b23c

Download Submit