7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe
Size

184KB
MD5

981144a44c13bcb711590927683b8d75
SHA1

0b7bc4dbfc60005ee7fba55ff78c2a6a5b8ba907
SHA256

7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336
SHA512

685a9f857b535e8d83c80123f0f666cd86572c2552003adfa9a075028d0c8a2ce8ebca1192d003cef8515c8bc696805bd34bf79bd9bf404dd0814d1a73cba9be
SSDEEP

3072:d/ecn8owX493dFaWYzwkRtsvhlnViF9n3:d/KojtFaokbsvhlnViF9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-19787.exeUnicorn-61265.exeUnicorn-15593.exeUnicorn-34115.exeUnicorn-56673.exeUnicorn-49060.exeUnicorn-8624.exeUnicorn-62656.exeUnicorn-5287.exeUnicorn-25153.exeUnicorn-12983.exeUnicorn-54571.exeUnicorn-23844.exeUnicorn-55962.exeUnicorn-60046.exeUnicorn-7337.exeUnicorn-14114.exeUnicorn-52537.exeUnicorn-46315.exeUnicorn-15588.exeUnicorn-22365.exeUnicorn-11504.exeUnicorn-19865.exeUnicorn-19865.exeUnicorn-19865.exeUnicorn-65536.exeUnicorn-65536.exeUnicorn-65536.exeUnicorn-39299.exeUnicorn-54244.exeUnicorn-25101.exeUnicorn-5235.exeUnicorn-10710.exeUnicorn-30939.exeUnicorn-6989.exeUnicorn-39107.exeUnicorn-54052.exeUnicorn-4296.exeUnicorn-27409.exeUnicorn-47275.exeUnicorn-62220.exeUnicorn-12464.exeUnicorn-10004.exeUnicorn-29870.exeUnicorn-29870.exeUnicorn-51551.exeUnicorn-23010.exeUnicorn-29786.exeUnicorn-18926.exeUnicorn-27840.exeUnicorn-47706.exeUnicorn-63850.exeUnicorn-5090.exeUnicorn-49460.exeUnicorn-4535.exeUnicorn-44561.exeUnicorn-31754.exeUnicorn-7804.exeUnicorn-39922.exeUnicorn-39922.exeUnicorn-35838.exeUnicorn-48090.exeUnicorn-54867.exeUnicorn-1582.exe

pid	process
1576	Unicorn-19787.exe
2616	Unicorn-61265.exe
2720	Unicorn-15593.exe
2744	Unicorn-34115.exe
2148	Unicorn-56673.exe
2548	Unicorn-49060.exe
1916	Unicorn-8624.exe
1616	Unicorn-62656.exe
2608	Unicorn-5287.exe
2916	Unicorn-25153.exe
1796	Unicorn-12983.exe
2808	Unicorn-54571.exe
816	Unicorn-23844.exe
2076	Unicorn-55962.exe
2488	Unicorn-60046.exe
2972	Unicorn-7337.exe
1628	Unicorn-14114.exe
3028	Unicorn-52537.exe
1548	Unicorn-46315.exe
2268	Unicorn-15588.exe
1792	Unicorn-22365.exe
1556	Unicorn-11504.exe
1300	Unicorn-19865.exe
1620	Unicorn-19865.exe
772	Unicorn-19865.exe
2220	Unicorn-65536.exe
1952	Unicorn-65536.exe
2864	Unicorn-65536.exe
2988	Unicorn-39299.exe
2176	Unicorn-54244.exe
3008	Unicorn-25101.exe
1736	Unicorn-5235.exe
1804	Unicorn-10710.exe
2008	Unicorn-30939.exe
2480	Unicorn-6989.exe
1808	Unicorn-39107.exe
2704	Unicorn-54052.exe
2776	Unicorn-4296.exe
1252	Unicorn-27409.exe
2672	Unicorn-47275.exe
2516	Unicorn-62220.exe
2676	Unicorn-12464.exe
3056	Unicorn-10004.exe
2200	Unicorn-29870.exe
1640	Unicorn-29870.exe
2836	Unicorn-51551.exe
608	Unicorn-23010.exe
2816	Unicorn-29786.exe
1720	Unicorn-18926.exe
2692	Unicorn-27840.exe
2952	Unicorn-47706.exe
944	Unicorn-63850.exe
1780	Unicorn-5090.exe
2452	Unicorn-49460.exe
1964	Unicorn-4535.exe
1948	Unicorn-44561.exe
1568	Unicorn-31754.exe
988	Unicorn-7804.exe
2172	Unicorn-39922.exe
1816	Unicorn-39922.exe
2072	Unicorn-35838.exe
2164	Unicorn-48090.exe
1748	Unicorn-54867.exe
824	Unicorn-1582.exe

Loads dropped DLL 64 IoCs

Processes:

7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exeUnicorn-19787.exeUnicorn-15593.exeUnicorn-61265.exeUnicorn-56673.exeUnicorn-49060.exeWerFault.exeWerFault.exeUnicorn-8624.exeUnicorn-34115.exeUnicorn-62656.exeUnicorn-5287.exeUnicorn-25153.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-54571.exeUnicorn-23844.exeUnicorn-55962.exe

pid	process
2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe
2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe
1576	Unicorn-19787.exe
2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe
1576	Unicorn-19787.exe
2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe
2720	Unicorn-15593.exe
2616	Unicorn-61265.exe
2616	Unicorn-61265.exe
2720	Unicorn-15593.exe
1576	Unicorn-19787.exe
1576	Unicorn-19787.exe
2148	Unicorn-56673.exe
2148	Unicorn-56673.exe
2720	Unicorn-15593.exe
2720	Unicorn-15593.exe
2616	Unicorn-61265.exe
2616	Unicorn-61265.exe
2548	Unicorn-49060.exe
2548	Unicorn-49060.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
2240	WerFault.exe
1916	Unicorn-8624.exe
1916	Unicorn-8624.exe
2148	Unicorn-56673.exe
2148	Unicorn-56673.exe
2744	Unicorn-34115.exe
2744	Unicorn-34115.exe
1616	Unicorn-62656.exe
1616	Unicorn-62656.exe
2608	Unicorn-5287.exe
2608	Unicorn-5287.exe
2916	Unicorn-25153.exe
2916	Unicorn-25153.exe
2548	Unicorn-49060.exe
2548	Unicorn-49060.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
1472	WerFault.exe
576	WerFault.exe
1472	WerFault.exe
1472	WerFault.exe
1472	WerFault.exe
576	WerFault.exe
1472	WerFault.exe
2808	Unicorn-54571.exe
2808	Unicorn-54571.exe
816	Unicorn-23844.exe
816	Unicorn-23844.exe
2076	Unicorn-55962.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2752	2036	WerFault.exe	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe
2240	2720	WerFault.exe	Unicorn-15593.exe
1868	2616	WerFault.exe	Unicorn-61265.exe
832	2148	WerFault.exe	Unicorn-56673.exe
576	2744	WerFault.exe	Unicorn-34115.exe
1472	2548	WerFault.exe	Unicorn-49060.exe
1836	1916	WerFault.exe	Unicorn-8624.exe
2472	1616	WerFault.exe	Unicorn-62656.exe
2976	2608	WerFault.exe	Unicorn-5287.exe
1740	2916	WerFault.exe	Unicorn-25153.exe
2908	2808	WerFault.exe	Unicorn-54571.exe
2208	816	WerFault.exe	Unicorn-23844.exe
1068	2076	WerFault.exe	Unicorn-55962.exe
1912	2972	WerFault.exe	Unicorn-7337.exe
904	2488	WerFault.exe	Unicorn-60046.exe
3048	1628	WerFault.exe	Unicorn-14114.exe
1652	1796	WerFault.exe	Unicorn-12983.exe
2800	3028	WerFault.exe	Unicorn-52537.exe
544	1548	WerFault.exe	Unicorn-46315.exe
2156	1792	WerFault.exe	Unicorn-22365.exe
1992	2268	WerFault.exe	Unicorn-15588.exe
2068	1556	WerFault.exe	Unicorn-11504.exe
444	1300	WerFault.exe	Unicorn-19865.exe
692	772	WerFault.exe	Unicorn-19865.exe
404	1620	WerFault.exe	Unicorn-19865.exe
2020	2864	WerFault.exe	Unicorn-65536.exe
2464	1952	WerFault.exe	Unicorn-65536.exe
1552	2220	WerFault.exe	Unicorn-65536.exe
2788	2988	WerFault.exe	Unicorn-39299.exe
2384	3008	WerFault.exe	Unicorn-25101.exe
3012	1736	WerFault.exe	Unicorn-5235.exe
1004	1804	WerFault.exe	Unicorn-10710.exe
2512	2008	WerFault.exe	Unicorn-30939.exe
2160	2480	WerFault.exe	Unicorn-6989.exe
928	1808	WerFault.exe	Unicorn-39107.exe
2684	1252	WerFault.exe	Unicorn-27409.exe
3056	2176	WerFault.exe	Unicorn-54244.exe
3084	2776	WerFault.exe	Unicorn-4296.exe
3116	2516	WerFault.exe	Unicorn-62220.exe
3128	1640	WerFault.exe	Unicorn-29870.exe
3172	2836	WerFault.exe	Unicorn-51551.exe
3204	2672	WerFault.exe	Unicorn-47275.exe
3232	2200	WerFault.exe	Unicorn-29870.exe
3348	2676	WerFault.exe	Unicorn-12464.exe
3432	2704	WerFault.exe	Unicorn-54052.exe
3904	2236	WerFault.exe	Unicorn-35454.exe
3468	2692	WerFault.exe	Unicorn-27840.exe
3516	2868	WerFault.exe	Unicorn-52537.exe
3812	824	WerFault.exe	Unicorn-1582.exe
3772	2764	WerFault.exe	Unicorn-52174.exe
3796	2452	WerFault.exe	Unicorn-49460.exe
3880	2644	WerFault.exe	Unicorn-44369.exe
3968	608	WerFault.exe	Unicorn-23010.exe
4056	1928	WerFault.exe	Unicorn-534.exe
3304	1964	WerFault.exe	Unicorn-4535.exe
3372	3068	WerFault.exe	Unicorn-28307.exe
3472	2892	WerFault.exe	Unicorn-26361.exe
3552	2164	WerFault.exe	Unicorn-48090.exe
3784	1572	WerFault.exe	Unicorn-21531.exe
3740	2092	WerFault.exe	Unicorn-17364.exe
4132	944	WerFault.exe	Unicorn-63850.exe
4140	2724	WerFault.exe	Unicorn-60425.exe
4148	2852	WerFault.exe	Unicorn-60150.exe
4200	2224	WerFault.exe	Unicorn-48173.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exeUnicorn-19787.exeUnicorn-15593.exeUnicorn-61265.exeUnicorn-56673.exeUnicorn-49060.exeUnicorn-34115.exeUnicorn-8624.exeUnicorn-62656.exeUnicorn-5287.exeUnicorn-25153.exeUnicorn-12983.exeUnicorn-54571.exeUnicorn-55962.exeUnicorn-23844.exeUnicorn-60046.exeUnicorn-7337.exeUnicorn-14114.exeUnicorn-52537.exeUnicorn-46315.exeUnicorn-15588.exeUnicorn-22365.exeUnicorn-11504.exeUnicorn-19865.exeUnicorn-19865.exeUnicorn-65536.exeUnicorn-19865.exeUnicorn-65536.exeUnicorn-65536.exeUnicorn-39299.exeUnicorn-54244.exeUnicorn-5235.exeUnicorn-10710.exeUnicorn-30939.exeUnicorn-6989.exeUnicorn-39107.exeUnicorn-54052.exeUnicorn-27409.exeUnicorn-4296.exeUnicorn-62220.exeUnicorn-47275.exeUnicorn-12464.exeUnicorn-10004.exeUnicorn-29870.exeUnicorn-29870.exeUnicorn-51551.exeUnicorn-23010.exeUnicorn-29786.exeUnicorn-18926.exeUnicorn-35454.exeUnicorn-27840.exeUnicorn-47706.exeUnicorn-63850.exeUnicorn-5090.exeUnicorn-49460.exeUnicorn-4535.exeUnicorn-44561.exeUnicorn-31754.exeUnicorn-39922.exeUnicorn-7804.exeUnicorn-39922.exeUnicorn-54867.exeUnicorn-35838.exeUnicorn-17364.exe

pid	process
2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe
1576	Unicorn-19787.exe
2720	Unicorn-15593.exe
2616	Unicorn-61265.exe
2148	Unicorn-56673.exe
2548	Unicorn-49060.exe
2744	Unicorn-34115.exe
1916	Unicorn-8624.exe
1616	Unicorn-62656.exe
2608	Unicorn-5287.exe
2916	Unicorn-25153.exe
1796	Unicorn-12983.exe
2808	Unicorn-54571.exe
2076	Unicorn-55962.exe
816	Unicorn-23844.exe
2488	Unicorn-60046.exe
2972	Unicorn-7337.exe
1628	Unicorn-14114.exe
3028	Unicorn-52537.exe
1548	Unicorn-46315.exe
2268	Unicorn-15588.exe
1792	Unicorn-22365.exe
1556	Unicorn-11504.exe
772	Unicorn-19865.exe
1300	Unicorn-19865.exe
1952	Unicorn-65536.exe
1620	Unicorn-19865.exe
2220	Unicorn-65536.exe
2864	Unicorn-65536.exe
2988	Unicorn-39299.exe
2176	Unicorn-54244.exe
1736	Unicorn-5235.exe
1804	Unicorn-10710.exe
2008	Unicorn-30939.exe
2480	Unicorn-6989.exe
1808	Unicorn-39107.exe
2704	Unicorn-54052.exe
1252	Unicorn-27409.exe
2776	Unicorn-4296.exe
2516	Unicorn-62220.exe
2672	Unicorn-47275.exe
2676	Unicorn-12464.exe
3056	Unicorn-10004.exe
1640	Unicorn-29870.exe
2200	Unicorn-29870.exe
2836	Unicorn-51551.exe
608	Unicorn-23010.exe
2816	Unicorn-29786.exe
1720	Unicorn-18926.exe
2236	Unicorn-35454.exe
2692	Unicorn-27840.exe
2952	Unicorn-47706.exe
944	Unicorn-63850.exe
1780	Unicorn-5090.exe
2452	Unicorn-49460.exe
1964	Unicorn-4535.exe
1948	Unicorn-44561.exe
1568	Unicorn-31754.exe
2172	Unicorn-39922.exe
988	Unicorn-7804.exe
1816	Unicorn-39922.exe
1748	Unicorn-54867.exe
2072	Unicorn-35838.exe
2092	Unicorn-17364.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exeUnicorn-19787.exeUnicorn-61265.exeUnicorn-15593.exeUnicorn-56673.exeUnicorn-49060.exeUnicorn-8624.exeUnicorn-34115.exe

description	pid	process	target process
PID 2036 wrote to memory of 1576	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	Unicorn-19787.exe
PID 2036 wrote to memory of 1576	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	Unicorn-19787.exe
PID 2036 wrote to memory of 1576	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	Unicorn-19787.exe
PID 2036 wrote to memory of 1576	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	Unicorn-19787.exe
PID 1576 wrote to memory of 2720	1576	Unicorn-19787.exe	Unicorn-15593.exe
PID 1576 wrote to memory of 2720	1576	Unicorn-19787.exe	Unicorn-15593.exe
PID 1576 wrote to memory of 2720	1576	Unicorn-19787.exe	Unicorn-15593.exe
PID 1576 wrote to memory of 2720	1576	Unicorn-19787.exe	Unicorn-15593.exe
PID 2036 wrote to memory of 2616	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	Unicorn-61265.exe
PID 2036 wrote to memory of 2616	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	Unicorn-61265.exe
PID 2036 wrote to memory of 2616	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	Unicorn-61265.exe
PID 2036 wrote to memory of 2616	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	Unicorn-61265.exe
PID 2036 wrote to memory of 2752	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	WerFault.exe
PID 2036 wrote to memory of 2752	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	WerFault.exe
PID 2036 wrote to memory of 2752	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	WerFault.exe
PID 2036 wrote to memory of 2752	2036	7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe	WerFault.exe
PID 2616 wrote to memory of 2744	2616	Unicorn-61265.exe	Unicorn-34115.exe
PID 2616 wrote to memory of 2744	2616	Unicorn-61265.exe	Unicorn-34115.exe
PID 2616 wrote to memory of 2744	2616	Unicorn-61265.exe	Unicorn-34115.exe
PID 2616 wrote to memory of 2744	2616	Unicorn-61265.exe	Unicorn-34115.exe
PID 2720 wrote to memory of 2148	2720	Unicorn-15593.exe	Unicorn-56673.exe
PID 2720 wrote to memory of 2148	2720	Unicorn-15593.exe	Unicorn-56673.exe
PID 2720 wrote to memory of 2148	2720	Unicorn-15593.exe	Unicorn-56673.exe
PID 2720 wrote to memory of 2148	2720	Unicorn-15593.exe	Unicorn-56673.exe
PID 1576 wrote to memory of 2548	1576	Unicorn-19787.exe	Unicorn-49060.exe
PID 1576 wrote to memory of 2548	1576	Unicorn-19787.exe	Unicorn-49060.exe
PID 1576 wrote to memory of 2548	1576	Unicorn-19787.exe	Unicorn-49060.exe
PID 1576 wrote to memory of 2548	1576	Unicorn-19787.exe	Unicorn-49060.exe
PID 2148 wrote to memory of 1916	2148	Unicorn-56673.exe	Unicorn-8624.exe
PID 2148 wrote to memory of 1916	2148	Unicorn-56673.exe	Unicorn-8624.exe
PID 2148 wrote to memory of 1916	2148	Unicorn-56673.exe	Unicorn-8624.exe
PID 2148 wrote to memory of 1916	2148	Unicorn-56673.exe	Unicorn-8624.exe
PID 2720 wrote to memory of 1616	2720	Unicorn-15593.exe	Unicorn-62656.exe
PID 2720 wrote to memory of 1616	2720	Unicorn-15593.exe	Unicorn-62656.exe
PID 2720 wrote to memory of 1616	2720	Unicorn-15593.exe	Unicorn-62656.exe
PID 2720 wrote to memory of 1616	2720	Unicorn-15593.exe	Unicorn-62656.exe
PID 2616 wrote to memory of 2608	2616	Unicorn-61265.exe	Unicorn-5287.exe
PID 2616 wrote to memory of 2608	2616	Unicorn-61265.exe	Unicorn-5287.exe
PID 2616 wrote to memory of 2608	2616	Unicorn-61265.exe	Unicorn-5287.exe
PID 2616 wrote to memory of 2608	2616	Unicorn-61265.exe	Unicorn-5287.exe
PID 2548 wrote to memory of 2916	2548	Unicorn-49060.exe	Unicorn-25153.exe
PID 2548 wrote to memory of 2916	2548	Unicorn-49060.exe	Unicorn-25153.exe
PID 2548 wrote to memory of 2916	2548	Unicorn-49060.exe	Unicorn-25153.exe
PID 2548 wrote to memory of 2916	2548	Unicorn-49060.exe	Unicorn-25153.exe
PID 2720 wrote to memory of 2240	2720	Unicorn-15593.exe	WerFault.exe
PID 2720 wrote to memory of 2240	2720	Unicorn-15593.exe	WerFault.exe
PID 2720 wrote to memory of 2240	2720	Unicorn-15593.exe	WerFault.exe
PID 2720 wrote to memory of 2240	2720	Unicorn-15593.exe	WerFault.exe
PID 2616 wrote to memory of 1868	2616	Unicorn-61265.exe	WerFault.exe
PID 2616 wrote to memory of 1868	2616	Unicorn-61265.exe	WerFault.exe
PID 2616 wrote to memory of 1868	2616	Unicorn-61265.exe	WerFault.exe
PID 2616 wrote to memory of 1868	2616	Unicorn-61265.exe	WerFault.exe
PID 1916 wrote to memory of 1796	1916	Unicorn-8624.exe	Unicorn-12983.exe
PID 1916 wrote to memory of 1796	1916	Unicorn-8624.exe	Unicorn-12983.exe
PID 1916 wrote to memory of 1796	1916	Unicorn-8624.exe	Unicorn-12983.exe
PID 1916 wrote to memory of 1796	1916	Unicorn-8624.exe	Unicorn-12983.exe
PID 2148 wrote to memory of 2808	2148	Unicorn-56673.exe	Unicorn-54571.exe
PID 2148 wrote to memory of 2808	2148	Unicorn-56673.exe	Unicorn-54571.exe
PID 2148 wrote to memory of 2808	2148	Unicorn-56673.exe	Unicorn-54571.exe
PID 2148 wrote to memory of 2808	2148	Unicorn-56673.exe	Unicorn-54571.exe
PID 2744 wrote to memory of 816	2744	Unicorn-34115.exe	Unicorn-23844.exe
PID 2744 wrote to memory of 816	2744	Unicorn-34115.exe	Unicorn-23844.exe
PID 2744 wrote to memory of 816	2744	Unicorn-34115.exe	Unicorn-23844.exe
PID 2744 wrote to memory of 816	2744	Unicorn-34115.exe	Unicorn-23844.exe

C:\Users\Admin\AppData\Local\Temp\7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe
"C:\Users\Admin\AppData\Local\Temp\7a2a7e3c10de5797d4461da71c1d970a62a75c76ba06c1640ae04221fe266336.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-15593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15593.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-31754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31754.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
10⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
11⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
12⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
13⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-39365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39365.exe
14⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
14⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
13⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
12⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
11⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
10⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
11⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
12⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
13⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
13⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
12⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
11⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
10⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
9⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
10⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-29367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29367.exe
11⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
12⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-8768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8768.exe
13⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
12⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
11⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
10⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
9⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
9⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
10⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
11⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
12⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\Unicorn-48130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48130.exe
13⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
12⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
11⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
10⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
10⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
11⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
12⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
11⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
10⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
9⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
8⤵
- Program crash
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-52174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52174.exe
8⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
9⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
10⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-29367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29367.exe
11⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
12⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
13⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
12⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
11⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 216
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
10⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
11⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
12⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
10⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
9⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
8⤵
- Program crash
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
7⤵
- Program crash
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
8⤵
- Executes dropped EXE
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
9⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
10⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
11⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
12⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
13⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
13⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
12⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
10⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
11⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
12⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
11⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
10⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 220
9⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
8⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
11⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-12852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12852.exe
12⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
11⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 216
9⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
8⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
7⤵
- Executes dropped EXE
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
8⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-13274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13274.exe
10⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
11⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
12⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
11⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
10⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
10⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
11⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
11⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 220
10⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
8⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
10⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
11⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 236
11⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
9⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
8⤵
- Program crash
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
7⤵
- Program crash
PID:2464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
6⤵
- Program crash
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-23010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23010.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
9⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
10⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
11⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
12⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
13⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 220
13⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
11⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
10⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
9⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-60337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60337.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
11⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
12⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 204
12⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
10⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
9⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
8⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-16461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16461.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-54307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54307.exe
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
11⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 208
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 220
11⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
10⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
9⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
8⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
8⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
10⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
11⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-57216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57216.exe
12⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 220
12⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
11⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
9⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
10⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe
11⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
11⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
10⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
9⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
8⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
7⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
11⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
12⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 220
11⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
9⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
10⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
11⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 220
10⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
9⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
8⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
7⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
9⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
10⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
11⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
11⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
10⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
8⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
- Program crash
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
6⤵
- Program crash
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-49460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49460.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
9⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
10⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
11⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
12⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-36604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36604.exe
13⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 204
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
12⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
11⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
10⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-62667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62667.exe
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16246.exe
11⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 220
12⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
11⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
10⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
9⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
8⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
10⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
11⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
12⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
12⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
11⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
10⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
9⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
8⤵
- Program crash
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
8⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
9⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
10⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
11⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
12⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
12⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
11⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
10⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
10⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
11⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 236
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
10⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
9⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
8⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
7⤵
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-42143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42143.exe
8⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-36108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36108.exe
10⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
11⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
12⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 236
12⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
11⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
9⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
10⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
11⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
11⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
10⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
9⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
8⤵
- Program crash
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
7⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
9⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
10⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
11⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 220
11⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 236
10⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
9⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
8⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
7⤵
- Program crash
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
6⤵
- Program crash
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
8⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
10⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-46396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46396.exe
11⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
12⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
12⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
11⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
10⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
11⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
11⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
9⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
10⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
11⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
11⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 220
10⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
8⤵
- Program crash
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
7⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
10⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
11⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
11⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
10⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
9⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
8⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
7⤵
- Program crash
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
10⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
11⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 220
11⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
10⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
9⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
8⤵
- Program crash
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
7⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
8⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
9⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
10⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
10⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
9⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
8⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
7⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
6⤵
- Program crash
PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
5⤵
- Program crash
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-15885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15885.exe
9⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
10⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-13466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13466.exe
11⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
12⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
13⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
12⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
11⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
10⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
11⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
12⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
12⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
10⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
11⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
12⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
12⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 220
11⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
10⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34913.exe
8⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
10⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
11⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
12⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 236
12⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 236
11⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
9⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 220
8⤵
- Program crash
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
8⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
11⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
12⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
12⤵
PID:568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
11⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
10⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
9⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
10⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
11⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
11⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
10⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
9⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
8⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
7⤵
- Program crash
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
8⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-20436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20436.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
10⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe
11⤵
PID:8892

C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
12⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 216
12⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 236
11⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
9⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
10⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
11⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
11⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
10⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
8⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
7⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-207.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-40942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40942.exe
10⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
11⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
9⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
8⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
9⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
10⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
10⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
9⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
8⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
7⤵
- Program crash
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
6⤵
- Program crash
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
7⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
8⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
10⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
11⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
12⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
12⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
11⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
10⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
11⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 220
10⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
10⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 220
11⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 220
10⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
8⤵
- Program crash
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
7⤵
PID:712

C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
10⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
11⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
11⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 220
10⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
9⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 216
8⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
7⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
6⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-46689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46689.exe
9⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
10⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
11⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 220
11⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 236
10⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
8⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-2324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2324.exe
7⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
8⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
9⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
10⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
10⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
9⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
8⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
7⤵
- Program crash
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
6⤵
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
5⤵
- Program crash
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-14114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14114.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-12464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12464.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
8⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
10⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
11⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
12⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
11⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
9⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
10⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
11⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 204
11⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 220
10⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
9⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 220
8⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
7⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
9⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 188
10⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
8⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
9⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
10⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 220
10⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
9⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
8⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
7⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
6⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
7⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
8⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
9⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
10⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
10⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
9⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
8⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
7⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
6⤵
- Program crash
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
6⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
8⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
9⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
10⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
10⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
9⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
8⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
7⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
5⤵
- Program crash
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
6⤵
- Executes dropped EXE
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
8⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
10⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
11⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe
12⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
12⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
11⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
10⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
9⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
8⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
7⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
10⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
11⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 220
11⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
10⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
8⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
7⤵
- Program crash
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
7⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
8⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
10⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
11⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 220
10⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
8⤵
- Program crash
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
7⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
8⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-40366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40366.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
10⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
10⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
9⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
8⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
7⤵
- Program crash
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
6⤵
- Program crash
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
7⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
10⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
11⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 220
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
9⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
8⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
7⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
8⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
9⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
10⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
10⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 220
9⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
8⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
7⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
6⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
8⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
9⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
10⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
9⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
8⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
7⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
6⤵
- Program crash
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
5⤵
- Program crash
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
4⤵
- Loads dropped DLL
- Program crash
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-21448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21448.exe
7⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
8⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
10⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
11⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
12⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
12⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
11⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
8⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
10⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
11⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
11⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
10⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
9⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
7⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-30742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30742.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
9⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
10⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 220
11⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 220
10⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
8⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
7⤵
- Program crash
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
6⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
7⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-51546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51546.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
9⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
10⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
11⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
10⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
9⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
7⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
8⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
9⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
10⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 236
10⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
9⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
8⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 220
7⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
6⤵
- Program crash
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-27409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27409.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
7⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe
9⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
10⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
11⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 236
11⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 236
10⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
8⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
7⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
8⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
9⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
10⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
9⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
8⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 220
7⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
6⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
5⤵
- Program crash
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-64234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64234.exe
6⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
7⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
8⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
10⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
11⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 236
11⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
10⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
9⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
8⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
7⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
8⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
9⤵
PID:8612

C:\Users\Admin\AppData\Local\Temp\Unicorn-59100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59100.exe
10⤵
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 216
10⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 236
9⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
8⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
7⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
6⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
5⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
6⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
7⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
8⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
9⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
10⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
10⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
9⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
8⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
7⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
6⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
7⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
8⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
9⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
8⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
7⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
6⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
5⤵
- Program crash
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
4⤵
- Program crash
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
2⤵
- Program crash
PID:2752

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15593.exe
Filesize
184KB

MD5
c11363c3f452b48acdd9d0befca0819d

SHA1
75aab5199a555bcca9fee1893bdefd33fcc3ce68

SHA256
9b7b7f2eeb1a5658d6162b73ee98b7e552eeb0da80b9c72d04d64df875dfae39

SHA512
26724b1f2a7f8b903773c7014110fa3a4217123ef6b4c6ce800bcd595a73b475fa7d9e703b653236531b1dc660ed8990982955e934d3dd0e6f5f62d6252bf104

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
Filesize
184KB

MD5
641dce1b2d9216c9e833abef8b422da4

SHA1
36465601c9d018b251b3b2f7b3e2fa33a5030afb

SHA256
b6d7191dec4ab3b0819daf02be11dff0ba8a4b15a516f6573a35c66b7d1403b5

SHA512
64e79ee5870030ba15bfb064baf1b107fe3fef95c8dfd48cf588815d3382da19a4630b49e6ed9d5515652db5574bdb304f1770b5d922a02aaa8a68c7368a3b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
Filesize
184KB

MD5
57053b72f2d3348907b0e285720d9d94

SHA1
7e53baf50ec1438a45c7238d0fb091e0c63f53de

SHA256
699301720d7c3ba96a3aafe5ebe6825af16e74c91fb6eb607ea516374913ff25

SHA512
9f354f3d89340e651c11f4a001db82bca6e5de32aefc1b7d2ac7d3b51f17b7cb5919a5e7c9b3e199b3ade25fba5560a887140b5a787baf1863684bc22292bdb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
Filesize
184KB

MD5
3e1d90a5eef87ea97e3eaa9386512e4c

SHA1
4702f9936af31f4a22379738b965ca96d2994268

SHA256
4520dde80669b4a4185e5650afc5d761adc720acbd4a9486f69104c13e0855b1

SHA512
e446cdb78cd71aa113bfe59d03916df83045093b16f79a510621496b1e30f79ce8c75db8361e718e0f1ab027f8c42f2895f951e8462b3383bec44d9210d5c354

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
Filesize
184KB

MD5
9970126889a3c213c67dfdaa64851d22

SHA1
28f3f8b139c28f90aff21fd5b998116bd0411e48

SHA256
8660b9fa674c5bdc5ba59cef3e559766fbfb78364e71f7642eaa03779e221606

SHA512
c1a6a63520c21a24818b11287c243a62a60430be19039cdb14c4eb7d9381636c005a4a7a9d3fd879987c5ea511908a3d6268c9df3ff15f418e1a5172c957e83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
Filesize
184KB

MD5
344e87db29a48804d2fab52fb3ab1f67

SHA1
1c5b1fd83daa69ac639b269033cb1e7079804570

SHA256
5511f052d4f0f8da45afe14b67c9801b27fc97c3709d8fd09be31308f9c2951e

SHA512
2c484fbfdf0453b63489787eee412e0bb532a32e67369530175d72f4093b2b2a062ac379af2bf63f09123abb93c0ac8f36ab2d88faf9cbb80c60df90f4c1004d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
Filesize
184KB

MD5
cd56b9cd3b595c401aee7091675bc707

SHA1
e0311877e6d033f34abf3353d8a86c22c5b2faf8

SHA256
8f3c1f1611c2a06b82e6241c612478ad96666c69ad464f1df79cd052066b735c

SHA512
b12cc0422ed8a209b7db271a7b74eb85aaff663db7075a1ef38ae0e2a0b71e47c30db104e8cb6508410a86317679eefe0eae4c82ec4278a8ca2331e3d346195d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
Filesize
184KB

MD5
f8252174ceaaad87f2c6e5354ff6481a

SHA1
7eb9cba398bb704c6ed994a090bcf9591c85043b

SHA256
2849553dd89916b567f000075a4389edf250ba0d9b8724f2c857964732ecd848

SHA512
e653c2921cc6a361d6e7befa6d8a3b6e4d3f5dce6dd80bd03e95dccdf6bcc4a8d814938f0605da61d25b20de0fdde811f095bddfdd31221272656a12725297c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
Filesize
184KB

MD5
5140ef7e991e4ac9fec8d76a6ef7977b

SHA1
b4b5f5e75bfed5a015a5e61b0642db74bb3f2ee5

SHA256
1feedb9a1bcf7d09368959bbf56bc551c03fa02f8f77d83a22c38fde5092fd2a

SHA512
a5b6682a04abeac30ba6f6130a35763f509cb069ad6c837d01731f51d21edc6f61affef8e8031dcfe25d468aa34c8c9cc5782e7b0a072c614036dd4d24186ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
Filesize
184KB

MD5
e9d8c09735e5a00dc35402775c6fedea

SHA1
c20bb8c67f8178731ad872aa45c3b3c2fcff1d03

SHA256
246e58d35f8d6104b0b5b4b44d01b928234b755c8a44bde567cad6f6aca49be9

SHA512
e9eec9aef4d5875108544f66408691d27fce9e23102fd4325d56ff68fc54bf6f6f0f92863a253193f6ad82af790a1e91efda69d97d3c5c263d08549d1828acfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
Filesize
184KB

MD5
9d6a3c682b181581334d9c82cc0ed240

SHA1
9e0d84979e82b1947c09298a293bdd515f10eb8c

SHA256
1852b3b51ff371cca815247824dc5db5a63d62c86f05ecd54a263a439ba8b2a4

SHA512
56fb8fa137b99ed2c4286d0cf594ca957ef4d184bb31aaa4d5b2ced2a51e7bf499ffa1d4dc293eb0b3c8d03d6286c2c7b57813e24114772e8964504cc63265b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
Filesize
184KB

MD5
4c83c6ebe49e3ee704e395aa792c738a

SHA1
ec3c06fcd08a28d9fec3f4ed213451a35f497111

SHA256
fed86f6d159b54c39a16bb4b5a1c3ccb6db5e24aa4d401cad4307b038c63cfb9

SHA512
11f4610daa3a32b78ee18361f98daf6ed0e60cb6f30f5232f68ac1354af878aa2e85577e20ad415c20c8f09a14cc93d6e8387af88a97eb5087c1b6b3fae315cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
Filesize
184KB

MD5
fcc479b81a6a9d7aab1de9448702cb72

SHA1
7fd58a7b31390188f63758cfa21010d9d3685959

SHA256
8f350226a7069f172101b2820b28e9f39f72f2edc2fce8cd4a5acfb3a3cb9140

SHA512
52b573c73db15b3afa9fdbe3ccb6b7da18ea9cbc24d07f52428811822382dbda421ee9d67c217e5aaf51dc62900d85e9ca3a2257c46bb3b764953cc05420a363

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
Filesize
184KB

MD5
daa9ddf71130383d23f1c87dc9409b0f

SHA1
149f024da1a222e05a4b6102dcb3f93508b576f8

SHA256
2d8c6d6390be04ef51d1465c8dd1de195bbe8791aeac9d75f1a7b078463eb954

SHA512
3ca713334861f26f95d7eb05d323f04a74816ae8c6ca537b771dab0574922e1a291025aff1223ef4848d78df67033ff97063983affcdb7518cd5cb42766ddd92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
Filesize
184KB

MD5
1330fc9c411507afa265c44f959ab4e7

SHA1
9ed12a4af5ec9e0ffd1ee84a9eeff45b425d3917

SHA256
3c72d189a5cd14708256fb9ff8685d4bbf518494780c13e609560e92794b786b

SHA512
60486acd6a3feaf25ee8fe4284d1d4e0247456896330fa0fbc31ddd985af94d063436755b562407a63c0d44a94a1e889f70a2fc04422092e2af7d5c4ec7ff1bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
Filesize
184KB

MD5
91fc685ccb014ae5a08bb109554733e7

SHA1
b26a7dcc93568d9a3de60327098c14716929a654

SHA256
bd152e5e9cf12c9f881105a39c1bc2bc714f554d2faf2304dca9a492915574f2

SHA512
1d03c95e09c4af3a9e011e22d3c6b83e063add3d7a8935a916f30e92605da41771ef8ea3aea7b76a9d45cb3fbdbe5b09208c49f6f6086a2630c64b0b8b31c943

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
Filesize
184KB

MD5
debf74b78c31ffd3c29f6252f85aeb2d

SHA1
c6c0bce27327b7fe54c3c1c7803fb6fcbaeafda7

SHA256
0ceab20da9108d8dc04b8e988d6cf11cca3e078be505345603bdd0908b2f2b12

SHA512
fad947f848f2704a9b5a8271e18e1cf853982a63b6d36b93ed0cb73538acfb5174120638b065f15ed5cca33ceb0296cf436e4b62837b31022bac17a733411651

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
Filesize
184KB

MD5
57f662a6f2dd5150a2642c349ae199d9

SHA1
876522a496fc977149cf75679a4290a406cb4504

SHA256
55fafac63f2af229bb8c0c21e47c4738abc51ed9c739a43a76814511913f367b

SHA512
0989ab9448a2b4a561aaad9d9ae6667b6e989ace8c1d79559066c84b2baad1849a9471ae5f2ae1e56fa4d6e15c2ce7d5fb43b129d98b20bc5fd0c58350f26ba2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
Filesize
184KB

MD5
8497e9344403edf837156806c57fcc9a

SHA1
7059365ca9d32efd35162fec0858d542f4c0df65

SHA256
66a88bee3a1252db275f11479a2ddaee8ab9dd0edd25e5ce681e731a3b7e64a4

SHA512
a0144563652542b1f88d873d28e5701fd0d17d8d6dc9fb7711bd2df3ef806e98f983c62cbc7ba8f0489ee9ac5f98c63ef703d57b0f08ddb9dbeff449528a4f27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
Filesize
184KB

MD5
c8be3f1de826e51425761f628f67c7c5

SHA1
bea4a2f6d471976ea99c2f5aee0a5718fcbe132a

SHA256
216067620a9fa0a0a6812f1d9132c60e8475a0f609974adc82cc7305beca5bee

SHA512
52ec85f53bfcea70f8044ce42a7877e6a5a075a4d0285cec6c7df049dcbf9b3e44bf4e52fbd18f813f328a6a4dd3b9be1417a30cfee7794ae9489a8b3bdc7751

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
Filesize
184KB

MD5
11ca8e3c03ad98ae8fd7adb0c30f8f5f

SHA1
042694904e1caad917040456e310e7e344e35cf7

SHA256
dc1878447527be174eaf73d20fd35ae0a954e29fe336359ed714a4477181951f

SHA512
873765af54dfdf7311803f03af569fe4409f92cafea5b5bb8abe3d3fad0bbe00292d451eac3c47d1dcf25d5b38a6c92629d8e9559d6c7e4c72a8d9f2e78965cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
Filesize
184KB

MD5
ff605b0b1a3d023ae726a2e2280228e3

SHA1
db3d2b0d2a71dfbfb95c37c5e3ff548ce296933f

SHA256
e6d439c00c4ebee901085f48490340a812c4657c4b6d440ffc71ce8ea0a08186

SHA512
e41989268d29bc3ee41a537481412073e4b976fe7a22063185fd2b25bc5a8ced1332d14722162fad51c05f4c8fbd3fa2f9ca4276f3ac4bfb25e138bd55c85491

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
Filesize
184KB

MD5
f274ef1cac552235c60f3c1ae4de9b13

SHA1
622ed0bed00dc4db21c9eac08f7c6bb0b4fbbb29

SHA256
6b80890055dbb25f21ad426c25e200de0938070bdd6b233bb28acae0eb8f01c7

SHA512
0436a7ce462b2e23740e13abb2c62aca66405bd57928569b85ef06387903eda560d32d98f97fe699c452aa42b3f001d0a810dae656bff4889f7809b5a2cb79b2

Download Submit
memory/3008-839-0x0000000002750000-0x00000000028AC000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads