977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe
Size

184KB
MD5

7dbd1fabe6a1d633488739cb8c23dbab
SHA1

56b3211cf4ff3b05c241b5e1b5dfc97776cd247c
SHA256

977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5
SHA512

7bcb1fa01ce70fbbc7cb6c252b4eaeb0ccce552332154a5e9d7d14bd5d56abe1778fa67c8b3f218d55d4ff919c11c02ec684101ed4f33bdb502e5f744ef85662
SSDEEP

3072:9dJ39xoT/KOTdGAWeEwL4PsQhlnViF7n3:9dZo7JGAjLusQhlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-22683.exeUnicorn-17321.exeUnicorn-49287.exeUnicorn-17562.exeUnicorn-37428.exeUnicorn-64973.exeUnicorn-63207.exeUnicorn-54110.exeUnicorn-51842.exeUnicorn-36321.exeUnicorn-16455.exeUnicorn-4801.exeUnicorn-34219.exeUnicorn-29807.exeUnicorn-10756.exeUnicorn-27922.exeUnicorn-47788.exeUnicorn-12100.exeUnicorn-10133.exeUnicorn-54483.exeUnicorn-65536.exeUnicorn-30986.exeUnicorn-11696.exeUnicorn-62480.exeUnicorn-64052.exeUnicorn-54836.exeUnicorn-16304.exeUnicorn-1551.exeUnicorn-36170.exeUnicorn-27897.exeUnicorn-13350.exeUnicorn-59022.exeUnicorn-11705.exeUnicorn-47393.exeUnicorn-9546.exeUnicorn-33444.exeUnicorn-52001.exeUnicorn-14154.exeUnicorn-14154.exeUnicorn-28696.exeUnicorn-38980.exeUnicorn-42785.exeUnicorn-59806.exeUnicorn-40289.exeUnicorn-27160.exeUnicorn-37444.exeUnicorn-44181.exeUnicorn-17672.exeUnicorn-33157.exeUnicorn-32965.exeUnicorn-32341.exeUnicorn-5611.exeUnicorn-42498.exeUnicorn-5419.exeUnicorn-44527.exeUnicorn-47599.exeUnicorn-24168.exeUnicorn-14568.exeUnicorn-13260.exeUnicorn-46063.exeUnicorn-55404.exeUnicorn-55404.exeUnicorn-41507.exeUnicorn-41507.exe

pid	process
1380	Unicorn-22683.exe
2056	Unicorn-17321.exe
2668	Unicorn-49287.exe
2336	Unicorn-17562.exe
2356	Unicorn-37428.exe
2480	Unicorn-64973.exe
2448	Unicorn-63207.exe
2692	Unicorn-54110.exe
2816	Unicorn-51842.exe
1936	Unicorn-36321.exe
1888	Unicorn-16455.exe
1540	Unicorn-4801.exe
2296	Unicorn-34219.exe
1460	Unicorn-29807.exe
2016	Unicorn-10756.exe
984	Unicorn-27922.exe
484	Unicorn-47788.exe
576	Unicorn-12100.exe
1724	Unicorn-10133.exe
1784	Unicorn-54483.exe
1240	Unicorn-65536.exe
1312	Unicorn-30986.exe
2076	Unicorn-11696.exe
916	Unicorn-62480.exe
888	Unicorn-64052.exe
2900	Unicorn-54836.exe
1960	Unicorn-16304.exe
1684	Unicorn-1551.exe
2396	Unicorn-36170.exe
1568	Unicorn-27897.exe
1228	Unicorn-13350.exe
2300	Unicorn-59022.exe
2688	Unicorn-11705.exe
2628	Unicorn-47393.exe
2580	Unicorn-9546.exe
2504	Unicorn-33444.exe
2476	Unicorn-52001.exe
2772	Unicorn-14154.exe
2756	Unicorn-14154.exe
2820	Unicorn-28696.exe
1844	Unicorn-38980.exe
1932	Unicorn-42785.exe
2344	Unicorn-59806.exe
2192	Unicorn-40289.exe
1016	Unicorn-27160.exe
1552	Unicorn-37444.exe
1688	Unicorn-44181.exe
2372	Unicorn-17672.exe
1256	Unicorn-33157.exe
952	Unicorn-32965.exe
1588	Unicorn-32341.exe
2292	Unicorn-5611.exe
836	Unicorn-42498.exe
840	Unicorn-5419.exe
896	Unicorn-44527.exe
2012	Unicorn-47599.exe
3012	Unicorn-24168.exe
1592	Unicorn-14568.exe
2660	Unicorn-13260.exe
2748	Unicorn-46063.exe
2624	Unicorn-55404.exe
2456	Unicorn-55404.exe
2604	Unicorn-41507.exe
2472	Unicorn-41507.exe

Loads dropped DLL 64 IoCs

Processes:

977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exeUnicorn-22683.exeUnicorn-17321.exeUnicorn-49287.exeWerFault.exeUnicorn-17562.exeUnicorn-37428.exeUnicorn-64973.exeWerFault.exeWerFault.exeUnicorn-63207.exeUnicorn-51842.exeUnicorn-36321.exeUnicorn-54110.exeUnicorn-16455.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe
2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe
1380	Unicorn-22683.exe
1380	Unicorn-22683.exe
2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe
2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe
1380	Unicorn-22683.exe
1380	Unicorn-22683.exe
2056	Unicorn-17321.exe
2056	Unicorn-17321.exe
2668	Unicorn-49287.exe
2668	Unicorn-49287.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2336	Unicorn-17562.exe
2336	Unicorn-17562.exe
2356	Unicorn-37428.exe
2356	Unicorn-37428.exe
2056	Unicorn-17321.exe
2056	Unicorn-17321.exe
2668	Unicorn-49287.exe
2480	Unicorn-64973.exe
2480	Unicorn-64973.exe
2668	Unicorn-49287.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2448	Unicorn-63207.exe
2448	Unicorn-63207.exe
2336	Unicorn-17562.exe
2336	Unicorn-17562.exe
2816	Unicorn-51842.exe
2816	Unicorn-51842.exe
1936	Unicorn-36321.exe
1936	Unicorn-36321.exe
2692	Unicorn-54110.exe
2480	Unicorn-64973.exe
2692	Unicorn-54110.exe
1888	Unicorn-16455.exe
2480	Unicorn-64973.exe
1888	Unicorn-16455.exe
2356	Unicorn-37428.exe
2356	Unicorn-37428.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
2092	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2652	2068	WerFault.exe	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe
2332	1380	WerFault.exe	Unicorn-22683.exe
808	2056	WerFault.exe	Unicorn-17321.exe
2148	2668	WerFault.exe	Unicorn-49287.exe
2992	2336	WerFault.exe	Unicorn-17562.exe
1080	2356	WerFault.exe	Unicorn-37428.exe
2092	2480	WerFault.exe	Unicorn-64973.exe
1504	2448	WerFault.exe	Unicorn-63207.exe
2552	2816	WerFault.exe	Unicorn-51842.exe
2640	1936	WerFault.exe	Unicorn-36321.exe
2716	2692	WerFault.exe	Unicorn-54110.exe
2720	1888	WerFault.exe	Unicorn-16455.exe
2040	2296	WerFault.exe	Unicorn-34219.exe
1968	1540	WerFault.exe	Unicorn-4801.exe
1220	2016	WerFault.exe	Unicorn-10756.exe
1096	1460	WerFault.exe	Unicorn-29807.exe
1580	484	WerFault.exe	Unicorn-47788.exe
1620	984	WerFault.exe	Unicorn-27922.exe
2796	576	WerFault.exe	Unicorn-12100.exe
1720	1724	WerFault.exe	Unicorn-10133.exe
2868	1784	WerFault.exe	Unicorn-54483.exe
328	1240	WerFault.exe	Unicorn-65536.exe
2212	1312	WerFault.exe	Unicorn-30986.exe
704	2076	WerFault.exe	Unicorn-11696.exe
1984	916	WerFault.exe	Unicorn-62480.exe
1948	2900	WerFault.exe	Unicorn-54836.exe
2140	888	WerFault.exe	Unicorn-64052.exe
2096	2396	WerFault.exe	Unicorn-36170.exe
1440	1960	WerFault.exe	Unicorn-16304.exe
1456	1684	WerFault.exe	Unicorn-1551.exe
2436	1568	WerFault.exe	Unicorn-27897.exe
2088	2300	WerFault.exe	Unicorn-59022.exe
992	1228	WerFault.exe	Unicorn-13350.exe
2648	2688	WerFault.exe	Unicorn-11705.exe
2788	2628	WerFault.exe	Unicorn-47393.exe
3080	2580	WerFault.exe	Unicorn-9546.exe
3112	2756	WerFault.exe	Unicorn-14154.exe
3120	2476	WerFault.exe	Unicorn-52001.exe
3144	2504	WerFault.exe	Unicorn-33444.exe
3176	1932	WerFault.exe	Unicorn-42785.exe
3200	1016	WerFault.exe	Unicorn-27160.exe
3232	1688	WerFault.exe	Unicorn-44181.exe
3356	2820	WerFault.exe	Unicorn-28696.exe
3952	2192	WerFault.exe	Unicorn-40289.exe
4004	1552	WerFault.exe	Unicorn-37444.exe
3312	2772	WerFault.exe	Unicorn-14154.exe
3668	2372	WerFault.exe	Unicorn-17672.exe
3684	1256	WerFault.exe	Unicorn-33157.exe
3788	2344	WerFault.exe	Unicorn-59806.exe
4068	1844	WerFault.exe	Unicorn-38980.exe
1524	1588	WerFault.exe	Unicorn-32341.exe
3136	840	WerFault.exe	Unicorn-5419.exe
3496	276	WerFault.exe	Unicorn-35730.exe
3552	2980	WerFault.exe	Unicorn-35730.exe
3540	1916	WerFault.exe	Unicorn-39971.exe
3568	2748	WerFault.exe	Unicorn-46063.exe
3696	2760	WerFault.exe	Unicorn-53868.exe
3700	1592	WerFault.exe	Unicorn-14568.exe
3708	2272	WerFault.exe	Unicorn-4044.exe
3776	2696	WerFault.exe	Unicorn-22950.exe
3852	2304	WerFault.exe	Unicorn-5352.exe
3836	2624	WerFault.exe	Unicorn-55404.exe
4000	812	WerFault.exe	Unicorn-34002.exe
4140	836	WerFault.exe	Unicorn-42498.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exeUnicorn-22683.exeUnicorn-17321.exeUnicorn-49287.exeUnicorn-17562.exeUnicorn-37428.exeUnicorn-64973.exeUnicorn-63207.exeUnicorn-51842.exeUnicorn-54110.exeUnicorn-36321.exeUnicorn-16455.exeUnicorn-4801.exeUnicorn-34219.exeUnicorn-10756.exeUnicorn-29807.exeUnicorn-27922.exeUnicorn-12100.exeUnicorn-47788.exeUnicorn-10133.exeUnicorn-54483.exeUnicorn-65536.exeUnicorn-30986.exeUnicorn-11696.exeUnicorn-62480.exeUnicorn-64052.exeUnicorn-54836.exeUnicorn-16304.exeUnicorn-1551.exeUnicorn-36170.exeUnicorn-27897.exeUnicorn-13350.exeUnicorn-59022.exeUnicorn-11705.exeUnicorn-47393.exeUnicorn-9546.exeUnicorn-33444.exeUnicorn-52001.exeUnicorn-14154.exeUnicorn-14154.exeUnicorn-28696.exeUnicorn-38980.exeUnicorn-42785.exeUnicorn-40289.exeUnicorn-59806.exeUnicorn-27160.exeUnicorn-37444.exeUnicorn-44181.exeUnicorn-17672.exeUnicorn-33157.exeUnicorn-32965.exeUnicorn-32341.exeUnicorn-5611.exeUnicorn-42498.exeUnicorn-5419.exeUnicorn-44527.exeUnicorn-47599.exeUnicorn-24168.exeUnicorn-14568.exeUnicorn-13260.exeUnicorn-46063.exeUnicorn-55404.exeUnicorn-55404.exeUnicorn-41507.exe

pid	process
2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe
1380	Unicorn-22683.exe
2056	Unicorn-17321.exe
2668	Unicorn-49287.exe
2336	Unicorn-17562.exe
2356	Unicorn-37428.exe
2480	Unicorn-64973.exe
2448	Unicorn-63207.exe
2816	Unicorn-51842.exe
2692	Unicorn-54110.exe
1936	Unicorn-36321.exe
1888	Unicorn-16455.exe
1540	Unicorn-4801.exe
2296	Unicorn-34219.exe
2016	Unicorn-10756.exe
1460	Unicorn-29807.exe
984	Unicorn-27922.exe
576	Unicorn-12100.exe
484	Unicorn-47788.exe
1724	Unicorn-10133.exe
1784	Unicorn-54483.exe
1240	Unicorn-65536.exe
1312	Unicorn-30986.exe
2076	Unicorn-11696.exe
916	Unicorn-62480.exe
888	Unicorn-64052.exe
2900	Unicorn-54836.exe
1960	Unicorn-16304.exe
1684	Unicorn-1551.exe
2396	Unicorn-36170.exe
1568	Unicorn-27897.exe
1228	Unicorn-13350.exe
2300	Unicorn-59022.exe
2688	Unicorn-11705.exe
2628	Unicorn-47393.exe
2580	Unicorn-9546.exe
2504	Unicorn-33444.exe
2476	Unicorn-52001.exe
2772	Unicorn-14154.exe
2756	Unicorn-14154.exe
2820	Unicorn-28696.exe
1844	Unicorn-38980.exe
1932	Unicorn-42785.exe
2192	Unicorn-40289.exe
2344	Unicorn-59806.exe
1016	Unicorn-27160.exe
1552	Unicorn-37444.exe
1688	Unicorn-44181.exe
2372	Unicorn-17672.exe
1256	Unicorn-33157.exe
952	Unicorn-32965.exe
1588	Unicorn-32341.exe
2292	Unicorn-5611.exe
836	Unicorn-42498.exe
840	Unicorn-5419.exe
896	Unicorn-44527.exe
2012	Unicorn-47599.exe
3012	Unicorn-24168.exe
1592	Unicorn-14568.exe
2660	Unicorn-13260.exe
2748	Unicorn-46063.exe
2624	Unicorn-55404.exe
2456	Unicorn-55404.exe
2604	Unicorn-41507.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exeUnicorn-22683.exeUnicorn-17321.exeUnicorn-49287.exeUnicorn-17562.exeUnicorn-37428.exeUnicorn-64973.exeUnicorn-63207.exe

description	pid	process	target process
PID 2068 wrote to memory of 1380	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	Unicorn-22683.exe
PID 2068 wrote to memory of 1380	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	Unicorn-22683.exe
PID 2068 wrote to memory of 1380	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	Unicorn-22683.exe
PID 2068 wrote to memory of 1380	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	Unicorn-22683.exe
PID 1380 wrote to memory of 2056	1380	Unicorn-22683.exe	Unicorn-17321.exe
PID 1380 wrote to memory of 2056	1380	Unicorn-22683.exe	Unicorn-17321.exe
PID 1380 wrote to memory of 2056	1380	Unicorn-22683.exe	Unicorn-17321.exe
PID 1380 wrote to memory of 2056	1380	Unicorn-22683.exe	Unicorn-17321.exe
PID 2068 wrote to memory of 2668	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	Unicorn-49287.exe
PID 2068 wrote to memory of 2668	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	Unicorn-49287.exe
PID 2068 wrote to memory of 2668	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	Unicorn-49287.exe
PID 2068 wrote to memory of 2668	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	Unicorn-49287.exe
PID 2068 wrote to memory of 2652	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	WerFault.exe
PID 2068 wrote to memory of 2652	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	WerFault.exe
PID 2068 wrote to memory of 2652	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	WerFault.exe
PID 2068 wrote to memory of 2652	2068	977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe	WerFault.exe
PID 1380 wrote to memory of 2336	1380	Unicorn-22683.exe	Unicorn-17562.exe
PID 1380 wrote to memory of 2336	1380	Unicorn-22683.exe	Unicorn-17562.exe
PID 1380 wrote to memory of 2336	1380	Unicorn-22683.exe	Unicorn-17562.exe
PID 1380 wrote to memory of 2336	1380	Unicorn-22683.exe	Unicorn-17562.exe
PID 2056 wrote to memory of 2356	2056	Unicorn-17321.exe	Unicorn-37428.exe
PID 2056 wrote to memory of 2356	2056	Unicorn-17321.exe	Unicorn-37428.exe
PID 2056 wrote to memory of 2356	2056	Unicorn-17321.exe	Unicorn-37428.exe
PID 2056 wrote to memory of 2356	2056	Unicorn-17321.exe	Unicorn-37428.exe
PID 2668 wrote to memory of 2480	2668	Unicorn-49287.exe	Unicorn-64973.exe
PID 2668 wrote to memory of 2480	2668	Unicorn-49287.exe	Unicorn-64973.exe
PID 2668 wrote to memory of 2480	2668	Unicorn-49287.exe	Unicorn-64973.exe
PID 2668 wrote to memory of 2480	2668	Unicorn-49287.exe	Unicorn-64973.exe
PID 1380 wrote to memory of 2332	1380	Unicorn-22683.exe	WerFault.exe
PID 1380 wrote to memory of 2332	1380	Unicorn-22683.exe	WerFault.exe
PID 1380 wrote to memory of 2332	1380	Unicorn-22683.exe	WerFault.exe
PID 1380 wrote to memory of 2332	1380	Unicorn-22683.exe	WerFault.exe
PID 2336 wrote to memory of 2448	2336	Unicorn-17562.exe	Unicorn-63207.exe
PID 2336 wrote to memory of 2448	2336	Unicorn-17562.exe	Unicorn-63207.exe
PID 2336 wrote to memory of 2448	2336	Unicorn-17562.exe	Unicorn-63207.exe
PID 2336 wrote to memory of 2448	2336	Unicorn-17562.exe	Unicorn-63207.exe
PID 2356 wrote to memory of 2692	2356	Unicorn-37428.exe	Unicorn-54110.exe
PID 2356 wrote to memory of 2692	2356	Unicorn-37428.exe	Unicorn-54110.exe
PID 2356 wrote to memory of 2692	2356	Unicorn-37428.exe	Unicorn-54110.exe
PID 2356 wrote to memory of 2692	2356	Unicorn-37428.exe	Unicorn-54110.exe
PID 2056 wrote to memory of 2816	2056	Unicorn-17321.exe	Unicorn-51842.exe
PID 2056 wrote to memory of 2816	2056	Unicorn-17321.exe	Unicorn-51842.exe
PID 2056 wrote to memory of 2816	2056	Unicorn-17321.exe	Unicorn-51842.exe
PID 2056 wrote to memory of 2816	2056	Unicorn-17321.exe	Unicorn-51842.exe
PID 2480 wrote to memory of 1936	2480	Unicorn-64973.exe	Unicorn-36321.exe
PID 2480 wrote to memory of 1936	2480	Unicorn-64973.exe	Unicorn-36321.exe
PID 2480 wrote to memory of 1936	2480	Unicorn-64973.exe	Unicorn-36321.exe
PID 2480 wrote to memory of 1936	2480	Unicorn-64973.exe	Unicorn-36321.exe
PID 2668 wrote to memory of 1888	2668	Unicorn-49287.exe	Unicorn-16455.exe
PID 2668 wrote to memory of 1888	2668	Unicorn-49287.exe	Unicorn-16455.exe
PID 2668 wrote to memory of 1888	2668	Unicorn-49287.exe	Unicorn-16455.exe
PID 2668 wrote to memory of 1888	2668	Unicorn-49287.exe	Unicorn-16455.exe
PID 2056 wrote to memory of 808	2056	Unicorn-17321.exe	WerFault.exe
PID 2056 wrote to memory of 808	2056	Unicorn-17321.exe	WerFault.exe
PID 2056 wrote to memory of 808	2056	Unicorn-17321.exe	WerFault.exe
PID 2056 wrote to memory of 808	2056	Unicorn-17321.exe	WerFault.exe
PID 2668 wrote to memory of 2148	2668	Unicorn-49287.exe	WerFault.exe
PID 2668 wrote to memory of 2148	2668	Unicorn-49287.exe	WerFault.exe
PID 2668 wrote to memory of 2148	2668	Unicorn-49287.exe	WerFault.exe
PID 2668 wrote to memory of 2148	2668	Unicorn-49287.exe	WerFault.exe
PID 2448 wrote to memory of 1540	2448	Unicorn-63207.exe	Unicorn-4801.exe
PID 2448 wrote to memory of 1540	2448	Unicorn-63207.exe	Unicorn-4801.exe
PID 2448 wrote to memory of 1540	2448	Unicorn-63207.exe	Unicorn-4801.exe
PID 2448 wrote to memory of 1540	2448	Unicorn-63207.exe	Unicorn-4801.exe

C:\Users\Admin\AppData\Local\Temp\977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe
"C:\Users\Admin\AppData\Local\Temp\977c0c8d1516a06a10013745f7c041344681b8caffef5ce07374598c349815e5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-47788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47788.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
10⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
11⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe
12⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
13⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
14⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
15⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 236
15⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
14⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
13⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
12⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
11⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-58961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58961.exe
10⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
11⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
12⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
13⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-33732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33732.exe
14⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 236
14⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
13⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 236
12⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
11⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
10⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
9⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
10⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
11⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
12⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
13⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
14⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 216
14⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
13⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
12⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
11⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
10⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 220
9⤵
- Program crash
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
8⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
9⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
11⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
12⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
13⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-23222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23222.exe
14⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
14⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
13⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
12⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
11⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
10⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
9⤵
- Program crash
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
8⤵
- Program crash
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
9⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
11⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe
12⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
13⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
14⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 236
14⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
13⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
12⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
11⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
10⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
11⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
12⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
12⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
11⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
10⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
8⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
9⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
10⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
11⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-59163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59163.exe
12⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
12⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
11⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
9⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
8⤵
- Program crash
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
7⤵
- Program crash
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
9⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-34902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34902.exe
10⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
11⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
12⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
13⤵
PID:11080

C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
14⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 220
14⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
13⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
12⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
11⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
10⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
9⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
8⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
10⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
11⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-4529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4529.exe
12⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
13⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 220
13⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 220
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
11⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
10⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
8⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
7⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
8⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
11⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
12⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
13⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 216
13⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
12⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
11⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
9⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
9⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
10⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe
11⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
12⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 220
12⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
11⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
10⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
9⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
8⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
7⤵
- Program crash
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
6⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
9⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
10⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
11⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
12⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
13⤵
PID:12056

C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
14⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
13⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
12⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
11⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
10⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
9⤵
- Program crash
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-15179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15179.exe
8⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
11⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-38794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38794.exe
12⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
13⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
13⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
12⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
10⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
9⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
8⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
7⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
8⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
9⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
11⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
12⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
9⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
8⤵
- Program crash
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
7⤵
- Program crash
PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
6⤵
- Program crash
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
8⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe
11⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
12⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
13⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 236
13⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
12⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
10⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 216
9⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
8⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-24168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24168.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
10⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
11⤵
PID:9740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
12⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 236
12⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
11⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
10⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
9⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
7⤵
- Program crash
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
8⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
10⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
11⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
12⤵
PID:10600

C:\Users\Admin\AppData\Local\Temp\Unicorn-19893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19893.exe
13⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10600 -s 216
13⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
12⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
11⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 220
10⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
9⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
8⤵
- Program crash
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
7⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
8⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
9⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
10⤵
PID:9256

C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
11⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 216
11⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 236
10⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
9⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 216
8⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
7⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
6⤵
- Program crash
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-42785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42785.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
7⤵
- Executes dropped EXE
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
8⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-42980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42980.exe
11⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
12⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
13⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
13⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
12⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
11⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
10⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
9⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
11⤵
PID:10676

C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
12⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10676 -s 216
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
11⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
10⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
9⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
8⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
7⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
6⤵
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
7⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-62993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62993.exe
10⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
11⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 236
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
10⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
9⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
8⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
7⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
6⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
5⤵
- Program crash
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
9⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
10⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
11⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
12⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-42461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42461.exe
13⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
14⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
15⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 216
15⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
14⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
13⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
12⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
11⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
10⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
11⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-65157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65157.exe
12⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
13⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
14⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
13⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
12⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 220
11⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 220
10⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
9⤵
- Program crash
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
8⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
10⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
12⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
13⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 216
13⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 220
12⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 236
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
9⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
8⤵
- Program crash
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
8⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
10⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-55499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55499.exe
11⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
12⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
13⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 236
13⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 236
12⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
11⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
11⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
12⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
13⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
12⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
11⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 236
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
9⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
8⤵
- Program crash
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
7⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
8⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
10⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
11⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
12⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
13⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12072 -s 200
14⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 236
13⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
12⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
11⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
10⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
10⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
11⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
12⤵
PID:10328

C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
13⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 220
13⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
11⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
9⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
8⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-28982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28982.exe
7⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
10⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
11⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
12⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 236
12⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
10⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
8⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
7⤵
- Program crash
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
6⤵
- Program crash
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-11705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11705.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-32965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32965.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
8⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
10⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
11⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\Unicorn-23239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23239.exe
12⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
13⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 236
13⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
12⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
11⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
10⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
9⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
10⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
11⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
12⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 236
12⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
11⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
9⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
7⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
10⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
11⤵
PID:9556

C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
12⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 236
12⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
10⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
9⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 216
8⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
7⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-3062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3062.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-21397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21397.exe
10⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
11⤵
PID:9548

C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
12⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9548 -s 220
12⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
11⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
9⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
7⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
8⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
9⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
10⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
11⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
11⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
10⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
9⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
8⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
7⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
6⤵
- Program crash
PID:328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
5⤵
- Program crash
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 320
5⤵
- Program crash
PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
9⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
10⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
11⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
12⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-57086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57086.exe
13⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-5304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5304.exe
14⤵
PID:11960

C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
15⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
14⤵
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 236
13⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
12⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
11⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
10⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
11⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
12⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
13⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 236
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 236
12⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
11⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 220
9⤵
- Program crash
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
8⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
10⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
11⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
12⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-36079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36079.exe
13⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 216
13⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 236
12⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
11⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
10⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
9⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
8⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
8⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
11⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
12⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
13⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
13⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
12⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
11⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
10⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
11⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
12⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
12⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 236
11⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
10⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
9⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 220
8⤵
- Program crash
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
7⤵
- Program crash
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-44527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44527.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
8⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
11⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
12⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
13⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
13⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 236
12⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
11⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
10⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
10⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
11⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 236
12⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
11⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
10⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
7⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
10⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
11⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
12⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 236
12⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
11⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 236
10⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
8⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
7⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
6⤵
- Program crash
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
8⤵
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
11⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-8513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8513.exe
12⤵
PID:9412

C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
13⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
13⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
12⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 216
9⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
8⤵
- Program crash
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
7⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
9⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
10⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
11⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
12⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
11⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 236
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
8⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
7⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
7⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
10⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
11⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
12⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 216
12⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
11⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
10⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
8⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-58961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58961.exe
7⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
8⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-44904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44904.exe
9⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
10⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
11⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 236
11⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
10⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
9⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
8⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
7⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
6⤵
- Program crash
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
5⤵
- Program crash
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-36170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36170.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
7⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
8⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
11⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
12⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
13⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
10⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
9⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 216
8⤵
- Program crash
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
7⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
8⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
10⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
11⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
12⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
10⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
9⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 216
8⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
7⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
6⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-1578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1578.exe
7⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-40148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40148.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
10⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
11⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
12⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
12⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
10⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
9⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
8⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
7⤵
- Program crash
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
6⤵
- Program crash
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
6⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
7⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
8⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
9⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
10⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
11⤵
PID:10696

C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 220
12⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
11⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
10⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
9⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
8⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
7⤵
- Program crash
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
6⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-24269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24269.exe
7⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
8⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
9⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
10⤵
PID:11568

C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
11⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
10⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 236
9⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
7⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
6⤵
- Program crash
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
5⤵
- Program crash
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
7⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-50924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50924.exe
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
11⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
12⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
12⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
11⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
10⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
8⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
7⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-40779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40779.exe
8⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
9⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
10⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
11⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 216
11⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
10⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
9⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
8⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 220
7⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
6⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
7⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
8⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe
9⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
10⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
11⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
10⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
9⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
8⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
7⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 220
6⤵
- Program crash
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 216
5⤵
- Program crash
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-27897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27897.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
7⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
9⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
10⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
11⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 236
12⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
11⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
8⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
7⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
6⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
7⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
9⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
10⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
11⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 236
11⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
10⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
9⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
8⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 220
6⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
5⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
6⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
7⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
8⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe
9⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
10⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-28339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28339.exe
11⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
11⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
10⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
9⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
8⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
7⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
6⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
7⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
8⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
9⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
10⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
10⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
9⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
8⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
7⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
6⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
5⤵
- Program crash
PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
4⤵
- Program crash
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
2⤵
- Program crash
PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe

Filesize
184KB

MD5
54c571233fc72054e17a20657a616adb

SHA1
db289b03829122a0d90429b2bbba102cbb100a7e

SHA256
cf90db85934bb0db659af2f97869b981f10809e302bcb22682ad517dfa46f037

SHA512
3cd1b586ba3ffdfb979e03f6722d2430cca50386f849249e9147b2a05d8b2269eabb3490ff1bbe879a0aa8fe199536db952dd314e51fcae7cc22b737f7982c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe

Filesize
184KB

MD5
3f0e48ddd2598b65629f31414d020c21

SHA1
d75f57b989a71f84e2e413c1ab511ab473b3a07b

SHA256
85ee155bf5fead216f0b4f1dfb37601cf17373906bad86dd90b0a746d928a6e0

SHA512
025676ed80f7f4e0c3e855e453e090acaf7a3ec256e3f048fefa3f19539b53b874a57a50cdaec28a4c67916360bbab8519fa815b8d829f2a8fde850b1e048433

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe

Filesize
184KB

MD5
cb0aca8a71e84850572e450084ee1823

SHA1
36ec4a8c6e7ddc59f90c7c049ee9f52af25ecc1b

SHA256
2407961b1f2b388e8139e427d881834e222ab50d4d0d672932a40bf883e74dbd

SHA512
8349bc35a90dee4c30f1a2289ec840a903cfeeddd96dcf4bb107c00e00d5f6ce34a650fbce35e5e839f47f55c009e07ee18160ef98a9e031039a201c4d729d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe

Filesize
184KB

MD5
4ef9a606f375899255f4436e8ee4c096

SHA1
8422ed0c36a0ba5f0c5ac19ab5160511ce1bf2d2

SHA256
7e24108ce80462ec106aed5710842c0ee09f1eda3ff40144cc5eb15b19de2f4b

SHA512
5c5ad7bb8471cfeca55168e83e4d9cebdaff1cefdf2ed5bb0c5605ed05a91a9bb52b8dac20a71dc1b71db0c9697c80dea1284a57bca42296f4d445bfec8606d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe

Filesize
184KB

MD5
e49bf04320e2b019f20e920f5d35fdfd

SHA1
d23f76f5bb5e33ebd48a2a498dc03b4b5e977514

SHA256
1f3cef206eaa71aebfb183eb1c1f844a6eac8e4e50d114b6e781037c1e857362

SHA512
2323956ed9df74b366f51a4030cf4eaccf9e2d748506a5c24bc0f7e366718f98989cd2dbd26d35cffe180e06ebdb78b09d6d4e3d333279e10547a5b81bfa2802

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe

Filesize
184KB

MD5
eed2747d0fffe8d333de0847e921d92e

SHA1
1b892e1845a406d7e3803f04415ffd6c7d4eff84

SHA256
1ef8405859e737424779689e74ea7ea3e338f003c0404618740cef1925dfe0b2

SHA512
1693900cfbe574e3d8721e0538c889f30e2bb30b5583a4fdd58848eae087cfd7df35bfe95b5b464ab3b232531394db8c2590b0392cef5c161f59f1534e21e2cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe

Filesize
184KB

MD5
ff567ccbca6ffd2f3cb64898c5634031

SHA1
72703dca5fe63fb189f11f13bf690a2367cb44ee

SHA256
9ab961314022692302419d9c69b6bb309ef679dcb942dd78499f108e23111ecc

SHA512
38847c7f26672a69d1f13389c27b3f0210851a97de83199104ca39b9e9cdcc0a4673455210f4e93500e922471699374522029809784b90741820c6831ec83416

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe

Filesize
184KB

MD5
a43e7f101b26ee3b671a0d51bff3f6ab

SHA1
5d7534c1efdb8b959756f97f440da0e8b0c7b45a

SHA256
1b341be62de84bcd1259ec0dc86ce911073ac8e1c8fb7284b07945d2f772e328

SHA512
ab56671a2f1541a9c534986d1ba8f1730c17e4f9dbe5acd9eef8ff0d9000f3f1568b7c937a7255239aaf4b49b753baea05b525896637a450d2d1f1f9830da623

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe

Filesize
184KB

MD5
66f95b32180235eb5ee21622ed02ef59

SHA1
8414b387b3e719f396b3e92292781dd19949af41

SHA256
7ebd643dbc23b815825d74a6804f0368519c875360120ccfd0af43b87349fe2b

SHA512
103f1fa8550345f65df5ff11a76e643a4dac572926d8c2024afc3c41280500ca73de84a5c2e1ddd79b9678732c4080f9c7725a1f0c69bb90a0a4fbf15b7b8490

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe

Filesize
184KB

MD5
b70a2fd876ddd5419a4c802b0fbfba56

SHA1
1523f9865bd3968776f0e25ace29ca0295d9bb7d

SHA256
a2a72918ef5e77245a09791958bcb1fb65d5d1a36fcb4f295a2e5a70f53155d5

SHA512
080867986a016c738f4efdd59450af9f12cae44b053b0bdf8f508da4658177f2b564f2f3b8dab7a60db7cac5ffbd9e4008bc3ba29583a4df3eeef104f185e10e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe

Filesize
184KB

MD5
bafeffca5cc83afe172f991b568166e0

SHA1
97ad88dc329cad7cfa52abe5a86b5ba40c9f6f7a

SHA256
fbfd49ac1df151d3f6b4c600932d446e5bb9f50f586ff4728136d38b1f700776

SHA512
fcdf5d067878eaaad335107cd831caccfa2089506cfb2df657efd9cf836a9ef484eeba0ef4894b21486bd1762d09e7cd82d965b5b7164ff18591ab5d42b5959c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe

Filesize
184KB

MD5
c07dab777747a2b9ce4759e217963ea5

SHA1
a746d5556b79d44ac0d49359ca659d066030c15f

SHA256
34d8959d024398213cc15f34366caa239e878a85d44ee97bc622fb1a5098153f

SHA512
facc038c43f89b2e1797bc4a96c94e74d9db4afe7125943ee4ac5bbc1eda2815879e272bc8499b7bf66a3e865f4748c9e71825738a7b333fb0110829fa685ff9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe

Filesize
184KB

MD5
7e17e35818db8c7d0993b2bf7b11b807

SHA1
bb26d2738b1cc32f7c4bb84b28ba4aef744a6012

SHA256
8c57573134eaee210e35514e62babd1be4fe5f59d7bfeb4831da63cc89449429

SHA512
912f75945c2dc678799957b918b95395f7e623a63b4babc40ee02622aec1aeab9c0778f4b32793f24ac98ea75ba2449ef559db3d859d1a9cc911fdcae5f72c06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe

Filesize
184KB

MD5
fdea1170496a452b402321c675b09768

SHA1
e7e8d3af2073d055cb5629003480fac7caf6d2c2

SHA256
5053147c17358dc53a9a6b064c27ea699ee834ff0e82858e002489338ca9a43a

SHA512
b05f20943df9960c91da369f392297f258a7618ca80409de27ffed1a9128c002c3a659ae8afebd4db44b94079b4a6f3bebbf337d0cc4293437c059d05e2addf3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe

Filesize
184KB

MD5
71b7190681ef5fa3fccf47a497522b27

SHA1
c5b6b6d80d9f818d82fc62174b2d95174411e0a3

SHA256
ccfc73ae612bf5ece1366992d4659b19cb481e1f2585e5affc78848aa62b2dd8

SHA512
62095ab6017f633bfb114ed6b5887b6a867fad0e0959a2171eb4896447c8cda25b09c9cac994729edc839afa47d30db2cc3c7f05ca7cffef29e9233e1fafb2ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe

Filesize
184KB

MD5
001dedfc944cc08e841f29d0d41e9eb2

SHA1
bfb3933f5d60f8d3fefae6cfd091bb2a0b97f757

SHA256
b5f54612f92f0a31e83ee0183389ef3d637038dca2573b9eb4ed1b0744a69632

SHA512
fca206496dac558002c49484749b088cdc76830946f7e2ce987616a3a0894384bef785beb2c7c5e588929065f71abf6beae36a01661cc80a0cad3d532c7bc23e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe

Filesize
184KB

MD5
a6e2dbd91d9fbae7387ff321b9c9006b

SHA1
381fb4efc063c8482ad8535191c2a7bbffe1cf22

SHA256
dc353b3f2e5692feb643ff0f0049c14e85a53a029e10235c4927140209756876

SHA512
837812ddfab77fd66af05739fb7d999380bd1bb90a79ad25d5d61cb6780969cf060966af556db6356f1fc5cbbedd9bbc444d1a1926a8db965351a999a85b26ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe

Filesize
184KB

MD5
9f4a54d9cbec04c4d9a7748d98e71f65

SHA1
e14bea25143617a80f5973577390d49441f7356b

SHA256
b298f254c6d865066bcdfb97c0f9d48e9c705e713d0aaffef5d39206b03d48dc

SHA512
9eacdc7b3b157e665c43f29bfc4315cb504421d7fbf9ccce27bd169901b29afd1c2c3665e20c2adcc447819bda169ea179179e54d91d452c4d8aeea07bb8209f

Download Submit