89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe
Size

184KB
MD5

6e1f79cc8a0f5768611cca63a83f047e
SHA1

6acb6c0a6dbb2402715f356417ceb544ce71d2ea
SHA256

89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051
SHA512

c34a47cd168188d5abb8247c2c5971c849183f58d7d83661b2df7e7c470db6ea206f757faa4f22ba8c2b6fd3330e09e23dffa90b2b40e9c24385cc7395707a71
SSDEEP

3072:m3e3rCoT74hTdFJWebwLRqsThlnViFFn3:m3Do6JFJuL4sThlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-10465.exeUnicorn-10722.exeUnicorn-55870.exeUnicorn-61620.exeUnicorn-18497.exeUnicorn-56265.exeUnicorn-36626.exeUnicorn-42219.exeUnicorn-24338.exeUnicorn-24338.exeUnicorn-27383.exeUnicorn-64480.exeUnicorn-8325.exeUnicorn-12306.exeUnicorn-17403.exeUnicorn-63074.exeUnicorn-48596.exeUnicorn-3614.exeUnicorn-57903.exeUnicorn-9693.exeUnicorn-9693.exeUnicorn-39080.exeUnicorn-1004.exeUnicorn-46152.exeUnicorn-28078.exeUnicorn-39483.exeUnicorn-33366.exeUnicorn-33366.exeUnicorn-61985.exeUnicorn-38462.exeUnicorn-61985.exeUnicorn-4255.exeUnicorn-9351.exeUnicorn-9351.exeUnicorn-44307.exeUnicorn-44307.exeUnicorn-52408.exeUnicorn-37285.exeUnicorn-62600.exeUnicorn-37114.exeUnicorn-31003.exeUnicorn-31003.exeUnicorn-38285.exeUnicorn-38285.exeUnicorn-58504.exeUnicorn-63247.exeUnicorn-63247.exeUnicorn-48478.exeUnicorn-48478.exeUnicorn-44518.exeUnicorn-53729.exeUnicorn-20990.exeUnicorn-55421.exeUnicorn-43989.exeUnicorn-38922.exeUnicorn-2440.exeUnicorn-61921.exeUnicorn-13343.exeUnicorn-17797.exeUnicorn-57210.exeUnicorn-1055.exeUnicorn-19873.exeUnicorn-62353.exeUnicorn-64016.exe

pid	process
2408	Unicorn-10465.exe
3036	Unicorn-10722.exe
3032	Unicorn-55870.exe
2776	Unicorn-61620.exe
2880	Unicorn-18497.exe
2672	Unicorn-56265.exe
296	Unicorn-36626.exe
2824	Unicorn-42219.exe
1708	Unicorn-24338.exe
392	Unicorn-24338.exe
1972	Unicorn-27383.exe
624	Unicorn-64480.exe
1320	Unicorn-8325.exe
1800	Unicorn-12306.exe
2120	Unicorn-17403.exe
2912	Unicorn-63074.exe
1080	Unicorn-48596.exe
1172	Unicorn-3614.exe
1484	Unicorn-57903.exe
2024	Unicorn-9693.exe
2448	Unicorn-9693.exe
2316	Unicorn-39080.exe
1980	Unicorn-1004.exe
1368	Unicorn-46152.exe
1048	Unicorn-28078.exe
896	Unicorn-39483.exe
1052	Unicorn-33366.exe
1936	Unicorn-33366.exe
3000	Unicorn-61985.exe
2280	Unicorn-38462.exe
284	Unicorn-61985.exe
2020	Unicorn-4255.exe
800	Unicorn-9351.exe
1120	Unicorn-9351.exe
2792	Unicorn-44307.exe
1384	Unicorn-44307.exe
2748	Unicorn-52408.exe
2692	Unicorn-37285.exe
2556	Unicorn-62600.exe
2640	Unicorn-37114.exe
2552	Unicorn-31003.exe
2544	Unicorn-31003.exe
2352	Unicorn-38285.exe
2964	Unicorn-38285.exe
1904	Unicorn-58504.exe
2812	Unicorn-63247.exe
2680	Unicorn-63247.exe
2780	Unicorn-48478.exe
2860	Unicorn-48478.exe
1676	Unicorn-44518.exe
1900	Unicorn-53729.exe
2052	Unicorn-20990.exe
784	Unicorn-55421.exe
576	Unicorn-43989.exe
2972	Unicorn-38922.exe
2340	Unicorn-2440.exe
2108	Unicorn-61921.exe
1040	Unicorn-13343.exe
752	Unicorn-17797.exe
1720	Unicorn-57210.exe
2156	Unicorn-1055.exe
1544	Unicorn-19873.exe
1300	Unicorn-62353.exe
316	Unicorn-64016.exe

Loads dropped DLL 64 IoCs

Processes:

89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exeUnicorn-10465.exeUnicorn-10722.exeUnicorn-55870.exeWerFault.exeUnicorn-18497.exeUnicorn-56265.exeUnicorn-61620.exeWerFault.exeWerFault.exeUnicorn-36626.exeUnicorn-24338.exeUnicorn-42219.exeUnicorn-27383.exeUnicorn-24338.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe
2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe
2408	Unicorn-10465.exe
2408	Unicorn-10465.exe
2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe
2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe
3036	Unicorn-10722.exe
2408	Unicorn-10465.exe
2408	Unicorn-10465.exe
3036	Unicorn-10722.exe
3032	Unicorn-55870.exe
3032	Unicorn-55870.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2880	Unicorn-18497.exe
2880	Unicorn-18497.exe
3036	Unicorn-10722.exe
3036	Unicorn-10722.exe
2672	Unicorn-56265.exe
2776	Unicorn-61620.exe
2672	Unicorn-56265.exe
2776	Unicorn-61620.exe
3032	Unicorn-55870.exe
3032	Unicorn-55870.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
2392	WerFault.exe
1552	WerFault.exe
296	Unicorn-36626.exe
296	Unicorn-36626.exe
2880	Unicorn-18497.exe
2880	Unicorn-18497.exe
392	Unicorn-24338.exe
392	Unicorn-24338.exe
2824	Unicorn-42219.exe
2776	Unicorn-61620.exe
2824	Unicorn-42219.exe
2776	Unicorn-61620.exe
1972	Unicorn-27383.exe
1972	Unicorn-27383.exe
1708	Unicorn-24338.exe
1708	Unicorn-24338.exe
2672	Unicorn-56265.exe
2672	Unicorn-56265.exe
1844	WerFault.exe
1844	WerFault.exe
1844	WerFault.exe
1844	WerFault.exe
1844	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
856	WerFault.exe
1760	WerFault.exe
856	WerFault.exe
1760	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2276	2412	WerFault.exe	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe
2960	2408	WerFault.exe	Unicorn-10465.exe
2392	3036	WerFault.exe	Unicorn-10722.exe
1552	3032	WerFault.exe	Unicorn-55870.exe
1844	2880	WerFault.exe	Unicorn-18497.exe
856	2776	WerFault.exe	Unicorn-61620.exe
1760	2672	WerFault.exe	Unicorn-56265.exe
1732	296	WerFault.exe	Unicorn-36626.exe
1748	392	WerFault.exe	Unicorn-24338.exe
2996	2824	WerFault.exe	Unicorn-42219.exe
1548	1972	WerFault.exe	Unicorn-27383.exe
2116	1708	WerFault.exe	Unicorn-24338.exe
1940	1320	WerFault.exe	Unicorn-8325.exe
1628	624	WerFault.exe	Unicorn-64480.exe
2968	1800	WerFault.exe	Unicorn-12306.exe
1928	2120	WerFault.exe	Unicorn-17403.exe
2488	2912	WerFault.exe	Unicorn-63074.exe
1200	1172	WerFault.exe	Unicorn-3614.exe
1496	1080	WerFault.exe	Unicorn-48596.exe
1224	1484	WerFault.exe	Unicorn-57903.exe
1764	2316	WerFault.exe	Unicorn-39080.exe
1564	2024	WerFault.exe	Unicorn-9693.exe
1344	2448	WerFault.exe	Unicorn-9693.exe
1388	1980	WerFault.exe	Unicorn-1004.exe
1768	1368	WerFault.exe	Unicorn-46152.exe
2420	896	WerFault.exe	Unicorn-39483.exe
548	1048	WerFault.exe	Unicorn-28078.exe
2580	1936	WerFault.exe	Unicorn-33366.exe
2892	2280	WerFault.exe	Unicorn-38462.exe
2704	1052	WerFault.exe	Unicorn-33366.exe
2700	284	WerFault.exe	Unicorn-61985.exe
2836	3000	WerFault.exe	Unicorn-61985.exe
3296	2020	WerFault.exe	Unicorn-4255.exe
3320	2748	WerFault.exe	Unicorn-52408.exe
3344	1120	WerFault.exe	Unicorn-9351.exe
3336	2792	WerFault.exe	Unicorn-44307.exe
3456	2692	WerFault.exe	Unicorn-37285.exe
3564	2352	WerFault.exe	Unicorn-38285.exe
3608	800	WerFault.exe	Unicorn-9351.exe
3616	2556	WerFault.exe	Unicorn-62600.exe
3744	2640	WerFault.exe	Unicorn-37114.exe
3840	2680	WerFault.exe	Unicorn-63247.exe
3904	2860	WerFault.exe	Unicorn-48478.exe
3920	1904	WerFault.exe	Unicorn-58504.exe
3984	2780	WerFault.exe	Unicorn-48478.exe
3304	2964	WerFault.exe	Unicorn-38285.exe
3516	2812	WerFault.exe	Unicorn-63247.exe
3736	1384	WerFault.exe	Unicorn-44307.exe
3972	752	WerFault.exe	Unicorn-17797.exe
3980	2156	WerFault.exe	Unicorn-1055.exe
4016	1040	WerFault.exe	Unicorn-13343.exe
4084	2544	WerFault.exe	Unicorn-31003.exe
3132	1300	WerFault.exe	Unicorn-62353.exe
3188	316	WerFault.exe	Unicorn-64016.exe
3260	2708	WerFault.exe	Unicorn-29113.exe
3640	2552	WerFault.exe	Unicorn-31003.exe
3644	2728	WerFault.exe	Unicorn-25517.exe
3724	1432	WerFault.exe	Unicorn-8246.exe
3752	2160	WerFault.exe	Unicorn-50680.exe
3820	1716	WerFault.exe	Unicorn-23082.exe
3836	2432	WerFault.exe	Unicorn-28112.exe
3824	2660	WerFault.exe	Unicorn-59372.exe
3156	2940	WerFault.exe	Unicorn-16825.exe
3220	2760	WerFault.exe	Unicorn-17297.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exeUnicorn-10465.exeUnicorn-10722.exeUnicorn-55870.exeUnicorn-18497.exeUnicorn-61620.exeUnicorn-56265.exeUnicorn-36626.exeUnicorn-42219.exeUnicorn-24338.exeUnicorn-27383.exeUnicorn-24338.exeUnicorn-8325.exeUnicorn-64480.exeUnicorn-12306.exeUnicorn-17403.exeUnicorn-48596.exeUnicorn-63074.exeUnicorn-3614.exeUnicorn-57903.exeUnicorn-9693.exeUnicorn-39080.exeUnicorn-9693.exeUnicorn-1004.exeUnicorn-46152.exeUnicorn-28078.exeUnicorn-39483.exeUnicorn-61985.exeUnicorn-33366.exeUnicorn-33366.exeUnicorn-61985.exeUnicorn-38462.exeUnicorn-4255.exeUnicorn-9351.exeUnicorn-44307.exeUnicorn-44307.exeUnicorn-9351.exeUnicorn-52408.exeUnicorn-37285.exeUnicorn-62600.exeUnicorn-37114.exeUnicorn-31003.exeUnicorn-31003.exeUnicorn-38285.exeUnicorn-38285.exeUnicorn-58504.exeUnicorn-63247.exeUnicorn-63247.exeUnicorn-48478.exeUnicorn-48478.exeUnicorn-44518.exeUnicorn-53729.exeUnicorn-20990.exeUnicorn-55421.exeUnicorn-43989.exeUnicorn-38922.exeUnicorn-2440.exeUnicorn-61921.exeUnicorn-13343.exeUnicorn-17797.exeUnicorn-57210.exeUnicorn-1055.exeUnicorn-19873.exeUnicorn-62353.exe

pid	process
2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe
2408	Unicorn-10465.exe
3036	Unicorn-10722.exe
3032	Unicorn-55870.exe
2880	Unicorn-18497.exe
2776	Unicorn-61620.exe
2672	Unicorn-56265.exe
296	Unicorn-36626.exe
2824	Unicorn-42219.exe
392	Unicorn-24338.exe
1972	Unicorn-27383.exe
1708	Unicorn-24338.exe
1320	Unicorn-8325.exe
624	Unicorn-64480.exe
1800	Unicorn-12306.exe
2120	Unicorn-17403.exe
1080	Unicorn-48596.exe
2912	Unicorn-63074.exe
1172	Unicorn-3614.exe
1484	Unicorn-57903.exe
2024	Unicorn-9693.exe
2316	Unicorn-39080.exe
2448	Unicorn-9693.exe
1980	Unicorn-1004.exe
1368	Unicorn-46152.exe
1048	Unicorn-28078.exe
896	Unicorn-39483.exe
3000	Unicorn-61985.exe
1052	Unicorn-33366.exe
1936	Unicorn-33366.exe
284	Unicorn-61985.exe
2280	Unicorn-38462.exe
2020	Unicorn-4255.exe
800	Unicorn-9351.exe
2792	Unicorn-44307.exe
1384	Unicorn-44307.exe
1120	Unicorn-9351.exe
2748	Unicorn-52408.exe
2692	Unicorn-37285.exe
2556	Unicorn-62600.exe
2640	Unicorn-37114.exe
2544	Unicorn-31003.exe
2552	Unicorn-31003.exe
2964	Unicorn-38285.exe
2352	Unicorn-38285.exe
1904	Unicorn-58504.exe
2812	Unicorn-63247.exe
2680	Unicorn-63247.exe
2860	Unicorn-48478.exe
2780	Unicorn-48478.exe
1676	Unicorn-44518.exe
1900	Unicorn-53729.exe
2052	Unicorn-20990.exe
784	Unicorn-55421.exe
576	Unicorn-43989.exe
2972	Unicorn-38922.exe
2340	Unicorn-2440.exe
2108	Unicorn-61921.exe
1040	Unicorn-13343.exe
752	Unicorn-17797.exe
1720	Unicorn-57210.exe
2156	Unicorn-1055.exe
1544	Unicorn-19873.exe
1300	Unicorn-62353.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exeUnicorn-10465.exeUnicorn-10722.exeUnicorn-55870.exeUnicorn-18497.exeUnicorn-56265.exeUnicorn-61620.exeUnicorn-36626.exe

description	pid	process	target process
PID 2412 wrote to memory of 2408	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	Unicorn-10465.exe
PID 2412 wrote to memory of 2408	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	Unicorn-10465.exe
PID 2412 wrote to memory of 2408	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	Unicorn-10465.exe
PID 2412 wrote to memory of 2408	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	Unicorn-10465.exe
PID 2408 wrote to memory of 3036	2408	Unicorn-10465.exe	Unicorn-10722.exe
PID 2408 wrote to memory of 3036	2408	Unicorn-10465.exe	Unicorn-10722.exe
PID 2408 wrote to memory of 3036	2408	Unicorn-10465.exe	Unicorn-10722.exe
PID 2408 wrote to memory of 3036	2408	Unicorn-10465.exe	Unicorn-10722.exe
PID 2412 wrote to memory of 3032	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	Unicorn-55870.exe
PID 2412 wrote to memory of 3032	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	Unicorn-55870.exe
PID 2412 wrote to memory of 3032	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	Unicorn-55870.exe
PID 2412 wrote to memory of 3032	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	Unicorn-55870.exe
PID 2412 wrote to memory of 2276	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	WerFault.exe
PID 2412 wrote to memory of 2276	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	WerFault.exe
PID 2412 wrote to memory of 2276	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	WerFault.exe
PID 2412 wrote to memory of 2276	2412	89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe	WerFault.exe
PID 2408 wrote to memory of 2776	2408	Unicorn-10465.exe	Unicorn-61620.exe
PID 2408 wrote to memory of 2776	2408	Unicorn-10465.exe	Unicorn-61620.exe
PID 2408 wrote to memory of 2776	2408	Unicorn-10465.exe	Unicorn-61620.exe
PID 2408 wrote to memory of 2776	2408	Unicorn-10465.exe	Unicorn-61620.exe
PID 3036 wrote to memory of 2880	3036	Unicorn-10722.exe	Unicorn-18497.exe
PID 3036 wrote to memory of 2880	3036	Unicorn-10722.exe	Unicorn-18497.exe
PID 3036 wrote to memory of 2880	3036	Unicorn-10722.exe	Unicorn-18497.exe
PID 3036 wrote to memory of 2880	3036	Unicorn-10722.exe	Unicorn-18497.exe
PID 3032 wrote to memory of 2672	3032	Unicorn-55870.exe	Unicorn-56265.exe
PID 3032 wrote to memory of 2672	3032	Unicorn-55870.exe	Unicorn-56265.exe
PID 3032 wrote to memory of 2672	3032	Unicorn-55870.exe	Unicorn-56265.exe
PID 3032 wrote to memory of 2672	3032	Unicorn-55870.exe	Unicorn-56265.exe
PID 2408 wrote to memory of 2960	2408	Unicorn-10465.exe	WerFault.exe
PID 2408 wrote to memory of 2960	2408	Unicorn-10465.exe	WerFault.exe
PID 2408 wrote to memory of 2960	2408	Unicorn-10465.exe	WerFault.exe
PID 2408 wrote to memory of 2960	2408	Unicorn-10465.exe	WerFault.exe
PID 2880 wrote to memory of 296	2880	Unicorn-18497.exe	Unicorn-36626.exe
PID 2880 wrote to memory of 296	2880	Unicorn-18497.exe	Unicorn-36626.exe
PID 2880 wrote to memory of 296	2880	Unicorn-18497.exe	Unicorn-36626.exe
PID 2880 wrote to memory of 296	2880	Unicorn-18497.exe	Unicorn-36626.exe
PID 3036 wrote to memory of 2824	3036	Unicorn-10722.exe	Unicorn-42219.exe
PID 3036 wrote to memory of 2824	3036	Unicorn-10722.exe	Unicorn-42219.exe
PID 3036 wrote to memory of 2824	3036	Unicorn-10722.exe	Unicorn-42219.exe
PID 3036 wrote to memory of 2824	3036	Unicorn-10722.exe	Unicorn-42219.exe
PID 2672 wrote to memory of 1708	2672	Unicorn-56265.exe	Unicorn-24338.exe
PID 2672 wrote to memory of 1708	2672	Unicorn-56265.exe	Unicorn-24338.exe
PID 2672 wrote to memory of 1708	2672	Unicorn-56265.exe	Unicorn-24338.exe
PID 2672 wrote to memory of 1708	2672	Unicorn-56265.exe	Unicorn-24338.exe
PID 2776 wrote to memory of 392	2776	Unicorn-61620.exe	Unicorn-24338.exe
PID 2776 wrote to memory of 392	2776	Unicorn-61620.exe	Unicorn-24338.exe
PID 2776 wrote to memory of 392	2776	Unicorn-61620.exe	Unicorn-24338.exe
PID 2776 wrote to memory of 392	2776	Unicorn-61620.exe	Unicorn-24338.exe
PID 3032 wrote to memory of 1972	3032	Unicorn-55870.exe	Unicorn-27383.exe
PID 3032 wrote to memory of 1972	3032	Unicorn-55870.exe	Unicorn-27383.exe
PID 3032 wrote to memory of 1972	3032	Unicorn-55870.exe	Unicorn-27383.exe
PID 3032 wrote to memory of 1972	3032	Unicorn-55870.exe	Unicorn-27383.exe
PID 3036 wrote to memory of 2392	3036	Unicorn-10722.exe	WerFault.exe
PID 3036 wrote to memory of 2392	3036	Unicorn-10722.exe	WerFault.exe
PID 3036 wrote to memory of 2392	3036	Unicorn-10722.exe	WerFault.exe
PID 3036 wrote to memory of 2392	3036	Unicorn-10722.exe	WerFault.exe
PID 3032 wrote to memory of 1552	3032	Unicorn-55870.exe	WerFault.exe
PID 3032 wrote to memory of 1552	3032	Unicorn-55870.exe	WerFault.exe
PID 3032 wrote to memory of 1552	3032	Unicorn-55870.exe	WerFault.exe
PID 3032 wrote to memory of 1552	3032	Unicorn-55870.exe	WerFault.exe
PID 296 wrote to memory of 624	296	Unicorn-36626.exe	Unicorn-64480.exe
PID 296 wrote to memory of 624	296	Unicorn-36626.exe	Unicorn-64480.exe
PID 296 wrote to memory of 624	296	Unicorn-36626.exe	Unicorn-64480.exe
PID 296 wrote to memory of 624	296	Unicorn-36626.exe	Unicorn-64480.exe

C:\Users\Admin\AppData\Local\Temp\89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe
"C:\Users\Admin\AppData\Local\Temp\89c1bb68cb026970c83e4c9b1e941a7b2363e9398fc4e2082a4ce11030eec051.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
10⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
11⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
12⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
13⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
14⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
15⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
15⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
14⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
13⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
12⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
11⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
10⤵
- Program crash
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
9⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
10⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
11⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
12⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 220
13⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
12⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
11⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
10⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
9⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
9⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
10⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
11⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
12⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
13⤵
PID:11404

C:\Users\Admin\AppData\Local\Temp\Unicorn-18061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18061.exe
14⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 236
13⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
12⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
11⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
10⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
9⤵
- Program crash
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 220
8⤵
- Program crash
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
10⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
11⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
12⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
13⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
12⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
11⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
10⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-2107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2107.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
10⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
11⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
12⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
11⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
10⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
9⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 220
8⤵
- Program crash
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
7⤵
- Program crash
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-50193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50193.exe
9⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
10⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
11⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
12⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
13⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
14⤵
PID:11496

C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
15⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 236
14⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
13⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
12⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
11⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
10⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-58538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58538.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
10⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-46964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46964.exe
11⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
12⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
13⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 236
13⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
12⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
11⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
10⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
9⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
8⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
9⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56112.exe
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
11⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
12⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
13⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 220
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
12⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
11⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
10⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 236
9⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
8⤵
- Program crash
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
8⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
10⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
11⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe
12⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
13⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
13⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
12⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
11⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
10⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-55299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55299.exe
8⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
10⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
11⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
12⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 216
12⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
11⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 236
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
9⤵
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
8⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
7⤵
- Program crash
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
6⤵
- Program crash
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-8325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8325.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
9⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
10⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
11⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
12⤵
PID:7364

C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
13⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
14⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
14⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
13⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
12⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
11⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
10⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
10⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-24071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24071.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-50108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50108.exe
12⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
13⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
13⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
12⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 216
11⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
10⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
8⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-50665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50665.exe
10⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
12⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
13⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
13⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 236
12⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
11⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
9⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 220
8⤵
- Program crash
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
8⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
10⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-42455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42455.exe
11⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-46139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46139.exe
12⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
13⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11100 -s 216
13⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
12⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 216
9⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 216
8⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
7⤵
- Program crash
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
8⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
10⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
11⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
12⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
13⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 216
13⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
12⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
11⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
10⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
10⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
11⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
12⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 204
12⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
11⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
10⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
8⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
7⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-62679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62679.exe
10⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
11⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
12⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
12⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 236
11⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 236
10⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
9⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
8⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
7⤵
- Program crash
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 220
6⤵
- Program crash
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-17297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17297.exe
8⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
9⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
10⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
11⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-35963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35963.exe
12⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
13⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
14⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 216
14⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
13⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
12⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
11⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 236
10⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
9⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
8⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
10⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
11⤵
PID:8476

C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
12⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
11⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 220
8⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
7⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
8⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
10⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
11⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 188
12⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
11⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 216
9⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
8⤵
- Program crash
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 220
7⤵
- Program crash
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-38285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38285.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
7⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
8⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
10⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
11⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
12⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
13⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 236
13⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
12⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
11⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
10⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-18920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18920.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-6649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6649.exe
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
10⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-46728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46728.exe
11⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
11⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
10⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 220
8⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
7⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
9⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
10⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
11⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
12⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
12⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 236
11⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 236
10⤵
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
8⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
7⤵
- Program crash
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
6⤵
- Program crash
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
7⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
8⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
10⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe
11⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
11⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
9⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
8⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
7⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57352.exe
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
10⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
11⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
10⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
9⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
8⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
7⤵
- Program crash
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-50680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50680.exe
6⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-4349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4349.exe
7⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-25632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25632.exe
8⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
9⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
10⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
10⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
9⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
8⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
7⤵
- Program crash
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
6⤵
- Program crash
PID:2420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
5⤵
- Program crash
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-52408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52408.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
9⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
10⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
11⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
12⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
13⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-6611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6611.exe
14⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 216
14⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
13⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 236
12⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
11⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
10⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
10⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-50567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50567.exe
11⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
12⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
13⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10460 -s 216
13⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 236
12⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
11⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
9⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
8⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
10⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-64294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64294.exe
11⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
12⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-51422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51422.exe
13⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 236
13⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
12⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
11⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
10⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
9⤵
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
8⤵
- Program crash
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
8⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
11⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
12⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
13⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 220
13⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
12⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
11⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
10⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
10⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
11⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
12⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
12⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
11⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
9⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
8⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
7⤵
- Program crash
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
7⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
10⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
11⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
12⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
12⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
11⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
10⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
8⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
7⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
6⤵
- Program crash
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
8⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-36435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36435.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
11⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
12⤵
PID:12016

C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
13⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12016 -s 216
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 236
12⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
11⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
10⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
8⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
7⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-64302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64302.exe
9⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
10⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
11⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
12⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 216
12⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 220
11⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
10⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
8⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
7⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
6⤵
- Executes dropped EXE
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
7⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
8⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
9⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-39342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39342.exe
10⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
11⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
10⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 216
8⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
7⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
6⤵
- Program crash
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 240
5⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
7⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
10⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
11⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
12⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
11⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
10⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
9⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
8⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
7⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
8⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
9⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
10⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 236
10⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
9⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
8⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
7⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
6⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
7⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
8⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-28658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28658.exe
9⤵
PID:8812

C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
10⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
9⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
8⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
7⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
6⤵
- Program crash
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
5⤵
- Program crash
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-25517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25517.exe
8⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
9⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
10⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
11⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
12⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
13⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
13⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
12⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
11⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 216
10⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
9⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
8⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
10⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
11⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
12⤵
PID:10164

C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
13⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 236
13⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
12⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
11⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 216
9⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
8⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
7⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
8⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-35615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35615.exe
11⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
12⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
11⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
10⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
9⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
8⤵
- Program crash
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 220
7⤵
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
7⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
8⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
9⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42455.exe
11⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
12⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
13⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 220
13⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
12⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
11⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
10⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
9⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
8⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-58943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58943.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
10⤵
PID:7192

C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
11⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
12⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
12⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 216
11⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
10⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
9⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 220
7⤵
- Program crash
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 220
6⤵
- Program crash
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
7⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
10⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
11⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
12⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 236
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
11⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 236
10⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
8⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
7⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
8⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
9⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
10⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
11⤵
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
11⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
10⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
9⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
8⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
7⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
6⤵
- Program crash
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
5⤵
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-38462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38462.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
8⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-4476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4476.exe
11⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
12⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
13⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
13⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 204
12⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
11⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 236
9⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
9⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
10⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
11⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
12⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
11⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
10⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
8⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
7⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
9⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
10⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
11⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
12⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 216
12⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 236
11⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
10⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
9⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
8⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
7⤵
- Program crash
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
6⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
7⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
10⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
11⤵
PID:11888

C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
11⤵
PID:11672

C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
12⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 220
11⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
10⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
9⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
8⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 216
7⤵
- Program crash
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
6⤵
- Program crash
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
6⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
7⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
9⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
10⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
11⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
12⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 216
12⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
11⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
10⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
9⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
8⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
7⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-10560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10560.exe
6⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
7⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
8⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
9⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
10⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
10⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
9⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
8⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
7⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
6⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
5⤵
- Program crash
PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
7⤵
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
11⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
12⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
12⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
9⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 236
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
7⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-58663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58663.exe
9⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
10⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
11⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
11⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
10⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
9⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
8⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
7⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
6⤵
- Program crash
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-38285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38285.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
6⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-8828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8828.exe
7⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
9⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
10⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
11⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
11⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
10⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
9⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
8⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
7⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
6⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
7⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-10745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10745.exe
8⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
9⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
10⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
10⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
9⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
8⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
7⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
6⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 220
5⤵
- Program crash
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
6⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
8⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
10⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-24002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24002.exe
11⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
11⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
10⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
9⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
8⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
7⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
6⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
7⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
8⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
9⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
10⤵
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 236
10⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
9⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 236
8⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
6⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
5⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
6⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
7⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
8⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
9⤵
PID:8216

C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
10⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 216
10⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
9⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
8⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
7⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
6⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
7⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
8⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
9⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
10⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
10⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 236
9⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
8⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
7⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 220
5⤵
- Program crash
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
4⤵
- Program crash
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
2⤵
- Program crash
PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe

Filesize
184KB

MD5
09b9990d6da5f28b8534f8af3f80a8ff

SHA1
f4b3beeae9d4659ebc77195af80f57722d2a8a9a

SHA256
df6d3171f44a2455d5097dfb65c9f5c492cf354a66f3687bdd45637bd0535e15

SHA512
a6b4326af678f922d3583ca118ccf3cee95ad2c249c3fdc9cd4c95b1865a957fe85e0ffef0686179dbba250d0794322a5c9d27173a2d53430873f1388a1ff61e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe

Filesize
184KB

MD5
856c34e7921a4b1f05c1f86e1a3b8034

SHA1
42737ba1df2974c1e3e51b45969e32d18844c75c

SHA256
62075ef1e6403a5509c81bc02283ee635d4436b8fe7394823f637f804aa0ab76

SHA512
4f32b124c73f22e0f9f5a8f921137d14ed838b2adafbf8cf011ca0a4fb827ee85c1a56571be525e304e3ee7af600eb08379be4873c2bb6de1601d147900c478f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe

Filesize
184KB

MD5
c0c3dd70023e83bbf407176776d81573

SHA1
45ae38ea212da512a2b19f7d39524bbdff6ffc72

SHA256
ed18170a20cf1d41b31b1823b0873cbfe71c82993cb2a368c4391dd1d3ea9d09

SHA512
87197847b3bc00411be10dbb610ed3be7d2025541407652a96ad4a9b0051441ea850e2327f12ac9ceef7936424c8a771769514d1aa7373bec2359af4c89a4c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe

Filesize
184KB

MD5
679ae4edfeb20f1a330de71f7f7f0b98

SHA1
62c070c6c66c0db9d8c87fb8dacc3553e68b156f

SHA256
5b9c634729444bf3cfde3b311888fd0a514ebf31460df8ff041499e25179344a

SHA512
a40bed02fa84c024644148e22736f3dd8986b0dd08263637958605d96d512e3fa2e8c3cbc540cc402a2e8317e4d305e2a021e220e5981bce6de8ff660452d352

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe

Filesize
184KB

MD5
1d06632fcad1e838f03cab90294b9f2a

SHA1
77fd54f1fbedb9589d0b7a7b1ccc521cef5e9966

SHA256
e8c72830bfef308753c7b13186ffe6508c0b8971449d2fd579fd314d254e1eb2

SHA512
f464720462460d8e1876139322becc92c94be19f9b543048410339ce74d39f33a56af6cd5d171b48db2fa85683088008f8a6799fdebf51fa4a6c2611147617e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe

Filesize
184KB

MD5
a626a69643e33922e1b3495f24013659

SHA1
2d9ddc170d92ba256c192f7a383b48b53c15aca2

SHA256
f971b70ae64ac30e7247877ff40b75e393572bc218bd0f0c5176178aab455362

SHA512
493410a0fe5c74cad4863e3543be56f50c0535f5a9a0fda7f7641083ab751daf3f23e8d193e1a33ca1743690a40bc9e778464f0ac9341c7a5449d8738a4cd130

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe

Filesize
184KB

MD5
4e55d6f5415764b0ca5eb32f468b6aa9

SHA1
7db4feec7b70a40e97739b1d55440ef1499f48e1

SHA256
0008d2521ec15c40b5eac2cd2247fb06650a5d5ccef564854d4e305c54579544

SHA512
412edd4bdd44dc7bc4eab5f30c49dd232f85eeff8ac00d75d8c810e890a69a56469e421ef845402d8e8aa0c8fe2e86cd3222ab5bb6796120cafc4ffed399acfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe

Filesize
184KB

MD5
bf78eb1b4119e22bc9dd884cdb6190a2

SHA1
7cba3b8649361febd5e2669fdee5aed78841f227

SHA256
ff358b978fbdc2191c61c19849333fd8ab8ab04a2d06062281ed2e466bd6e258

SHA512
638ec9ffdde687d0b6ceaa131d7ed36903b6ba591c051a3049b464c9fb6ee2d36c51c5581ecc35fc7dc4fb3c8f9dfc8d3f0e953d2c43394a1c52c279261856c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe

Filesize
184KB

MD5
933933bad3b568aa7b14a6e287d296ed

SHA1
68e44049ca2b96315df840d85050198c0a1a8801

SHA256
abf30d8873262bc2901093b26609c49d648d89b1583566021ce82383d365147e

SHA512
af86c6494245a8d78cbde1715a73c6da43b3b7ecd409fea5b0c6e92eabbba3c3c66dc324c44f23d4344206262d3edf633e0734d8e673be7a4d5619fdff5f16df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe

Filesize
184KB

MD5
cd7d830c02880c274027b1fc5a379934

SHA1
ea0e1dfa364171595dd4a92c41d6c8ef3f0a9c92

SHA256
9fd08ee2bea51a1a80dd39d3c62d25e785445bfd47f09a1b7a380e199f4b0db2

SHA512
441e5a5ce7c367f67c5b4dc4639e006edc1c175a6f68729a10571ee18e0d9cd7dfe95f3dd6150c4045cc6039e7261e866c40928a2035c3a6951e4d7a0203ff97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe

Filesize
184KB

MD5
753f7e391083fe47e9bdd6e911736a8c

SHA1
d73176534ece0a59951fd824d00a87fd20a4cb56

SHA256
9cd22241d70f68f5674075ff1e116417aefa514b0390feac72af79815c46f672

SHA512
36653aadcd1faae67af8bcdf0bb71c0c80402fa07d6d8d79f0b2e2c755a7c5891b802661f79dfa27a4bba6b13d8f8f389d5199826f6bf3809312b2b03993e176

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe

Filesize
184KB

MD5
e3725085d035d9c0f5e106e85cc9f9fa

SHA1
b5a9a19297464697942ebc77f523b0fa755e4a37

SHA256
6d4be2ae96b75f79ba3e335b5e975d0c23184484d463d6f6c77f61f9cfd33d36

SHA512
2f6df9dd4a02a195416d7ccd00c79fc2befb51dacd69e6537a64f6dbb0e84d0d1b2261b3b4a8a700bc02464e081cf740aca25e13ba1d22b5affcf8f0b4f033cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe

Filesize
184KB

MD5
adffa426457ae171d37f10b390f11fa2

SHA1
58f61a4a8c015b184da0b2c903b5f7d92bd2a83e

SHA256
2fec044e717da0a7b3b181197c73eb31a73d683ea7be2feda125a2114242f5c3

SHA512
64a0058d440f0e6c008921884c22f95ca2e5f402ed3554639f2fd9ed03b356b8d497ee3d106943e7ed7e543454442e58ad32ec7a7632131e2dc2ad586535b37d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe

Filesize
184KB

MD5
b023cd74d4c69f620d1dff4c6d430b59

SHA1
dbfd0fdb69786fd8e8285cf7c8247a266c386280

SHA256
ff2098f40be1f47fe5f4047b1c27c80929893696200d428827a4a17573a5af58

SHA512
e4658c7e6d7c092c141b84b7d6682efc0c9c68ccbad3b2aa08eb078621219100f9083e9d2fabb48f06a5cd626671f7e100a476e8d346dc7246c8427f7d167644

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe

Filesize
184KB

MD5
5bd215c21b70f55ee3d28a05ba883637

SHA1
628b8f25e939194ba39b67e3a1941675b5e1397a

SHA256
642ff6ae9f384ada3182a69f2ef88537fa07003fb9d1da4022fe2fa0276e1435

SHA512
0aadf3c80ea549d89db0e40d3ab9787b3d0519d474d227470b30d5fee976366bf78871f1067356aa02ba0abbf3420cebbfe54914db3cce1438ffcf2ded37c715

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe

Filesize
184KB

MD5
2d44b42acd1bd92d3241a75297bbdff8

SHA1
b0feb5fbd3b5f69177f599c8742a90d21a2c4ee2

SHA256
fe4e005b6388332e94c9778e80dbd0c4235c7ed6c018d9d1355c6edd52a3fb6b

SHA512
2e04b974d715f38569d0b88942097e778b8b1a4a89d64ef5381ce3728144e752d67fab12b81d8541107607170c9c7079d7dc8aed3c4d8c001150a5e669ace5bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe

Filesize
184KB

MD5
86ab8885dd5743da8af801d1f6b1208d

SHA1
03d8818d448519d91ed434df4f6ae5b4b0c19568

SHA256
833d95acc54b468e237a7c30f6147fac15ce2eeafaf512e9e896b330646d258c

SHA512
c15f2698ae903aa58d04e9517466eeca5f2f2f5afdfb5dfac27c5bb676b710b45a6d5115d88e37776735a657a0100d0e57d979e4445039936ad5e778c1f8a4ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe

Filesize
184KB

MD5
18d8766bd98f7eed31098e949f0bc515

SHA1
c1eee8b4b12b94b376c89d4431cd8df3ad5bac9c

SHA256
c6960080d2d507c66cf6e21db36c3bd3e857debe2ac7a4df882b6d465e782637

SHA512
232ad79a72d60e92b4ae18d986fe89f149aa7187d4c4a5d3067228ea297ad27eae5296e1e1107da76f1cf46c05a229e77b8ee8a23f137e8954070b894a83907e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe

Filesize
184KB

MD5
66d4c045199d8328b147a03648eddc8f

SHA1
c1b2a90c42bec3df85903e273929815d4db3848d

SHA256
9bcf6ec405d03c74c1443eddc117ccc205c16935c9cb0933a5058cf54233ed1c

SHA512
916843343809dc32d0b7f9ce0f838725730650fc9d424daaf2960b4ae951305e220547b8c06d1113f0260e06eff3deef674fd74d7d0b36dd2121f807419a43c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe

Filesize
184KB

MD5
00754af854e757f820b1873fb492f470

SHA1
af210e7ed96306f713886bc749c20982c3589e02

SHA256
389ef895bb7ed0fd7637d781fa903c21c3ee7a145142d2893c446865ed4483a2

SHA512
950cd340cef283ce8da80215f0051c444eb0ec31a38fab783342015ee504969bdfde2122e6c283e976b9aded5ceecc3fc5df9bf085334e31d4564cca4061873c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8325.exe

Filesize
184KB

MD5
f0d093813e9757e4e20a3e3fa7eb44f7

SHA1
df54e8a5e6317f06e49b3ba1a64e1b37f3ba1516

SHA256
d582723616a04e31fcdd108b91108ae6abff5b2e60b20abb96ab3e917d761a76

SHA512
e562f9cab6a19394c768799b4d0a0cacb2389b88b8a8d65d5e80e517ae0855130610be8a28ac3fd3441ce58a6a30e8718c00f931d070a28af42553fdf39f39ad

Download Submit