ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
Size

184KB
MD5

e6a6990c73e5a3753e81bb7f4e4f13fc
SHA1

8c40e325bd853447d3200a877fbf62253a638988
SHA256

ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84
SHA512

745d5ed8e10b83a642eb0d9b0c89afc983dfd9d8d526e106d9886dfa0d430572043f942cdd67f4099473264b73ec2f02acfcd7f7de400c0eef5bc90967e29678
SSDEEP

1536:JBZ66NZ5uBc8o5x1XR4p4awMWM9yvZc8hmddE8cR2VQntnhlthj5nizpvN:730Bc8ofJR4ZdWaWe08cRttnhl7ViF1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

TempÁUnicorn-62961.exeLocalÁUnicorn-25754.exeTempÁUnicorn-5888.exeLocalÁUnicorn-49446.exeAppDataÁUnicorn-3774.exeLocalÁUnicorn-54236.exeAdminÁUnicorn-12752.exeAppDataÁUnicorn-62830.exeAppDataÁUnicorn-42964.exeLocalÁUnicorn-10676.exeAppDataÁUnicorn-30542.exeUsersÁUnicorn-51235.exeAdminÁUnicorn-49159.exeAdminÁUnicorn-52195.exeAppDataÁUnicorn-16870.exeAdminÁUnicorn-39066.exeAppDataÁUnicorn-19523.exeAppDataÁUnicorn-65194.exeÁUnicorn-44562.exeUsersÁUnicorn-40347.exeUsersÁUnicorn-44754.exeAdminÁUnicorn-7867.exeUsersÁUnicorn-51765.exeAdminÁUnicorn-16440.exeAdminÁUnicorn-55356.exeAppDataÁUnicorn-32667.exeAdminÁUnicorn-52533.exeAdminÁUnicorn-55548.exeUsersÁUnicorn-52725.exeAdminÁUnicorn-65532.exeÁUnicorn-52279.exeÁUnicorn-52471.exeUsersÁUnicorn-10260.exeÁUnicorn-10966.exeÁUnicorn-23965.exeUsersÁUnicorn-44023.exeÁUnicorn-44023.exeUsersÁUnicorn-9082.exeUsersÁUnicorn-30894.exeUsersÁUnicorn-64334.exeAdminÁUnicorn-8916.exeAdminÁUnicorn-55294.exeUsersÁUnicorn-62030.exeAdminÁUnicorn-22621.exeAdminÁUnicorn-62222.exeÁUnicorn-45009.exeUsersÁUnicorn-9684.exeÁUnicorn-36486.exeÁUnicorn-65136.exeUsersÁUnicorn-367.exeÁUnicorn-4223.exeÁUnicorn-4223.exeÁUnicorn-37280.exeÁUnicorn-31311.exeÁUnicorn-31311.exeÁUnicorn-57923.exeÁUnicorn-57923.exeÁUnicorn-58115.exeUsersÁUnicorn-2697.exeÁUnicorn-2697.exeÁUnicorn-41914.exeÁUnicorn-22755.exeUsersÁUnicorn-9625.exeÁUnicorn-55619.exe

pid	process
2748	TempÁUnicorn-62961.exe
2640	LocalÁUnicorn-25754.exe
2632	TempÁUnicorn-5888.exe
2448	LocalÁUnicorn-49446.exe
2664	AppDataÁUnicorn-3774.exe
2452	LocalÁUnicorn-54236.exe
2700	AdminÁUnicorn-12752.exe
2760	AppDataÁUnicorn-62830.exe
2792	AppDataÁUnicorn-42964.exe
2140	LocalÁUnicorn-10676.exe
1812	AppDataÁUnicorn-30542.exe
2232	UsersÁUnicorn-51235.exe
3040	AdminÁUnicorn-49159.exe
2832	AdminÁUnicorn-52195.exe
2240	AppDataÁUnicorn-16870.exe
596	AdminÁUnicorn-39066.exe
1412	AppDataÁUnicorn-19523.exe
592	AppDataÁUnicorn-65194.exe
3048	ÁUnicorn-44562.exe
1152	UsersÁUnicorn-40347.exe
1212	UsersÁUnicorn-44754.exe
756	AdminÁUnicorn-7867.exe
1924	UsersÁUnicorn-51765.exe
936	AdminÁUnicorn-16440.exe
3012	AdminÁUnicorn-55356.exe
860	AppDataÁUnicorn-32667.exe
2004	AdminÁUnicorn-52533.exe
1664	AdminÁUnicorn-55548.exe
1216	UsersÁUnicorn-52725.exe
1272	AdminÁUnicorn-65532.exe
2544	ÁUnicorn-52279.exe
2548	ÁUnicorn-52471.exe
2328	UsersÁUnicorn-10260.exe
2424	ÁUnicorn-10966.exe
1496	ÁUnicorn-23965.exe
2956	UsersÁUnicorn-44023.exe
2492	ÁUnicorn-44023.exe
2020	UsersÁUnicorn-9082.exe
1720	UsersÁUnicorn-30894.exe
1188	UsersÁUnicorn-64334.exe
2508	AdminÁUnicorn-8916.exe
2912	AdminÁUnicorn-55294.exe
308	UsersÁUnicorn-62030.exe
1204	AdminÁUnicorn-22621.exe
828	AdminÁUnicorn-62222.exe
2360	ÁUnicorn-45009.exe
2092	UsersÁUnicorn-9684.exe
1740	ÁUnicorn-36486.exe
3036	ÁUnicorn-65136.exe
1256	UsersÁUnicorn-367.exe
3068	ÁUnicorn-4223.exe
1688	ÁUnicorn-4223.exe
2272	ÁUnicorn-37280.exe
2980	ÁUnicorn-31311.exe
1724	ÁUnicorn-31311.exe
2856	ÁUnicorn-57923.exe
2860	ÁUnicorn-57923.exe
2376	ÁUnicorn-58115.exe
1512	UsersÁUnicorn-2697.exe
2248	ÁUnicorn-2697.exe
2808	ÁUnicorn-41914.exe
2568	ÁUnicorn-22755.exe
2540	UsersÁUnicorn-9625.exe
2732	ÁUnicorn-55619.exe

Loads dropped DLL 64 IoCs

Processes:

ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exeTempÁUnicorn-62961.exeLocalÁUnicorn-25754.exeTempÁUnicorn-5888.exeWerFault.exeAppDataÁUnicorn-3774.exeLocalÁUnicorn-49446.exeLocalÁUnicorn-54236.exeWerFault.exeWerFault.exeAppDataÁUnicorn-30542.exeAppDataÁUnicorn-62830.exeLocalÁUnicorn-10676.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
2748	TempÁUnicorn-62961.exe
2748	TempÁUnicorn-62961.exe
2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
2748	TempÁUnicorn-62961.exe
2748	TempÁUnicorn-62961.exe
2640	LocalÁUnicorn-25754.exe
2632	TempÁUnicorn-5888.exe
2640	LocalÁUnicorn-25754.exe
2632	TempÁUnicorn-5888.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
2664	AppDataÁUnicorn-3774.exe
2448	LocalÁUnicorn-49446.exe
2640	LocalÁUnicorn-25754.exe
2664	AppDataÁUnicorn-3774.exe
2448	LocalÁUnicorn-49446.exe
2640	LocalÁUnicorn-25754.exe
2632	TempÁUnicorn-5888.exe
2632	TempÁUnicorn-5888.exe
2452	LocalÁUnicorn-54236.exe
2452	LocalÁUnicorn-54236.exe
2480	WerFault.exe
2480	WerFault.exe
2480	WerFault.exe
2480	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2480	WerFault.exe
2664	AppDataÁUnicorn-3774.exe
2664	AppDataÁUnicorn-3774.exe
1812	AppDataÁUnicorn-30542.exe
1812	AppDataÁUnicorn-30542.exe
2452	LocalÁUnicorn-54236.exe
2760	AppDataÁUnicorn-62830.exe
2452	LocalÁUnicorn-54236.exe
2760	AppDataÁUnicorn-62830.exe
2140	LocalÁUnicorn-10676.exe
2448	LocalÁUnicorn-49446.exe
2448	LocalÁUnicorn-49446.exe
2140	LocalÁUnicorn-10676.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2720	2324	WerFault.exe	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
1964	2748	WerFault.exe	TempÁUnicorn-62961.exe
2480	2640	WerFault.exe	LocalÁUnicorn-25754.exe
2460	2632	WerFault.exe	TempÁUnicorn-5888.exe
1444	2664	WerFault.exe	AppDataÁUnicorn-3774.exe
2344	2448	WerFault.exe	LocalÁUnicorn-49446.exe
1736	2452	WerFault.exe	LocalÁUnicorn-54236.exe
1544	2700	WerFault.exe	AdminÁUnicorn-12752.exe
1560	1812	WerFault.exe	AppDataÁUnicorn-30542.exe
2120	2760	WerFault.exe	AppDataÁUnicorn-62830.exe
1880	2792	WerFault.exe	AppDataÁUnicorn-42964.exe
1888	2140	WerFault.exe	LocalÁUnicorn-10676.exe
704	2232	WerFault.exe	UsersÁUnicorn-51235.exe
2828	3040	WerFault.exe	AdminÁUnicorn-49159.exe
1572	2832	WerFault.exe	AdminÁUnicorn-52195.exe
1800	1412	WerFault.exe	AppDataÁUnicorn-19523.exe
1136	2240	WerFault.exe	AppDataÁUnicorn-16870.exe
1476	592	WerFault.exe	AppDataÁUnicorn-65194.exe
1520	596	WerFault.exe	AdminÁUnicorn-39066.exe
1716	1152	WerFault.exe	UsersÁUnicorn-40347.exe
1904	1212	WerFault.exe	UsersÁUnicorn-44754.exe
868	3048	WerFault.exe	ÁUnicorn-44562.exe
1004	756	WerFault.exe	AdminÁUnicorn-7867.exe
2184	1924	WerFault.exe	UsersÁUnicorn-51765.exe
2800	936	WerFault.exe	AdminÁUnicorn-16440.exe
2580	1664	WerFault.exe	AdminÁUnicorn-55548.exe
2576	3012	WerFault.exe	AdminÁUnicorn-55356.exe
2620	2004	WerFault.exe	AdminÁUnicorn-52533.exe
2476	860	WerFault.exe	AppDataÁUnicorn-32667.exe
2764	1272	WerFault.exe	AdminÁUnicorn-65532.exe
2484	1216	WerFault.exe	UsersÁUnicorn-52725.exe
3412	2544	WerFault.exe	ÁUnicorn-52279.exe
3516	2548	WerFault.exe	ÁUnicorn-52471.exe
3508	2328	WerFault.exe	UsersÁUnicorn-10260.exe
3500	2424	WerFault.exe	ÁUnicorn-10966.exe
3584	2492	WerFault.exe	ÁUnicorn-44023.exe
3592	1188	WerFault.exe	UsersÁUnicorn-64334.exe
3616	2020	WerFault.exe	UsersÁUnicorn-9082.exe
3624	1496	WerFault.exe	ÁUnicorn-23965.exe
3664	1720	WerFault.exe	UsersÁUnicorn-30894.exe
3672	1204	WerFault.exe	AdminÁUnicorn-22621.exe
3696	2912	WerFault.exe	AdminÁUnicorn-55294.exe
3716	828	WerFault.exe	AdminÁUnicorn-62222.exe
3708	2956	WerFault.exe	UsersÁUnicorn-44023.exe
3848	2508	WerFault.exe	AdminÁUnicorn-8916.exe
3928	1704	WerFault.exe	ÁUnicorn-65365.exe
3368	1740	WerFault.exe	ÁUnicorn-36486.exe
3112	2092	WerFault.exe	UsersÁUnicorn-9684.exe
3968	2264	WerFault.exe	UsersÁUnicorn-45009.exe
4032	2360	WerFault.exe	ÁUnicorn-45009.exe
4020	308	WerFault.exe	UsersÁUnicorn-62030.exe
1796	288	WerFault.exe	UsersÁUnicorn-56065.exe
3252	2376	WerFault.exe	ÁUnicorn-58115.exe
3260	2540	WerFault.exe	UsersÁUnicorn-9625.exe
3540	2616	WerFault.exe	UsersÁUnicorn-55811.exe
3804	2016	WerFault.exe	ÁUnicorn-23523.exe
3760	1360	WerFault.exe	UsersÁUnicorn-42682.exe
4160	1588	WerFault.exe	ÁUnicorn-23523.exe
4380	1244	WerFault.exe	ÁUnicorn-36521.exe
4436	2372	WerFault.exe	UsersÁUnicorn-36521.exe
4532	3028	WerFault.exe	ÁUnicorn-33269.exe
4552	3036	WerFault.exe	ÁUnicorn-65136.exe
4560	2384	WerFault.exe	ÁUnicorn-33077.exe
4676	1688	WerFault.exe	ÁUnicorn-4223.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exeTempÁUnicorn-62961.exeTempÁUnicorn-5888.exeLocalÁUnicorn-25754.exeLocalÁUnicorn-49446.exeAppDataÁUnicorn-3774.exeLocalÁUnicorn-54236.exeAdminÁUnicorn-12752.exeAppDataÁUnicorn-62830.exeAppDataÁUnicorn-42964.exeLocalÁUnicorn-10676.exeAppDataÁUnicorn-30542.exeUsersÁUnicorn-51235.exeAdminÁUnicorn-49159.exeAdminÁUnicorn-52195.exeAppDataÁUnicorn-16870.exeAppDataÁUnicorn-19523.exeAdminÁUnicorn-39066.exeAppDataÁUnicorn-65194.exeUsersÁUnicorn-40347.exeUsersÁUnicorn-44754.exeÁUnicorn-44562.exeAdminÁUnicorn-7867.exeAdminÁUnicorn-16440.exeUsersÁUnicorn-51765.exeAdminÁUnicorn-55356.exeAppDataÁUnicorn-32667.exeAdminÁUnicorn-52533.exeAdminÁUnicorn-55548.exeUsersÁUnicorn-52725.exeÁUnicorn-52279.exeÁUnicorn-52471.exeUsersÁUnicorn-10260.exeÁUnicorn-10966.exeÁUnicorn-23965.exeUsersÁUnicorn-44023.exeÁUnicorn-44023.exeUsersÁUnicorn-30894.exeUsersÁUnicorn-9082.exeUsersÁUnicorn-64334.exeAdminÁUnicorn-8916.exeAdminÁUnicorn-62222.exeAdminÁUnicorn-55294.exeAdminÁUnicorn-22621.exeUsersÁUnicorn-62030.exeÁUnicorn-45009.exeUsersÁUnicorn-45009.exeUsersÁUnicorn-9684.exeÁUnicorn-36486.exeÁUnicorn-65136.exeUsersÁUnicorn-367.exeÁUnicorn-4223.exeÁUnicorn-4223.exeÁUnicorn-37280.exeÁUnicorn-31311.exeÁUnicorn-31311.exeÁUnicorn-57923.exeÁUnicorn-57923.exeÁUnicorn-58115.exeÁUnicorn-2697.exeÁUnicorn-22755.exeUsersÁUnicorn-2697.exeÁUnicorn-41914.exeUsersÁUnicorn-9625.exe

pid	process
2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
2748	TempÁUnicorn-62961.exe
2632	TempÁUnicorn-5888.exe
2640	LocalÁUnicorn-25754.exe
2448	LocalÁUnicorn-49446.exe
2664	AppDataÁUnicorn-3774.exe
2452	LocalÁUnicorn-54236.exe
2700	AdminÁUnicorn-12752.exe
2760	AppDataÁUnicorn-62830.exe
2792	AppDataÁUnicorn-42964.exe
2140	LocalÁUnicorn-10676.exe
1812	AppDataÁUnicorn-30542.exe
2232	UsersÁUnicorn-51235.exe
3040	AdminÁUnicorn-49159.exe
2832	AdminÁUnicorn-52195.exe
2240	AppDataÁUnicorn-16870.exe
1412	AppDataÁUnicorn-19523.exe
596	AdminÁUnicorn-39066.exe
592	AppDataÁUnicorn-65194.exe
1152	UsersÁUnicorn-40347.exe
1212	UsersÁUnicorn-44754.exe
3048	ÁUnicorn-44562.exe
756	AdminÁUnicorn-7867.exe
936	AdminÁUnicorn-16440.exe
1924	UsersÁUnicorn-51765.exe
3012	AdminÁUnicorn-55356.exe
860	AppDataÁUnicorn-32667.exe
2004	AdminÁUnicorn-52533.exe
1664	AdminÁUnicorn-55548.exe
1216	UsersÁUnicorn-52725.exe
2544	ÁUnicorn-52279.exe
2548	ÁUnicorn-52471.exe
2328	UsersÁUnicorn-10260.exe
2424	ÁUnicorn-10966.exe
1496	ÁUnicorn-23965.exe
2956	UsersÁUnicorn-44023.exe
2492	ÁUnicorn-44023.exe
1720	UsersÁUnicorn-30894.exe
2020	UsersÁUnicorn-9082.exe
1188	UsersÁUnicorn-64334.exe
2508	AdminÁUnicorn-8916.exe
828	AdminÁUnicorn-62222.exe
2912	AdminÁUnicorn-55294.exe
1204	AdminÁUnicorn-22621.exe
308	UsersÁUnicorn-62030.exe
2360	ÁUnicorn-45009.exe
2264	UsersÁUnicorn-45009.exe
2092	UsersÁUnicorn-9684.exe
1740	ÁUnicorn-36486.exe
3036	ÁUnicorn-65136.exe
1256	UsersÁUnicorn-367.exe
1688	ÁUnicorn-4223.exe
3068	ÁUnicorn-4223.exe
2272	ÁUnicorn-37280.exe
2980	ÁUnicorn-31311.exe
1724	ÁUnicorn-31311.exe
2860	ÁUnicorn-57923.exe
2856	ÁUnicorn-57923.exe
2376	ÁUnicorn-58115.exe
2248	ÁUnicorn-2697.exe
2568	ÁUnicorn-22755.exe
1512	UsersÁUnicorn-2697.exe
2808	ÁUnicorn-41914.exe
2540	UsersÁUnicorn-9625.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exeTempÁUnicorn-62961.exeLocalÁUnicorn-25754.exeTempÁUnicorn-5888.exeAppDataÁUnicorn-3774.exeLocalÁUnicorn-49446.exeLocalÁUnicorn-54236.exeAdminÁUnicorn-12752.exe

description	pid	process	target process
PID 2324 wrote to memory of 2748	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-62961.exe
PID 2324 wrote to memory of 2748	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-62961.exe
PID 2324 wrote to memory of 2748	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-62961.exe
PID 2324 wrote to memory of 2748	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-62961.exe
PID 2748 wrote to memory of 2640	2748	TempÁUnicorn-62961.exe	LocalÁUnicorn-25754.exe
PID 2748 wrote to memory of 2640	2748	TempÁUnicorn-62961.exe	LocalÁUnicorn-25754.exe
PID 2748 wrote to memory of 2640	2748	TempÁUnicorn-62961.exe	LocalÁUnicorn-25754.exe
PID 2748 wrote to memory of 2640	2748	TempÁUnicorn-62961.exe	LocalÁUnicorn-25754.exe
PID 2324 wrote to memory of 2632	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-5888.exe
PID 2324 wrote to memory of 2632	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-5888.exe
PID 2324 wrote to memory of 2632	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-5888.exe
PID 2324 wrote to memory of 2632	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-5888.exe
PID 2324 wrote to memory of 2720	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	WerFault.exe
PID 2324 wrote to memory of 2720	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	WerFault.exe
PID 2324 wrote to memory of 2720	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	WerFault.exe
PID 2324 wrote to memory of 2720	2324	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	WerFault.exe
PID 2748 wrote to memory of 2448	2748	TempÁUnicorn-62961.exe	LocalÁUnicorn-49446.exe
PID 2748 wrote to memory of 2448	2748	TempÁUnicorn-62961.exe	LocalÁUnicorn-49446.exe
PID 2748 wrote to memory of 2448	2748	TempÁUnicorn-62961.exe	LocalÁUnicorn-49446.exe
PID 2748 wrote to memory of 2448	2748	TempÁUnicorn-62961.exe	LocalÁUnicorn-49446.exe
PID 2640 wrote to memory of 2664	2640	LocalÁUnicorn-25754.exe	AppDataÁUnicorn-3774.exe
PID 2640 wrote to memory of 2664	2640	LocalÁUnicorn-25754.exe	AppDataÁUnicorn-3774.exe
PID 2640 wrote to memory of 2664	2640	LocalÁUnicorn-25754.exe	AppDataÁUnicorn-3774.exe
PID 2640 wrote to memory of 2664	2640	LocalÁUnicorn-25754.exe	AppDataÁUnicorn-3774.exe
PID 2632 wrote to memory of 2452	2632	TempÁUnicorn-5888.exe	LocalÁUnicorn-54236.exe
PID 2632 wrote to memory of 2452	2632	TempÁUnicorn-5888.exe	LocalÁUnicorn-54236.exe
PID 2632 wrote to memory of 2452	2632	TempÁUnicorn-5888.exe	LocalÁUnicorn-54236.exe
PID 2632 wrote to memory of 2452	2632	TempÁUnicorn-5888.exe	LocalÁUnicorn-54236.exe
PID 2748 wrote to memory of 1964	2748	TempÁUnicorn-62961.exe	WerFault.exe
PID 2748 wrote to memory of 1964	2748	TempÁUnicorn-62961.exe	WerFault.exe
PID 2748 wrote to memory of 1964	2748	TempÁUnicorn-62961.exe	WerFault.exe
PID 2748 wrote to memory of 1964	2748	TempÁUnicorn-62961.exe	WerFault.exe
PID 2664 wrote to memory of 2700	2664	AppDataÁUnicorn-3774.exe	AdminÁUnicorn-12752.exe
PID 2664 wrote to memory of 2700	2664	AppDataÁUnicorn-3774.exe	AdminÁUnicorn-12752.exe
PID 2664 wrote to memory of 2700	2664	AppDataÁUnicorn-3774.exe	AdminÁUnicorn-12752.exe
PID 2664 wrote to memory of 2700	2664	AppDataÁUnicorn-3774.exe	AdminÁUnicorn-12752.exe
PID 2448 wrote to memory of 2760	2448	LocalÁUnicorn-49446.exe	AppDataÁUnicorn-62830.exe
PID 2448 wrote to memory of 2760	2448	LocalÁUnicorn-49446.exe	AppDataÁUnicorn-62830.exe
PID 2448 wrote to memory of 2760	2448	LocalÁUnicorn-49446.exe	AppDataÁUnicorn-62830.exe
PID 2448 wrote to memory of 2760	2448	LocalÁUnicorn-49446.exe	AppDataÁUnicorn-62830.exe
PID 2640 wrote to memory of 2792	2640	LocalÁUnicorn-25754.exe	AppDataÁUnicorn-42964.exe
PID 2640 wrote to memory of 2792	2640	LocalÁUnicorn-25754.exe	AppDataÁUnicorn-42964.exe
PID 2640 wrote to memory of 2792	2640	LocalÁUnicorn-25754.exe	AppDataÁUnicorn-42964.exe
PID 2640 wrote to memory of 2792	2640	LocalÁUnicorn-25754.exe	AppDataÁUnicorn-42964.exe
PID 2632 wrote to memory of 2140	2632	TempÁUnicorn-5888.exe	LocalÁUnicorn-10676.exe
PID 2632 wrote to memory of 2140	2632	TempÁUnicorn-5888.exe	LocalÁUnicorn-10676.exe
PID 2632 wrote to memory of 2140	2632	TempÁUnicorn-5888.exe	LocalÁUnicorn-10676.exe
PID 2632 wrote to memory of 2140	2632	TempÁUnicorn-5888.exe	LocalÁUnicorn-10676.exe
PID 2452 wrote to memory of 1812	2452	LocalÁUnicorn-54236.exe	AppDataÁUnicorn-30542.exe
PID 2452 wrote to memory of 1812	2452	LocalÁUnicorn-54236.exe	AppDataÁUnicorn-30542.exe
PID 2452 wrote to memory of 1812	2452	LocalÁUnicorn-54236.exe	AppDataÁUnicorn-30542.exe
PID 2452 wrote to memory of 1812	2452	LocalÁUnicorn-54236.exe	AppDataÁUnicorn-30542.exe
PID 2640 wrote to memory of 2480	2640	LocalÁUnicorn-25754.exe	WerFault.exe
PID 2640 wrote to memory of 2480	2640	LocalÁUnicorn-25754.exe	WerFault.exe
PID 2640 wrote to memory of 2480	2640	LocalÁUnicorn-25754.exe	WerFault.exe
PID 2640 wrote to memory of 2480	2640	LocalÁUnicorn-25754.exe	WerFault.exe
PID 2632 wrote to memory of 2460	2632	TempÁUnicorn-5888.exe	WerFault.exe
PID 2632 wrote to memory of 2460	2632	TempÁUnicorn-5888.exe	WerFault.exe
PID 2632 wrote to memory of 2460	2632	TempÁUnicorn-5888.exe	WerFault.exe
PID 2632 wrote to memory of 2460	2632	TempÁUnicorn-5888.exe	WerFault.exe
PID 2700 wrote to memory of 2232	2700	AdminÁUnicorn-12752.exe	UsersÁUnicorn-51235.exe
PID 2700 wrote to memory of 2232	2700	AdminÁUnicorn-12752.exe	UsersÁUnicorn-51235.exe
PID 2700 wrote to memory of 2232	2700	AdminÁUnicorn-12752.exe	UsersÁUnicorn-51235.exe
PID 2700 wrote to memory of 2232	2700	AdminÁUnicorn-12752.exe	UsersÁUnicorn-51235.exe

C:\Users\Admin\AppData\Local\Temp\ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
"C:\Users\Admin\AppData\Local\Temp\ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2324

C:\Users\Admin\AppData\Local\TempÁUnicorn-62961.exe
C:\Users\Admin\AppData\Local\TempÁUnicorn-62961.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Users\Admin\AppData\LocalÁUnicorn-25754.exe
C:\Users\Admin\AppData\LocalÁUnicorn-25754.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppDataÁUnicorn-3774.exe
C:\Users\Admin\AppDataÁUnicorn-3774.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664

C:\Users\AdminÁUnicorn-12752.exe
C:\Users\AdminÁUnicorn-12752.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700

C:\UsersÁUnicorn-51235.exe
C:\UsersÁUnicorn-51235.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\ÁUnicorn-44562.exe
C:\ÁUnicorn-44562.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\ÁUnicorn-10966.exe
C:\ÁUnicorn-10966.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\ÁUnicorn-37280.exe
C:\ÁUnicorn-37280.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\ÁUnicorn-17426.exe
C:\ÁUnicorn-17426.exe
10⤵
PID:604

C:\ÁUnicorn-65524.exe
C:\ÁUnicorn-65524.exe
11⤵
PID:3900

C:\ÁUnicorn-29457.exe
C:\ÁUnicorn-29457.exe
12⤵
PID:4548

C:\ÁUnicorn-46990.exe
C:\ÁUnicorn-46990.exe
13⤵
PID:7904

C:\ÁUnicorn-48880.exe
C:\ÁUnicorn-48880.exe
14⤵
PID:11216

C:\ÁUnicorn-19464.exe
C:\ÁUnicorn-19464.exe
15⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
15⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
14⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
13⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
12⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 236
11⤵
PID:4972

C:\ÁUnicorn-63448.exe
C:\ÁUnicorn-63448.exe
10⤵
PID:3984

C:\ÁUnicorn-24076.exe
C:\ÁUnicorn-24076.exe
11⤵
PID:5900

C:\ÁUnicorn-44642.exe
C:\ÁUnicorn-44642.exe
12⤵
PID:8000

C:\ÁUnicorn-47493.exe
C:\ÁUnicorn-47493.exe
13⤵
PID:11504

C:\ÁUnicorn-44372.exe
C:\ÁUnicorn-44372.exe
14⤵
PID:13724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
13⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
12⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
11⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
10⤵
PID:4444

C:\ÁUnicorn-13211.exe
C:\ÁUnicorn-13211.exe
9⤵
PID:1420

C:\ÁUnicorn-205.exe
C:\ÁUnicorn-205.exe
10⤵
PID:3116

C:\ÁUnicorn-29265.exe
C:\ÁUnicorn-29265.exe
11⤵
PID:4232

C:\ÁUnicorn-55438.exe
C:\ÁUnicorn-55438.exe
12⤵
PID:7848

C:\ÁUnicorn-12614.exe
C:\ÁUnicorn-12614.exe
13⤵
PID:10536

C:\ÁUnicorn-47189.exe
C:\ÁUnicorn-47189.exe
14⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 216
14⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
13⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
12⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
11⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
10⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
9⤵
- Program crash
PID:3500

C:\ÁUnicorn-31311.exe
C:\ÁUnicorn-31311.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\ÁUnicorn-33077.exe
C:\ÁUnicorn-33077.exe
9⤵
PID:2384

C:\ÁUnicorn-51025.exe
C:\ÁUnicorn-51025.exe
10⤵
PID:4068

C:\ÁUnicorn-57770.exe
C:\ÁUnicorn-57770.exe
11⤵
PID:4652

C:\ÁUnicorn-41131.exe
C:\ÁUnicorn-41131.exe
12⤵
PID:7252

C:\ÁUnicorn-11085.exe
C:\ÁUnicorn-11085.exe
13⤵
PID:10876

C:\ÁUnicorn-22458.exe
C:\ÁUnicorn-22458.exe
14⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
14⤵
PID:13488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
13⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
12⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
11⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
10⤵
- Program crash
PID:4560

C:\ÁUnicorn-28279.exe
C:\ÁUnicorn-28279.exe
9⤵
PID:404

C:\ÁUnicorn-57324.exe
C:\ÁUnicorn-57324.exe
10⤵
PID:5924

C:\ÁUnicorn-15618.exe
C:\ÁUnicorn-15618.exe
11⤵
PID:8108

C:\ÁUnicorn-38443.exe
C:\ÁUnicorn-38443.exe
12⤵
PID:11604

C:\ÁUnicorn-12745.exe
C:\ÁUnicorn-12745.exe
13⤵
PID:13968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
12⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
11⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
9⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
8⤵
- Program crash
PID:868

C:\ÁUnicorn-23965.exe
C:\ÁUnicorn-23965.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\ÁUnicorn-22755.exe
C:\ÁUnicorn-22755.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\ÁUnicorn-54774.exe
C:\ÁUnicorn-54774.exe
9⤵
PID:3096

C:\ÁUnicorn-27855.exe
C:\ÁUnicorn-27855.exe
10⤵
PID:3548

C:\ÁUnicorn-29603.exe
C:\ÁUnicorn-29603.exe
11⤵
PID:5504

C:\ÁUnicorn-4455.exe
C:\ÁUnicorn-4455.exe
12⤵
PID:7436

C:\ÁUnicorn-12179.exe
C:\ÁUnicorn-12179.exe
13⤵
PID:11752

C:\ÁUnicorn-50384.exe
C:\ÁUnicorn-50384.exe
14⤵
PID:13832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
13⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 220
12⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
11⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
10⤵
PID:5776

C:\ÁUnicorn-58643.exe
C:\ÁUnicorn-58643.exe
9⤵
PID:3796

C:\ÁUnicorn-9607.exe
C:\ÁUnicorn-9607.exe
10⤵
PID:5384

C:\ÁUnicorn-22576.exe
C:\ÁUnicorn-22576.exe
11⤵
PID:8464

C:\ÁUnicorn-27356.exe
C:\ÁUnicorn-27356.exe
12⤵
PID:9580

C:\ÁUnicorn-44296.exe
C:\ÁUnicorn-44296.exe
13⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 216
13⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
12⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
11⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
10⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
9⤵
PID:5116

C:\ÁUnicorn-17695.exe
C:\ÁUnicorn-17695.exe
8⤵
PID:3152

C:\ÁUnicorn-27279.exe
C:\ÁUnicorn-27279.exe
9⤵
PID:3288

C:\ÁUnicorn-26783.exe
C:\ÁUnicorn-26783.exe
10⤵
PID:5316

C:\ÁUnicorn-63096.exe
C:\ÁUnicorn-63096.exe
11⤵
PID:8864

C:\ÁUnicorn-50215.exe
C:\ÁUnicorn-50215.exe
12⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 236
12⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 236
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
9⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
8⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
7⤵
- Program crash
PID:704

C:\UsersÁUnicorn-40347.exe
C:\UsersÁUnicorn-40347.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152

C:\ÁUnicorn-52279.exe
C:\ÁUnicorn-52279.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\ÁUnicorn-36486.exe
C:\ÁUnicorn-36486.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\ÁUnicorn-14353.exe
C:\ÁUnicorn-14353.exe
9⤵
PID:2136

C:\ÁUnicorn-21098.exe
C:\ÁUnicorn-21098.exe
10⤵
PID:3444

C:\ÁUnicorn-17990.exe
C:\ÁUnicorn-17990.exe
11⤵
PID:1732

C:\ÁUnicorn-40303.exe
C:\ÁUnicorn-40303.exe
12⤵
PID:5988

C:\ÁUnicorn-11009.exe
C:\ÁUnicorn-11009.exe
13⤵
PID:7304

C:\ÁUnicorn-959.exe
C:\ÁUnicorn-959.exe
14⤵
PID:9240

C:\ÁUnicorn-40163.exe
C:\ÁUnicorn-40163.exe
15⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
14⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
13⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
12⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
11⤵
PID:4424

C:\ÁUnicorn-43759.exe
C:\ÁUnicorn-43759.exe
10⤵
PID:3688

C:\ÁUnicorn-64143.exe
C:\ÁUnicorn-64143.exe
11⤵
PID:6088

C:\ÁUnicorn-63941.exe
C:\ÁUnicorn-63941.exe
12⤵
PID:7396

C:\ÁUnicorn-57625.exe
C:\ÁUnicorn-57625.exe
13⤵
PID:9916

C:\ÁUnicorn-65142.exe
C:\ÁUnicorn-65142.exe
14⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
14⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
13⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
12⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
11⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
10⤵
PID:5248

C:\ÁUnicorn-31408.exe
C:\ÁUnicorn-31408.exe
9⤵
PID:3476

C:\ÁUnicorn-61321.exe
C:\ÁUnicorn-61321.exe
10⤵
PID:3132

C:\ÁUnicorn-33052.exe
C:\ÁUnicorn-33052.exe
11⤵
PID:6256

C:\ÁUnicorn-23678.exe
C:\ÁUnicorn-23678.exe
12⤵
PID:9016

C:\ÁUnicorn-22115.exe
C:\ÁUnicorn-22115.exe
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
13⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
12⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
11⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
9⤵
- Program crash
PID:3368

C:\ÁUnicorn-40865.exe
C:\ÁUnicorn-40865.exe
8⤵
PID:3024

C:\ÁUnicorn-8243.exe
C:\ÁUnicorn-8243.exe
9⤵
PID:3780

C:\ÁUnicorn-6125.exe
C:\ÁUnicorn-6125.exe
10⤵
PID:4572

C:\ÁUnicorn-31915.exe
C:\ÁUnicorn-31915.exe
11⤵
PID:8008

C:\ÁUnicorn-24364.exe
C:\ÁUnicorn-24364.exe
12⤵
PID:11388

C:\ÁUnicorn-22374.exe
C:\ÁUnicorn-22374.exe
13⤵
PID:13500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
12⤵
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 220
11⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
9⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
8⤵
- Program crash
PID:3412

C:\ÁUnicorn-65136.exe
C:\ÁUnicorn-65136.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\ÁUnicorn-59387.exe
C:\ÁUnicorn-59387.exe
8⤵
PID:2420

C:\ÁUnicorn-32660.exe
C:\ÁUnicorn-32660.exe
9⤵
PID:3812

C:\ÁUnicorn-6286.exe
C:\ÁUnicorn-6286.exe
10⤵
PID:5848

C:\ÁUnicorn-59525.exe
C:\ÁUnicorn-59525.exe
11⤵
PID:7432

C:\ÁUnicorn-959.exe
C:\ÁUnicorn-959.exe
12⤵
PID:10740

C:\ÁUnicorn-14812.exe
C:\ÁUnicorn-14812.exe
13⤵
PID:13360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
12⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
11⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
9⤵
PID:4900

C:\ÁUnicorn-30583.exe
C:\ÁUnicorn-30583.exe
8⤵
PID:3936

C:\ÁUnicorn-25783.exe
C:\ÁUnicorn-25783.exe
9⤵
PID:4616

C:\ÁUnicorn-35153.exe
C:\ÁUnicorn-35153.exe
10⤵
PID:8136

C:\ÁUnicorn-44711.exe
C:\ÁUnicorn-44711.exe
11⤵
PID:11224

C:\ÁUnicorn-36001.exe
C:\ÁUnicorn-36001.exe
12⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
11⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
10⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
8⤵
- Program crash
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
7⤵
- Program crash
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
6⤵
- Program crash
PID:1544

C:\Users\AdminÁUnicorn-49159.exe
C:\Users\AdminÁUnicorn-49159.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\UsersÁUnicorn-44754.exe
C:\UsersÁUnicorn-44754.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\ÁUnicorn-52471.exe
C:\ÁUnicorn-52471.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\ÁUnicorn-4223.exe
C:\ÁUnicorn-4223.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\ÁUnicorn-63227.exe
C:\ÁUnicorn-63227.exe
9⤵
PID:2036

C:\ÁUnicorn-33428.exe
C:\ÁUnicorn-33428.exe
10⤵
PID:3996

C:\ÁUnicorn-60951.exe
C:\ÁUnicorn-60951.exe
11⤵
PID:4416

C:\ÁUnicorn-36881.exe
C:\ÁUnicorn-36881.exe
12⤵
PID:7468

C:\ÁUnicorn-2324.exe
C:\ÁUnicorn-2324.exe
13⤵
PID:11676

C:\ÁUnicorn-35091.exe
C:\ÁUnicorn-35091.exe
14⤵
PID:13916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
12⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
11⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
10⤵
PID:4812

C:\ÁUnicorn-28279.exe
C:\ÁUnicorn-28279.exe
9⤵
PID:1536

C:\ÁUnicorn-57111.exe
C:\ÁUnicorn-57111.exe
10⤵
PID:4656

C:\ÁUnicorn-36881.exe
C:\ÁUnicorn-36881.exe
11⤵
PID:7484

C:\ÁUnicorn-10436.exe
C:\ÁUnicorn-10436.exe
12⤵
PID:10688

C:\ÁUnicorn-64704.exe
C:\ÁUnicorn-64704.exe
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
13⤵
PID:13348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
11⤵
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
10⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
9⤵
- Program crash
PID:4676

C:\ÁUnicorn-30232.exe
C:\ÁUnicorn-30232.exe
8⤵
PID:2396

C:\ÁUnicorn-34606.exe
C:\ÁUnicorn-34606.exe
9⤵
PID:3872

C:\ÁUnicorn-38959.exe
C:\ÁUnicorn-38959.exe
10⤵
PID:5820

C:\ÁUnicorn-11009.exe
C:\ÁUnicorn-11009.exe
11⤵
PID:7224

C:\ÁUnicorn-11896.exe
C:\ÁUnicorn-11896.exe
12⤵
PID:9640

C:\ÁUnicorn-60342.exe
C:\ÁUnicorn-60342.exe
13⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 216
13⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
12⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
11⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
10⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
9⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 220
8⤵
- Program crash
PID:3516

C:\ÁUnicorn-31311.exe
C:\ÁUnicorn-31311.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\ÁUnicorn-33269.exe
C:\ÁUnicorn-33269.exe
8⤵
PID:3028

C:\ÁUnicorn-33070.exe
C:\ÁUnicorn-33070.exe
9⤵
PID:3168

C:\ÁUnicorn-33463.exe
C:\ÁUnicorn-33463.exe
10⤵
PID:4500

C:\ÁUnicorn-52174.exe
C:\ÁUnicorn-52174.exe
11⤵
PID:8092

C:\ÁUnicorn-15508.exe
C:\ÁUnicorn-15508.exe
12⤵
PID:9656

C:\ÁUnicorn-50965.exe
C:\ÁUnicorn-50965.exe
13⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
13⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 236
12⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
11⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
10⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
9⤵
- Program crash
PID:4532

C:\ÁUnicorn-13204.exe
C:\ÁUnicorn-13204.exe
8⤵
PID:3192

C:\ÁUnicorn-5357.exe
C:\ÁUnicorn-5357.exe
9⤵
PID:5184

C:\ÁUnicorn-65355.exe
C:\ÁUnicorn-65355.exe
10⤵
PID:8116

C:\ÁUnicorn-959.exe
C:\ÁUnicorn-959.exe
11⤵
PID:10708

C:\ÁUnicorn-41123.exe
C:\ÁUnicorn-41123.exe
12⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
11⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
10⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
9⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
8⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
7⤵
- Program crash
PID:1904

C:\UsersÁUnicorn-10260.exe
C:\UsersÁUnicorn-10260.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\ÁUnicorn-4223.exe
C:\ÁUnicorn-4223.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\ÁUnicorn-65365.exe
C:\ÁUnicorn-65365.exe
8⤵
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
9⤵
- Program crash
PID:3928

C:\ÁUnicorn-13562.exe
C:\ÁUnicorn-13562.exe
8⤵
PID:4004

C:\ÁUnicorn-44532.exe
C:\ÁUnicorn-44532.exe
9⤵
PID:4468

C:\ÁUnicorn-6922.exe
C:\ÁUnicorn-6922.exe
10⤵
PID:7752

C:\ÁUnicorn-21751.exe
C:\ÁUnicorn-21751.exe
11⤵
PID:9796

C:\ÁUnicorn-33300.exe
C:\ÁUnicorn-33300.exe
12⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 220
12⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
11⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
10⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
9⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
8⤵
PID:4960

C:\ÁUnicorn-30424.exe
C:\ÁUnicorn-30424.exe
7⤵
PID:2400

C:\ÁUnicorn-48145.exe
C:\ÁUnicorn-48145.exe
8⤵
PID:3092

C:\ÁUnicorn-60936.exe
C:\ÁUnicorn-60936.exe
9⤵
PID:5368

C:\ÁUnicorn-33750.exe
C:\ÁUnicorn-33750.exe
10⤵
PID:8600

C:\ÁUnicorn-61565.exe
C:\ÁUnicorn-61565.exe
11⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 236
11⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
10⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
9⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
8⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 220
7⤵
- Program crash
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
6⤵
- Program crash
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1444

C:\Users\Admin\AppDataÁUnicorn-42964.exe
C:\Users\Admin\AppDataÁUnicorn-42964.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\AdminÁUnicorn-7867.exe
C:\Users\AdminÁUnicorn-7867.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\UsersÁUnicorn-44023.exe
C:\UsersÁUnicorn-44023.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\ÁUnicorn-23523.exe
C:\ÁUnicorn-23523.exe
7⤵
PID:1760

C:\ÁUnicorn-43295.exe
C:\ÁUnicorn-43295.exe
8⤵
PID:1656

C:\ÁUnicorn-35618.exe
C:\ÁUnicorn-35618.exe
9⤵
PID:3268

C:\ÁUnicorn-61719.exe
C:\ÁUnicorn-61719.exe
10⤵
PID:4484

C:\ÁUnicorn-6922.exe
C:\ÁUnicorn-6922.exe
11⤵
PID:7756

C:\ÁUnicorn-12126.exe
C:\ÁUnicorn-12126.exe
12⤵
PID:10700

C:\ÁUnicorn-56947.exe
C:\ÁUnicorn-56947.exe
13⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
13⤵
PID:14056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
11⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
9⤵
PID:4796

C:\ÁUnicorn-15944.exe
C:\ÁUnicorn-15944.exe
8⤵
PID:3300

C:\ÁUnicorn-24844.exe
C:\ÁUnicorn-24844.exe
9⤵
PID:5992

C:\ÁUnicorn-29157.exe
C:\ÁUnicorn-29157.exe
10⤵
PID:7832

C:\ÁUnicorn-57329.exe
C:\ÁUnicorn-57329.exe
11⤵
PID:9624

C:\ÁUnicorn-23217.exe
C:\ÁUnicorn-23217.exe
12⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
12⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
11⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 220
10⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
9⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
8⤵
PID:4620

C:\ÁUnicorn-43164.exe
C:\ÁUnicorn-43164.exe
7⤵
PID:2816

C:\ÁUnicorn-2177.exe
C:\ÁUnicorn-2177.exe
8⤵
PID:3080

C:\ÁUnicorn-41071.exe
C:\ÁUnicorn-41071.exe
9⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 220
10⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
8⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 220
7⤵
- Program crash
PID:3708

C:\UsersÁUnicorn-36521.exe
C:\UsersÁUnicorn-36521.exe
6⤵
PID:2372

C:\ÁUnicorn-8126.exe
C:\ÁUnicorn-8126.exe
7⤵
PID:2208

C:\ÁUnicorn-22603.exe
C:\ÁUnicorn-22603.exe
8⤵
PID:3316

C:\ÁUnicorn-27205.exe
C:\ÁUnicorn-27205.exe
9⤵
PID:5428

C:\ÁUnicorn-49896.exe
C:\ÁUnicorn-49896.exe
10⤵
PID:8184

C:\ÁUnicorn-40015.exe
C:\ÁUnicorn-40015.exe
11⤵
PID:11416

C:\ÁUnicorn-35913.exe
C:\ÁUnicorn-35913.exe
12⤵
PID:13576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
11⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
10⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
9⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
8⤵
PID:5108

C:\ÁUnicorn-35601.exe
C:\ÁUnicorn-35601.exe
7⤵
PID:3352

C:\ÁUnicorn-33463.exe
C:\ÁUnicorn-33463.exe
8⤵
PID:4520

C:\ÁUnicorn-49652.exe
C:\ÁUnicorn-49652.exe
9⤵
PID:8080

C:\ÁUnicorn-21333.exe
C:\ÁUnicorn-21333.exe
10⤵
PID:11128

C:\ÁUnicorn-45198.exe
C:\ÁUnicorn-45198.exe
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 216
11⤵
PID:14008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
10⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
9⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
8⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
7⤵
- Program crash
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
6⤵
- Program crash
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
5⤵
- Program crash
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2480

C:\Users\Admin\AppData\LocalÁUnicorn-49446.exe
C:\Users\Admin\AppData\LocalÁUnicorn-49446.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448

C:\Users\Admin\AppDataÁUnicorn-62830.exe
C:\Users\Admin\AppDataÁUnicorn-62830.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\AdminÁUnicorn-39066.exe
C:\Users\AdminÁUnicorn-39066.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\UsersÁUnicorn-52725.exe
C:\UsersÁUnicorn-52725.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1216

C:\ÁUnicorn-45009.exe
C:\ÁUnicorn-45009.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\ÁUnicorn-56387.exe
C:\ÁUnicorn-56387.exe
8⤵
PID:2696

C:\ÁUnicorn-46201.exe
C:\ÁUnicorn-46201.exe
9⤵
PID:2840

C:\ÁUnicorn-35727.exe
C:\ÁUnicorn-35727.exe
10⤵
PID:4036

C:\ÁUnicorn-22590.exe
C:\ÁUnicorn-22590.exe
11⤵
PID:5828

C:\ÁUnicorn-36272.exe
C:\ÁUnicorn-36272.exe
12⤵
PID:8628

C:\ÁUnicorn-41238.exe
C:\ÁUnicorn-41238.exe
13⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 220
13⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
12⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
11⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
10⤵
PID:5524

C:\ÁUnicorn-47849.exe
C:\ÁUnicorn-47849.exe
9⤵
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 372
10⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
9⤵
PID:5668

C:\ÁUnicorn-50368.exe
C:\ÁUnicorn-50368.exe
8⤵
PID:2380

C:\ÁUnicorn-36309.exe
C:\ÁUnicorn-36309.exe
9⤵
PID:4596

C:\ÁUnicorn-7285.exe
C:\ÁUnicorn-7285.exe
10⤵
PID:7744

C:\ÁUnicorn-56529.exe
C:\ÁUnicorn-56529.exe
11⤵
PID:10908

C:\ÁUnicorn-8508.exe
C:\ÁUnicorn-8508.exe
12⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
12⤵
PID:13544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
10⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
8⤵
- Program crash
PID:4032

C:\ÁUnicorn-36521.exe
C:\ÁUnicorn-36521.exe
7⤵
PID:1244

C:\ÁUnicorn-43295.exe
C:\ÁUnicorn-43295.exe
8⤵
PID:3044

C:\ÁUnicorn-49126.exe
C:\ÁUnicorn-49126.exe
9⤵
PID:3868

C:\ÁUnicorn-64143.exe
C:\ÁUnicorn-64143.exe
10⤵
PID:6080

C:\ÁUnicorn-63941.exe
C:\ÁUnicorn-63941.exe
11⤵
PID:6692

C:\ÁUnicorn-7078.exe
C:\ÁUnicorn-7078.exe
12⤵
PID:9936

C:\ÁUnicorn-64626.exe
C:\ÁUnicorn-64626.exe
13⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
13⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 236
12⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
11⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 216
9⤵
PID:5348

C:\ÁUnicorn-20812.exe
C:\ÁUnicorn-20812.exe
8⤵
PID:3144

C:\ÁUnicorn-64848.exe
C:\ÁUnicorn-64848.exe
9⤵
PID:4376

C:\ÁUnicorn-59636.exe
C:\ÁUnicorn-59636.exe
10⤵
PID:7964

C:\ÁUnicorn-54773.exe
C:\ÁUnicorn-54773.exe
11⤵
PID:11160

C:\ÁUnicorn-61965.exe
C:\ÁUnicorn-61965.exe
12⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 216
12⤵
PID:14084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
11⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
10⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
9⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 220
8⤵
- Program crash
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
7⤵
- Program crash
PID:2484

C:\UsersÁUnicorn-9684.exe
C:\UsersÁUnicorn-9684.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\ÁUnicorn-58115.exe
C:\ÁUnicorn-58115.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\ÁUnicorn-45433.exe
C:\ÁUnicorn-45433.exe
8⤵
PID:916

C:\ÁUnicorn-5862.exe
C:\ÁUnicorn-5862.exe
9⤵
PID:4132

C:\ÁUnicorn-36171.exe
C:\ÁUnicorn-36171.exe
10⤵
PID:6600

C:\ÁUnicorn-52518.exe
C:\ÁUnicorn-52518.exe
11⤵
PID:8372

C:\ÁUnicorn-19776.exe
C:\ÁUnicorn-19776.exe
12⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 236
12⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 236
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 216
9⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
8⤵
- Program crash
PID:3252

C:\ÁUnicorn-58816.exe
C:\ÁUnicorn-58816.exe
7⤵
PID:2116

C:\ÁUnicorn-58628.exe
C:\ÁUnicorn-58628.exe
8⤵
PID:4224

C:\ÁUnicorn-41698.exe
C:\ÁUnicorn-41698.exe
9⤵
PID:7052

C:\ÁUnicorn-52518.exe
C:\ÁUnicorn-52518.exe
10⤵
PID:8364

C:\ÁUnicorn-19776.exe
C:\ÁUnicorn-19776.exe
11⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
11⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
10⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
9⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
8⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
7⤵
- Program crash
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
6⤵
- Program crash
PID:1520

C:\Users\AdminÁUnicorn-65532.exe
C:\Users\AdminÁUnicorn-65532.exe
5⤵
- Executes dropped EXE
PID:1272

C:\UsersÁUnicorn-45009.exe
C:\UsersÁUnicorn-45009.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2264

C:\ÁUnicorn-23523.exe
C:\ÁUnicorn-23523.exe
7⤵
PID:2016

C:\ÁUnicorn-4696.exe
C:\ÁUnicorn-4696.exe
8⤵
PID:1916

C:\ÁUnicorn-51550.exe
C:\ÁUnicorn-51550.exe
9⤵
PID:4308

C:\ÁUnicorn-58688.exe
C:\ÁUnicorn-58688.exe
10⤵
PID:7012

C:\ÁUnicorn-5549.exe
C:\ÁUnicorn-5549.exe
11⤵
PID:9424

C:\ÁUnicorn-37612.exe
C:\ÁUnicorn-37612.exe
12⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 216
12⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 236
11⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
10⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
9⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
8⤵
- Program crash
PID:3804

C:\ÁUnicorn-34908.exe
C:\ÁUnicorn-34908.exe
7⤵
PID:3104

C:\ÁUnicorn-1140.exe
C:\ÁUnicorn-1140.exe
8⤵
PID:4448

C:\ÁUnicorn-62360.exe
C:\ÁUnicorn-62360.exe
9⤵
PID:7420

C:\ÁUnicorn-26012.exe
C:\ÁUnicorn-26012.exe
10⤵
PID:9692

C:\ÁUnicorn-64182.exe
C:\ÁUnicorn-64182.exe
11⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
11⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 220
10⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
9⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
8⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 220
7⤵
- Program crash
PID:3968

C:\UsersÁUnicorn-56065.exe
C:\UsersÁUnicorn-56065.exe
6⤵
PID:2488

C:\ÁUnicorn-60726.exe
C:\ÁUnicorn-60726.exe
7⤵
PID:1048

C:\ÁUnicorn-5581.exe
C:\ÁUnicorn-5581.exe
8⤵
PID:3396

C:\ÁUnicorn-42036.exe
C:\ÁUnicorn-42036.exe
9⤵
PID:5060

C:\ÁUnicorn-6922.exe
C:\ÁUnicorn-6922.exe
10⤵
PID:7728

C:\ÁUnicorn-44306.exe
C:\ÁUnicorn-44306.exe
11⤵
PID:10796

C:\ÁUnicorn-16304.exe
C:\ÁUnicorn-16304.exe
12⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 216
12⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
11⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
10⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
8⤵
PID:4720

C:\ÁUnicorn-51253.exe
C:\ÁUnicorn-51253.exe
7⤵
PID:3408

C:\ÁUnicorn-37314.exe
C:\ÁUnicorn-37314.exe
8⤵
PID:5588

C:\ÁUnicorn-21199.exe
C:\ÁUnicorn-21199.exe
9⤵
PID:7864

C:\ÁUnicorn-54406.exe
C:\ÁUnicorn-54406.exe
10⤵
PID:10476

C:\ÁUnicorn-32359.exe
C:\ÁUnicorn-32359.exe
11⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 216
11⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
10⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
9⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
8⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
7⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
6⤵
- Program crash
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
5⤵
- Program crash
PID:2120

C:\Users\Admin\AppDataÁUnicorn-65194.exe
C:\Users\Admin\AppDataÁUnicorn-65194.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\AdminÁUnicorn-55548.exe
C:\Users\AdminÁUnicorn-55548.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\UsersÁUnicorn-367.exe
C:\UsersÁUnicorn-367.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1256

C:\ÁUnicorn-63227.exe
C:\ÁUnicorn-63227.exe
7⤵
PID:2868

C:\ÁUnicorn-205.exe
C:\ÁUnicorn-205.exe
8⤵
PID:3124

C:\ÁUnicorn-61361.exe
C:\ÁUnicorn-61361.exe
9⤵
PID:4776

C:\ÁUnicorn-9034.exe
C:\ÁUnicorn-9034.exe
10⤵
PID:7400

C:\ÁUnicorn-23603.exe
C:\ÁUnicorn-23603.exe
11⤵
PID:10260

C:\ÁUnicorn-36075.exe
C:\ÁUnicorn-36075.exe
12⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
12⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
10⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
8⤵
PID:4872

C:\ÁUnicorn-13204.exe
C:\ÁUnicorn-13204.exe
7⤵
PID:3148

C:\ÁUnicorn-26188.exe
C:\ÁUnicorn-26188.exe
8⤵
PID:5792

C:\ÁUnicorn-26853.exe
C:\ÁUnicorn-26853.exe
9⤵
PID:7984

C:\ÁUnicorn-55464.exe
C:\ÁUnicorn-55464.exe
10⤵
PID:11568

C:\ÁUnicorn-41038.exe
C:\ÁUnicorn-41038.exe
11⤵
PID:13780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
10⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
9⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
8⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
7⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 216
6⤵
- Program crash
PID:2580

C:\Users\AdminÁUnicorn-8916.exe
C:\Users\AdminÁUnicorn-8916.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\UsersÁUnicorn-55811.exe
C:\UsersÁUnicorn-55811.exe
6⤵
PID:2616

C:\ÁUnicorn-46201.exe
C:\ÁUnicorn-46201.exe
7⤵
PID:2252

C:\ÁUnicorn-1716.exe
C:\ÁUnicorn-1716.exe
8⤵
PID:4492

C:\ÁUnicorn-2033.exe
C:\ÁUnicorn-2033.exe
9⤵
PID:7520

C:\ÁUnicorn-7251.exe
C:\ÁUnicorn-7251.exe
10⤵
PID:9596

C:\ÁUnicorn-65038.exe
C:\ÁUnicorn-65038.exe
11⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
11⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
10⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
9⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
8⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 216
7⤵
- Program crash
PID:3540

C:\UsersÁUnicorn-50368.exe
C:\UsersÁUnicorn-50368.exe
6⤵
PID:2712

C:\ÁUnicorn-4798.exe
C:\ÁUnicorn-4798.exe
7⤵
PID:4408

C:\ÁUnicorn-28920.exe
C:\ÁUnicorn-28920.exe
8⤵
PID:7384

C:\ÁUnicorn-9649.exe
C:\ÁUnicorn-9649.exe
9⤵
PID:10136

C:\ÁUnicorn-62838.exe
C:\ÁUnicorn-62838.exe
10⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 236
10⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
8⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
7⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
6⤵
- Program crash
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
5⤵
- Program crash
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1964

C:\Users\Admin\AppData\Local\TempÁUnicorn-5888.exe
C:\Users\Admin\AppData\Local\TempÁUnicorn-5888.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632

C:\Users\Admin\AppData\LocalÁUnicorn-54236.exe
C:\Users\Admin\AppData\LocalÁUnicorn-54236.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452

C:\Users\Admin\AppDataÁUnicorn-30542.exe
C:\Users\Admin\AppDataÁUnicorn-30542.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\AdminÁUnicorn-52195.exe
C:\Users\AdminÁUnicorn-52195.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\UsersÁUnicorn-51765.exe
C:\UsersÁUnicorn-51765.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\ÁUnicorn-44023.exe
C:\ÁUnicorn-44023.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\ÁUnicorn-57923.exe
C:\ÁUnicorn-57923.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\ÁUnicorn-64566.exe
C:\ÁUnicorn-64566.exe
9⤵
PID:2724

C:\ÁUnicorn-18222.exe
C:\ÁUnicorn-18222.exe
9⤵
PID:3728

C:\ÁUnicorn-32047.exe
C:\ÁUnicorn-32047.exe
10⤵
PID:6136

C:\ÁUnicorn-63941.exe
C:\ÁUnicorn-63941.exe
11⤵
PID:8188

C:\ÁUnicorn-63959.exe
C:\ÁUnicorn-63959.exe
12⤵
PID:11868

C:\ÁUnicorn-61988.exe
C:\ÁUnicorn-61988.exe
13⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
11⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 220
10⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
9⤵
PID:5300

C:\ÁUnicorn-25541.exe
C:\ÁUnicorn-25541.exe
8⤵
PID:2368

C:\ÁUnicorn-18789.exe
C:\ÁUnicorn-18789.exe
9⤵
PID:3484

C:\ÁUnicorn-16204.exe
C:\ÁUnicorn-16204.exe
10⤵
PID:6104

C:\ÁUnicorn-26853.exe
C:\ÁUnicorn-26853.exe
11⤵
PID:7940

C:\ÁUnicorn-44468.exe
C:\ÁUnicorn-44468.exe
12⤵
PID:11720

C:\ÁUnicorn-54992.exe
C:\ÁUnicorn-54992.exe
13⤵
PID:13880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
12⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
11⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 220
10⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
9⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
8⤵
- Program crash
PID:3584

C:\ÁUnicorn-2697.exe
C:\ÁUnicorn-2697.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\ÁUnicorn-31702.exe
C:\ÁUnicorn-31702.exe
8⤵
PID:1612

C:\ÁUnicorn-51461.exe
C:\ÁUnicorn-51461.exe
9⤵
PID:3332

C:\ÁUnicorn-49089.exe
C:\ÁUnicorn-49089.exe
10⤵
PID:5172

C:\ÁUnicorn-39370.exe
C:\ÁUnicorn-39370.exe
11⤵
PID:8348

C:\ÁUnicorn-57849.exe
C:\ÁUnicorn-57849.exe
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
11⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
9⤵
PID:5396

C:\ÁUnicorn-64460.exe
C:\ÁUnicorn-64460.exe
8⤵
PID:3452

C:\ÁUnicorn-16801.exe
C:\ÁUnicorn-16801.exe
9⤵
PID:5232

C:\ÁUnicorn-59572.exe
C:\ÁUnicorn-59572.exe
10⤵
PID:8300

C:\ÁUnicorn-43497.exe
C:\ÁUnicorn-43497.exe
11⤵
PID:11352

C:\ÁUnicorn-22888.exe
C:\ÁUnicorn-22888.exe
12⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
11⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
9⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
8⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
7⤵
- Program crash
PID:2184

C:\UsersÁUnicorn-9082.exe
C:\UsersÁUnicorn-9082.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\ÁUnicorn-41914.exe
C:\ÁUnicorn-41914.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\ÁUnicorn-13336.exe
C:\ÁUnicorn-13336.exe
8⤵
PID:2408

C:\ÁUnicorn-45644.exe
C:\ÁUnicorn-45644.exe
9⤵
PID:3884

C:\ÁUnicorn-50649.exe
C:\ÁUnicorn-50649.exe
10⤵
PID:6300

C:\ÁUnicorn-54980.exe
C:\ÁUnicorn-54980.exe
11⤵
PID:9056

C:\ÁUnicorn-2996.exe
C:\ÁUnicorn-2996.exe
12⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 236
11⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
9⤵
PID:5652

C:\ÁUnicorn-25970.exe
C:\ÁUnicorn-25970.exe
8⤵
PID:3960

C:\ÁUnicorn-9595.exe
C:\ÁUnicorn-9595.exe
9⤵
PID:5340

C:\ÁUnicorn-53278.exe
C:\ÁUnicorn-53278.exe
10⤵
PID:8956

C:\ÁUnicorn-1564.exe
C:\ÁUnicorn-1564.exe
11⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 236
11⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
10⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
8⤵
PID:5632

C:\ÁUnicorn-26335.exe
C:\ÁUnicorn-26335.exe
7⤵
PID:1440

C:\ÁUnicorn-60527.exe
C:\ÁUnicorn-60527.exe
8⤵
PID:3420

C:\ÁUnicorn-48300.exe
C:\ÁUnicorn-48300.exe
9⤵
PID:5344

C:\ÁUnicorn-3495.exe
C:\ÁUnicorn-3495.exe
10⤵
PID:7464

C:\ÁUnicorn-30519.exe
C:\ÁUnicorn-30519.exe
11⤵
PID:11836

C:\ÁUnicorn-31610.exe
C:\ÁUnicorn-31610.exe
12⤵
PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
11⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 220
10⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
9⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
8⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
7⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
6⤵
- Program crash
PID:1572

C:\Users\AdminÁUnicorn-16440.exe
C:\Users\AdminÁUnicorn-16440.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\UsersÁUnicorn-30894.exe
C:\UsersÁUnicorn-30894.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\ÁUnicorn-55619.exe
C:\ÁUnicorn-55619.exe
7⤵
- Executes dropped EXE
PID:2732

C:\ÁUnicorn-13144.exe
C:\ÁUnicorn-13144.exe
8⤵
PID:2784

C:\ÁUnicorn-16646.exe
C:\ÁUnicorn-16646.exe
9⤵
PID:4044

C:\ÁUnicorn-5028.exe
C:\ÁUnicorn-5028.exe
10⤵
PID:5604

C:\ÁUnicorn-56822.exe
C:\ÁUnicorn-56822.exe
11⤵
PID:8676

C:\ÁUnicorn-59790.exe
C:\ÁUnicorn-59790.exe
12⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
11⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 220
10⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
9⤵
PID:5332

C:\ÁUnicorn-53869.exe
C:\ÁUnicorn-53869.exe
8⤵
PID:3360

C:\ÁUnicorn-49836.exe
C:\ÁUnicorn-49836.exe
9⤵
PID:5196

C:\ÁUnicorn-27403.exe
C:\ÁUnicorn-27403.exe
10⤵
PID:8124

C:\ÁUnicorn-13519.exe
C:\ÁUnicorn-13519.exe
11⤵
PID:11148

C:\ÁUnicorn-14891.exe
C:\ÁUnicorn-14891.exe
12⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 216
12⤵
PID:13684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 220
10⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 220
9⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
8⤵
PID:5356

C:\ÁUnicorn-26335.exe
C:\ÁUnicorn-26335.exe
7⤵
PID:2972

C:\ÁUnicorn-50470.exe
C:\ÁUnicorn-50470.exe
8⤵
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 220
9⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
8⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
7⤵
- Program crash
PID:3664

C:\UsersÁUnicorn-35945.exe
C:\UsersÁUnicorn-35945.exe
6⤵
PID:2964

C:\ÁUnicorn-8318.exe
C:\ÁUnicorn-8318.exe
7⤵
PID:1484

C:\ÁUnicorn-38638.exe
C:\ÁUnicorn-38638.exe
8⤵
PID:3524

C:\ÁUnicorn-39374.exe
C:\ÁUnicorn-39374.exe
9⤵
PID:5084

C:\ÁUnicorn-31915.exe
C:\ÁUnicorn-31915.exe
10⤵
PID:8004

C:\ÁUnicorn-45356.exe
C:\ÁUnicorn-45356.exe
11⤵
PID:10544

C:\ÁUnicorn-50558.exe
C:\ÁUnicorn-50558.exe
12⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10544 -s 236
12⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
11⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 220
10⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
9⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 216
8⤵
PID:4984

C:\ÁUnicorn-33297.exe
C:\ÁUnicorn-33297.exe
7⤵
PID:3632

C:\ÁUnicorn-63665.exe
C:\ÁUnicorn-63665.exe
8⤵
PID:4852

C:\ÁUnicorn-64408.exe
C:\ÁUnicorn-64408.exe
9⤵
PID:8212

C:\ÁUnicorn-37752.exe
C:\ÁUnicorn-37752.exe
10⤵
PID:11256

C:\ÁUnicorn-44202.exe
C:\ÁUnicorn-44202.exe
11⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 220
10⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
9⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
8⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
7⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
6⤵
- Program crash
PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
5⤵
- Program crash
PID:1560

C:\Users\Admin\AppDataÁUnicorn-16870.exe
C:\Users\Admin\AppDataÁUnicorn-16870.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\AdminÁUnicorn-52533.exe
C:\Users\AdminÁUnicorn-52533.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\UsersÁUnicorn-62030.exe
C:\UsersÁUnicorn-62030.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\ÁUnicorn-23523.exe
C:\ÁUnicorn-23523.exe
7⤵
PID:1588

C:\ÁUnicorn-62454.exe
C:\ÁUnicorn-62454.exe
8⤵
PID:268

C:\ÁUnicorn-29052.exe
C:\ÁUnicorn-29052.exe
9⤵
PID:4732

C:\ÁUnicorn-59859.exe
C:\ÁUnicorn-59859.exe
10⤵
PID:7824

C:\ÁUnicorn-3716.exe
C:\ÁUnicorn-3716.exe
11⤵
PID:10776

C:\ÁUnicorn-35649.exe
C:\ÁUnicorn-35649.exe
12⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10776 -s 236
12⤵
PID:13400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
11⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
10⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
9⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
8⤵
- Program crash
PID:4160

C:\ÁUnicorn-10492.exe
C:\ÁUnicorn-10492.exe
7⤵
PID:1940

C:\ÁUnicorn-21234.exe
C:\ÁUnicorn-21234.exe
8⤵
PID:4624

C:\ÁUnicorn-24914.exe
C:\ÁUnicorn-24914.exe
9⤵
PID:7660

C:\ÁUnicorn-25041.exe
C:\ÁUnicorn-25041.exe
10⤵
PID:9680

C:\ÁUnicorn-58001.exe
C:\ÁUnicorn-58001.exe
11⤵
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
11⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 236
10⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
9⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
8⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
7⤵
- Program crash
PID:4020

C:\UsersÁUnicorn-56065.exe
C:\UsersÁUnicorn-56065.exe
6⤵
PID:288

C:\ÁUnicorn-43295.exe
C:\ÁUnicorn-43295.exe
7⤵
PID:708

C:\ÁUnicorn-34274.exe
C:\ÁUnicorn-34274.exe
8⤵
PID:3920

C:\ÁUnicorn-24076.exe
C:\ÁUnicorn-24076.exe
9⤵
PID:5892

C:\ÁUnicorn-63173.exe
C:\ÁUnicorn-63173.exe
10⤵
PID:8100

C:\ÁUnicorn-4477.exe
C:\ÁUnicorn-4477.exe
11⤵
PID:10824

C:\ÁUnicorn-21595.exe
C:\ÁUnicorn-21595.exe
12⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 216
12⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
10⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 236
8⤵
PID:4784

C:\ÁUnicorn-47657.exe
C:\ÁUnicorn-47657.exe
7⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 220
7⤵
- Program crash
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
6⤵
- Program crash
PID:2620

C:\Users\AdminÁUnicorn-22621.exe
C:\Users\AdminÁUnicorn-22621.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1204

C:\UsersÁUnicorn-9625.exe
C:\UsersÁUnicorn-9625.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\ÁUnicorn-13336.exe
C:\ÁUnicorn-13336.exe
7⤵
PID:1516

C:\ÁUnicorn-23102.exe
C:\ÁUnicorn-23102.exe
8⤵
PID:4348

C:\ÁUnicorn-19418.exe
C:\ÁUnicorn-19418.exe
9⤵
PID:7228

C:\ÁUnicorn-31211.exe
C:\ÁUnicorn-31211.exe
10⤵
PID:9388

C:\ÁUnicorn-4.exe
C:\ÁUnicorn-4.exe
11⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
11⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 236
10⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
9⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
8⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
7⤵
- Program crash
PID:3260

C:\UsersÁUnicorn-26335.exe
C:\UsersÁUnicorn-26335.exe
6⤵
PID:2780

C:\ÁUnicorn-27087.exe
C:\ÁUnicorn-27087.exe
7⤵
PID:3264

C:\ÁUnicorn-52185.exe
C:\ÁUnicorn-52185.exe
8⤵
PID:5496

C:\ÁUnicorn-62904.exe
C:\ÁUnicorn-62904.exe
9⤵
PID:8836

C:\ÁUnicorn-481.exe
C:\ÁUnicorn-481.exe
10⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
10⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
9⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
8⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
7⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
6⤵
- Program crash
PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
5⤵
- Program crash
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1736

C:\Users\Admin\AppData\LocalÁUnicorn-10676.exe
C:\Users\Admin\AppData\LocalÁUnicorn-10676.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppDataÁUnicorn-19523.exe
C:\Users\Admin\AppDataÁUnicorn-19523.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\AdminÁUnicorn-55356.exe
C:\Users\AdminÁUnicorn-55356.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012

C:\UsersÁUnicorn-64334.exe
C:\UsersÁUnicorn-64334.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1188

C:\ÁUnicorn-57923.exe
C:\ÁUnicorn-57923.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\ÁUnicorn-63637.exe
C:\ÁUnicorn-63637.exe
8⤵
PID:1488

C:\ÁUnicorn-33070.exe
C:\ÁUnicorn-33070.exe
9⤵
PID:3180

C:\ÁUnicorn-39374.exe
C:\ÁUnicorn-39374.exe
10⤵
PID:4744

C:\ÁUnicorn-38993.exe
C:\ÁUnicorn-38993.exe
11⤵
PID:8164

C:\ÁUnicorn-38110.exe
C:\ÁUnicorn-38110.exe
12⤵
PID:10572

C:\ÁUnicorn-3317.exe
C:\ÁUnicorn-3317.exe
13⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 216
13⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
12⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
11⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
10⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
9⤵
PID:4996

C:\ÁUnicorn-13204.exe
C:\ÁUnicorn-13204.exe
8⤵
PID:3212

C:\ÁUnicorn-24439.exe
C:\ÁUnicorn-24439.exe
9⤵
PID:4944

C:\ÁUnicorn-38827.exe
C:\ÁUnicorn-38827.exe
10⤵
PID:7540

C:\ÁUnicorn-32096.exe
C:\ÁUnicorn-32096.exe
11⤵
PID:10472

C:\ÁUnicorn-41123.exe
C:\ÁUnicorn-41123.exe
12⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
11⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
9⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
8⤵
PID:4700

C:\ÁUnicorn-11675.exe
C:\ÁUnicorn-11675.exe
7⤵
PID:2772

C:\ÁUnicorn-51025.exe
C:\ÁUnicorn-51025.exe
8⤵
PID:4076

C:\ÁUnicorn-11667.exe
C:\ÁUnicorn-11667.exe
9⤵
PID:4940

C:\ÁUnicorn-55438.exe
C:\ÁUnicorn-55438.exe
10⤵
PID:7844

C:\ÁUnicorn-39081.exe
C:\ÁUnicorn-39081.exe
11⤵
PID:11320

C:\ÁUnicorn-30127.exe
C:\ÁUnicorn-30127.exe
12⤵
PID:13432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 220
11⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
10⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
8⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 220
7⤵
- Program crash
PID:3592

C:\UsersÁUnicorn-2697.exe
C:\UsersÁUnicorn-2697.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\ÁUnicorn-32470.exe
C:\ÁUnicorn-32470.exe
7⤵
PID:2836

C:\ÁUnicorn-5607.exe
C:\ÁUnicorn-5607.exe
8⤵
PID:3840

C:\ÁUnicorn-64874.exe
C:\ÁUnicorn-64874.exe
9⤵
PID:4460

C:\ÁUnicorn-2480.exe
C:\ÁUnicorn-2480.exe
10⤵
PID:7992

C:\ÁUnicorn-15273.exe
C:\ÁUnicorn-15273.exe
11⤵
PID:11120

C:\ÁUnicorn-49510.exe
C:\ÁUnicorn-49510.exe
12⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
12⤵
PID:13712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
10⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
8⤵
PID:4684

C:\ÁUnicorn-34065.exe
C:\ÁUnicorn-34065.exe
7⤵
PID:3896

C:\ÁUnicorn-18949.exe
C:\ÁUnicorn-18949.exe
8⤵
PID:5516

C:\ÁUnicorn-16840.exe
C:\ÁUnicorn-16840.exe
9⤵
PID:8040

C:\ÁUnicorn-23078.exe
C:\ÁUnicorn-23078.exe
10⤵
PID:10420

C:\ÁUnicorn-24964.exe
C:\ÁUnicorn-24964.exe
11⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
11⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
10⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 220
9⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
8⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
7⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
6⤵
- Program crash
PID:2576

C:\Users\AdminÁUnicorn-55294.exe
C:\Users\AdminÁUnicorn-55294.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\UsersÁUnicorn-42682.exe
C:\UsersÁUnicorn-42682.exe
6⤵
PID:1360

C:\ÁUnicorn-37561.exe
C:\ÁUnicorn-37561.exe
7⤵
PID:3204

C:\ÁUnicorn-43143.exe
C:\ÁUnicorn-43143.exe
8⤵
PID:4184

C:\ÁUnicorn-8065.exe
C:\ÁUnicorn-8065.exe
9⤵
PID:6992

C:\ÁUnicorn-55279.exe
C:\ÁUnicorn-55279.exe
10⤵
PID:8712

C:\ÁUnicorn-10751.exe
C:\ÁUnicorn-10751.exe
11⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
11⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 236
10⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
9⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
8⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
7⤵
- Program crash
PID:3760

C:\UsersÁUnicorn-37430.exe
C:\UsersÁUnicorn-37430.exe
6⤵
PID:3196

C:\ÁUnicorn-37071.exe
C:\ÁUnicorn-37071.exe
7⤵
PID:3376

C:\ÁUnicorn-13971.exe
C:\ÁUnicorn-13971.exe
8⤵
PID:4640

C:\ÁUnicorn-65368.exe
C:\ÁUnicorn-65368.exe
9⤵
PID:8252

C:\ÁUnicorn-8565.exe
C:\ÁUnicorn-8565.exe
10⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
10⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
9⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
8⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
7⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
6⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
5⤵
- Program crash
PID:1800

C:\Users\Admin\AppDataÁUnicorn-32667.exe
C:\Users\Admin\AppDataÁUnicorn-32667.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\AdminÁUnicorn-62222.exe
C:\Users\AdminÁUnicorn-62222.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:828

C:\UsersÁUnicorn-23523.exe
C:\UsersÁUnicorn-23523.exe
6⤵
PID:1788

C:\ÁUnicorn-13336.exe
C:\ÁUnicorn-13336.exe
7⤵
PID:3064

C:\ÁUnicorn-36578.exe
C:\ÁUnicorn-36578.exe
8⤵
PID:3608

C:\ÁUnicorn-7054.exe
C:\ÁUnicorn-7054.exe
9⤵
PID:5952

C:\ÁUnicorn-26853.exe
C:\ÁUnicorn-26853.exe
10⤵
PID:7884

C:\ÁUnicorn-48541.exe
C:\ÁUnicorn-48541.exe
11⤵
PID:10268

C:\ÁUnicorn-3125.exe
C:\ÁUnicorn-3125.exe
12⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10268 -s 216
12⤵
PID:14132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
11⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
8⤵
PID:4404

C:\ÁUnicorn-47081.exe
C:\ÁUnicorn-47081.exe
7⤵
PID:3824

C:\ÁUnicorn-59455.exe
C:\ÁUnicorn-59455.exe
8⤵
PID:5420

C:\ÁUnicorn-4954.exe
C:\ÁUnicorn-4954.exe
9⤵
PID:8928

C:\ÁUnicorn-45726.exe
C:\ÁUnicorn-45726.exe
10⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
10⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
9⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
8⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 220
7⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
6⤵
- Program crash
PID:3716

C:\Users\AdminÁUnicorn-56065.exe
C:\Users\AdminÁUnicorn-56065.exe
5⤵
PID:1952

C:\UsersÁUnicorn-40799.exe
C:\UsersÁUnicorn-40799.exe
6⤵
PID:1852

C:\ÁUnicorn-18763.exe
C:\ÁUnicorn-18763.exe
7⤵
PID:3244

C:\ÁUnicorn-31279.exe
C:\ÁUnicorn-31279.exe
8⤵
PID:6048

C:\ÁUnicorn-22050.exe
C:\ÁUnicorn-22050.exe
9⤵
PID:7684

C:\ÁUnicorn-9792.exe
C:\ÁUnicorn-9792.exe
10⤵
PID:10232

C:\ÁUnicorn-9364.exe
C:\ÁUnicorn-9364.exe
11⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 236
11⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
10⤵
PID:1220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
9⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
8⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
7⤵
PID:4636

C:\UsersÁUnicorn-35025.exe
C:\UsersÁUnicorn-35025.exe
6⤵
PID:3272

C:\ÁUnicorn-4589.exe
C:\ÁUnicorn-4589.exe
7⤵
PID:5124

C:\ÁUnicorn-49896.exe
C:\ÁUnicorn-49896.exe
8⤵
PID:8160

C:\ÁUnicorn-13662.exe
C:\ÁUnicorn-13662.exe
9⤵
PID:10540

C:\ÁUnicorn-50481.exe
C:\ÁUnicorn-50481.exe
10⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 216
10⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
9⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
8⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
7⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
6⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
5⤵
- Program crash
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
4⤵
- Program crash
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
2⤵
- Program crash
PID:2720

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalÁUnicorn-54236.exe
Filesize
184KB

MD5
72bdea7d0e5920e56a4f12da9c47af46

SHA1
42bfa91e3c41376e126326dab3c51322d818c585

SHA256
7c71ba6006a39e11c86a5093ec4a69d325f78b0a4058cd33f96b1be4e9f29ce5

SHA512
4976a6ea3a42b062709ff8288e22bdb3c5cd90418cf78fd12793493878215d33002c3c1a473d4103c85e33b4e74e2c33758659b3ff60cb94a14b7441abc87618

Download Submit
C:\Users\Admin\AppDataÁUnicorn-42964.exe
Filesize
184KB

MD5
4bec8ddec2f323cbe5d5b756ba2b736f

SHA1
101102585d7128357ef651a94219f64f4fcfe513

SHA256
101e84e2d006d505733889653170a06ef8c53ab10b6c8c22f4e0138912267707

SHA512
a43de57db87fcaaa9e5098c87fc7dcdc193851b590ba2814b9857da7adb5835daa8ba35cc4e59b144c63aacd89863d817c96189364100b4fbaba164cdcf5a440

Download Submit
C:\UsersÁUnicorn-40347.exe
Filesize
184KB

MD5
072ac6ae6379c6d8b80bc4a615f1736e

SHA1
2e952aa767f29b4878b828d64f9a8c2699ada59f

SHA256
ea95d939689c9a73ac4b92f074cc931018a532eee956f53428a0f6a609055e75

SHA512
614c216415286a6add32ee6d843931e3ffeb6c1fd08432a1c9b9001c073766e8783010a866c524197ef033dbf2d12824e6a719dab1dec37fe7ff3ccdacc1943e

Download Submit
C:\UsersÁUnicorn-51235.exe
Filesize
184KB

MD5
e2b35dd7c77e0dac4229ab1eac40b381

SHA1
3503704db4f74b5304743e990897575397c060fb

SHA256
08a4127c9faa09b8eb807f0734df086891255610f27fecc7470b331afe6ae99b

SHA512
d0bafb40a4b447aabe4aa15ef98870804118b0ff2c9d96c62d376a8c156b63ae1bf1d7b0479acd867f1f14c95946ffb74362358f646976710d61295830a70d12

Download Submit
C:\ÁUnicorn-22115.exe
Filesize
184KB

MD5
6c2d94cf6c06f46eeba3defc2befebea

SHA1
eba0ea851c3a1171d6f2621578c5381092765255

SHA256
783737c4c9b7c755a03c937ce40bc6e1c7881785e28ddfa8bf1697883f2ae760

SHA512
bfbe876acaa9100281a6f5d60fbd061022bf7b88e81f25d37fdaaf6286612312f81f6135e5ec5f7f1805d4e7159d62a4c5b7cf35e7b82862ca6fadf19716782b

Download Submit
C:\ÁUnicorn-38110.exe
Filesize
184KB

MD5
a50827b990f26790eb093c84b2e38044

SHA1
5084c1b9f21b860517fd61562540bab1a8942df8

SHA256
f6c27dbcee49b3e7f84a340d55fbd23018d7ab534c99ed30e08dd9245f2b5148

SHA512
f24d71ad8d77ea55d176370bf94a29cce14bb0c27e1bbb0bd0d781b3c26112021a619581ec096c70b348aa5c85fa25d5dd1544a675ac0a8f665507e80cf7cd8f

Download Submit
C:\ÁUnicorn-40865.exe
Filesize
184KB

MD5
b4836614a5abc4d4d2894b72bfcc9abf

SHA1
5779e1b98d41d24e7e863c02a9d5b7ecabfd0d15

SHA256
2eb577e382133d956fcf000d3165f00b4a503bbd89cf4254fe9139ce69f6d339

SHA512
98adfea5ca05d35cc3a3e17e2e2d8b4b89fc682451548648bde23d6db2b5adb8658fc9fa8c11658509a4b7b005da2048fff62a0a326481b72ed8c9007b078d8f

Download Submit
C:\ÁUnicorn-41038.exe
Filesize
184KB

MD5
f585d5190efd813f335c2449b1bfc2cb

SHA1
998c5fd86db5fc6242f984c26114031a08d1b7c8

SHA256
7492e6edfa35febf209707bf08c136b208044c97b56f6c693ec5c0329053345d

SHA512
8ab1316989e0b4c8ff97a48edaf834c37cf350fab23330917400f48df41329aad90ed5e3470a5f7bb53fa9205c99c13cd621433397709049388b4d788bc40467

Download Submit
C:\ÁUnicorn-5862.exe
Filesize
184KB

MD5
69af0058baadd3c62c7ec33c2f6d64e2

SHA1
1e0c9f1e0ad174d89826e6a926effe93c8e43e26

SHA256
91bd27a0d1457558bf2f866a333885bb5e4453e9aa42d89b9dff3cc2349386aa

SHA512
2de897df2fe9479f66b5667d7e22e3a0787339d520c3732db2f97860d5679dc2137982190d695eb968fbebe843d876427b6d862d82c37843fc6d5cd08ca785fd

Download Submit
\Users\Admin\AppData\Local\TempÁUnicorn-5888.exe
Filesize
184KB

MD5
dacb9fe44e2b85ac8fc8ae0beea471f1

SHA1
62f878a688a450157c4f479d6dfbb2ec05ce7e36

SHA256
5c491db050dadc8cea9e3f745945d77586a93db01123b37ac7dc6d2afda14f7a

SHA512
49997ca144f9f299d6594717cf0b0eac7d3c704061947eb9113bf327d462090f86f6577c08dbe512536e5c81880fa572aa18ac85cbfa3106b8b89c9931e42b8a

Download Submit
\Users\Admin\AppData\Local\TempÁUnicorn-62961.exe
Filesize
184KB

MD5
9cf88184edf282ab454e64d583bc3b16

SHA1
e6f2fd9467a83f400bde626232bd6334593f8dc3

SHA256
803f77af7514a0dafaa9634341e3d0e8f0e46f9461e0c09bc498179a1d54bfa0

SHA512
8205502122ee71bc1d914ec012ee6c26558ab9a9dcf3689416f881693ac19d276a199afd555aeda032cf1bfac96eaf2431b3d7c17a0e8f1a3bf458c478ea1643

Download Submit
\Users\Admin\AppData\LocalÁUnicorn-10676.exe
Filesize
184KB

MD5
47c9e436b4240a2866e1805364662d51

SHA1
ca36b108cae480a49c10f61f79b163f90ec6be57

SHA256
f6f31bbfe48a1879a69e49d2f6c3fc69393f1c345450c35775fae5480200097f

SHA512
63e7cf5d4362138dd412257eda209d099fac0bcda35ec5d314ab3b4279b5c78308918e28eb72ba6afeb8b23430f211b936c51a8e05a15eff4e3d8a900cb49722

Download Submit
\Users\Admin\AppData\LocalÁUnicorn-25754.exe
Filesize
184KB

MD5
02ebd2898c5c30b69e940b4c74e53e3e

SHA1
95f5312e89e5a7d0e6a54db1d82316541b96bd99

SHA256
73b50219d832818ea88a7679e342a32a0b0841c361f7c0ddebbe22ad180b24d0

SHA512
0b0d9b1e53480b5765f3937f138ea9c0542d38ff72f6eecd478e8195cff6ee93fbb5cc08c650e0d4062e2aa35d2a35de9f25398a8bc2279c442bb3778a87297c

Download Submit
\Users\Admin\AppData\LocalÁUnicorn-49446.exe
Filesize
184KB

MD5
f56b396090e5f50f17cb3842ee5e1df8

SHA1
66c2079afd762dafd6493026828f3b4e59b7d625

SHA256
c17c0cd7e1939231f8cdcb9c877fe4a4d95125730a753dadd187a0a8e9861fec

SHA512
59020ef434f059607b1a451299edec22ed1c87a41ab7669c76acca8f98787acd43c159f0ee7739a5536e1a1356b4b60fc7c5d1d2c142b4cc4f14dc40360b1a12

Download Submit
\Users\Admin\AppDataÁUnicorn-30542.exe
Filesize
184KB

MD5
31c978f3c6cb28f5103646b4f86cd87a

SHA1
5381625b8524fa5788e01472b4a9e0a9ac476750

SHA256
153da318930944d12a0817663458ce874966a04ddff97b27ba5eb6ab0e2a24f5

SHA512
894443d9083ae86397e212ce631615f577e003dc12f34f886b8b844be8c90bcbd6bd55fba24faa0d0dd9efe0692cfbf30f5bcb702e081dc3975c4c19dfc7431a

Download Submit
\Users\Admin\AppDataÁUnicorn-3774.exe
Filesize
184KB

MD5
b07e5eadf4682af93468a895ec07842a

SHA1
f5cacb240ca554980d69357bde0d8bdebcd36f25

SHA256
4fc6832bad50076f07b7a9bbf5a3465fcaa3e0242defe98754cc5ac48e37d18b

SHA512
de41fe5ca860cbd79241aa1627ca894a569eb342679f148f3ceb7b007333008ae09fc90e72c31d064e91260c3b43f518e10729731b795fc10e55388151d37bf8

Download Submit
\Users\Admin\AppDataÁUnicorn-62830.exe
Filesize
184KB

MD5
eabc67d135b6b0666e05bfb050ea41ac

SHA1
9f09c1773e10faa3f7f46c30580d703d8189942a

SHA256
41302f8d282b52d28de984e1613c5f25afad9c7e2ca1d69545808e2fed7b54e2

SHA512
967947e2587e1b58ca36ff5a379d70a4f009edeca70ce565c23a8664e6fcca30718dc897170e4a0833d6b27520a8d77b173120ade6992b56f7f7d7ad65427528

Download Submit
\Users\AdminÁUnicorn-12752.exe
Filesize
184KB

MD5
ebfd89eaff01a09d7e02563067ec809b

SHA1
be30dc15f3682910fd6f90fe2675ca28df27a568

SHA256
498f220355326c4c7d20e8f5e5c2509488b336ff0f20c61f25c826f0b581a977

SHA512
e94f64a0dd836a4c3593384cf9627857ed0347880d51f654a43070e8f533e280e79feb93f9895f887d357ca3d733dc003237aee09220bf27f7d06b071e9e73b5

Download Submit
\Users\AdminÁUnicorn-49159.exe
Filesize
184KB

MD5
9caaf663f99a4ab4efd890ded83043b9

SHA1
39a2981802d1298c9854f2b800fa8d659a8f761f

SHA256
e49a15b764d52f6b390cab2767c375723263c215f48837a9525cb5ced46581a8

SHA512
c9b1ef7d38af9f2587331b4bbb9b715b570e1860e4d4a059db2c0e96d119d4eda46ddf86d9e4fec753720ffd65b7cd7b4e254897b1d17e6dd5ebea3073214efa

Download Submit
\Users\AdminÁUnicorn-52195.exe
Filesize
184KB

MD5
86705a33cab76f1ed0fc97a530895801

SHA1
d4b3f4584f509bfabfa69e2e18cbb09ad07034e9

SHA256
216fb80c0fb3306d79c13970e04dbf6ed984b3db8497f67036612d62abd1eafb

SHA512
1c62cf04874099c8f3f23a2e7a9ea4348eca989656a9c3ddbf3511e80464efaf6807fb980134ae53e18b938331afb298cbde1d35ac7f78cb68ec1abec8c02416

Download Submit
memory/1272-835-0x00000000028A0000-0x00000000029FC000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads