9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe
Size

468KB
MD5

b3307cda92400c0f9109ba18739a1089
SHA1

a7e0e79bc9f20542b450686f78174e913a247da6
SHA256

9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0
SHA512

01ba25bcf6bb5700408484012ebdee55e13518ca7d74d6b1e6772e6c89ba9db78f1ce28336cdf8fc95855595c2748effd7d0e0ac6bbe5dc9ed395cc87daa6177
SSDEEP

3072:tbACog5dP08U1bY0Pzijff8/EChjt4pCndHeZVpI1i63HlpNjclL:tb1om5U13PejffQEB21iYFpNj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-55331.exeUnicorn-63378.exeUnicorn-18043.exeUnicorn-51807.exeUnicorn-30405.exeUnicorn-50271.exeUnicorn-23456.exeUnicorn-2054.exeUnicorn-4130.exeUnicorn-5474.exeUnicorn-41716.exeUnicorn-61845.exeUnicorn-781.exeUnicorn-12966.exeUnicorn-5649.exeUnicorn-64834.exeUnicorn-37144.exeUnicorn-28504.exeUnicorn-7102.exeUnicorn-29867.exeUnicorn-2264.exeUnicorn-51968.exeUnicorn-6296.exeUnicorn-21782.exeUnicorn-1916.exeUnicorn-6213.exeUnicorn-21258.exeUnicorn-1968.exeUnicorn-48668.exeUnicorn-51216.exeUnicorn-4153.exeUnicorn-61484.exeUnicorn-42578.exeUnicorn-52963.exeUnicorn-11136.exeUnicorn-42211.exeUnicorn-64032.exeUnicorn-29693.exeUnicorn-49559.exeUnicorn-64748.exeUnicorn-47307.exeUnicorn-17541.exeUnicorn-39627.exeUnicorn-56648.exeUnicorn-22833.exeUnicorn-62496.exeUnicorn-16825.exeUnicorn-53472.exeUnicorn-52040.exeUnicorn-51936.exeUnicorn-1952.exeUnicorn-32714.exeUnicorn-22238.exeUnicorn-63073.exeUnicorn-44604.exeUnicorn-13143.exeUnicorn-32713.exeUnicorn-59547.exeUnicorn-22188.exeUnicorn-42054.exeUnicorn-57715.exeUnicorn-55219.exeUnicorn-21088.exeUnicorn-39994.exe

pid	process
1884	Unicorn-55331.exe
2888	Unicorn-63378.exe
2660	Unicorn-18043.exe
2504	Unicorn-51807.exe
2408	Unicorn-30405.exe
2488	Unicorn-50271.exe
2388	Unicorn-23456.exe
2696	Unicorn-2054.exe
768	Unicorn-4130.exe
772	Unicorn-5474.exe
1940	Unicorn-41716.exe
3052	Unicorn-61845.exe
2908	Unicorn-781.exe
636	Unicorn-12966.exe
2380	Unicorn-5649.exe
2976	Unicorn-64834.exe
2720	Unicorn-37144.exe
912	Unicorn-28504.exe
2496	Unicorn-7102.exe
2252	Unicorn-29867.exe
2260	Unicorn-2264.exe
1716	Unicorn-51968.exe
2072	Unicorn-6296.exe
2140	Unicorn-21782.exe
2132	Unicorn-1916.exe
2616	Unicorn-6213.exe
2436	Unicorn-21258.exe
2412	Unicorn-1968.exe
2428	Unicorn-48668.exe
2004	Unicorn-51216.exe
2096	Unicorn-4153.exe
1280	Unicorn-61484.exe
1404	Unicorn-42578.exe
3068	Unicorn-52963.exe
2932	Unicorn-11136.exe
2156	Unicorn-42211.exe
3028	Unicorn-64032.exe
1780	Unicorn-29693.exe
1880	Unicorn-49559.exe
1520	Unicorn-64748.exe
2160	Unicorn-47307.exe
1584	Unicorn-17541.exe
2892	Unicorn-39627.exe
2544	Unicorn-56648.exe
2572	Unicorn-22833.exe
2552	Unicorn-62496.exe
2468	Unicorn-16825.exe
2820	Unicorn-53472.exe
1532	Unicorn-52040.exe
2324	Unicorn-51936.exe
2516	Unicorn-1952.exe
2964	Unicorn-32714.exe
580	Unicorn-22238.exe
1056	Unicorn-63073.exe
1348	Unicorn-44604.exe
2752	Unicorn-13143.exe
2816	Unicorn-32713.exe
1740	Unicorn-59547.exe
1824	Unicorn-22188.exe
1568	Unicorn-42054.exe
1984	Unicorn-57715.exe
1552	Unicorn-55219.exe
312	Unicorn-21088.exe
2728	Unicorn-39994.exe

Loads dropped DLL 64 IoCs

Processes:

9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exeUnicorn-55331.exeUnicorn-63378.exeUnicorn-18043.exeWerFault.exeUnicorn-51807.exeUnicorn-50271.exeUnicorn-30405.exeWerFault.exeWerFault.exeUnicorn-23456.exeUnicorn-2054.exeUnicorn-4130.exeUnicorn-41716.exeUnicorn-5474.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe
2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe
1884	Unicorn-55331.exe
1884	Unicorn-55331.exe
2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe
2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe
2888	Unicorn-63378.exe
2888	Unicorn-63378.exe
1884	Unicorn-55331.exe
1884	Unicorn-55331.exe
2660	Unicorn-18043.exe
2660	Unicorn-18043.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
2504	Unicorn-51807.exe
2504	Unicorn-51807.exe
2888	Unicorn-63378.exe
2888	Unicorn-63378.exe
2488	Unicorn-50271.exe
2488	Unicorn-50271.exe
2408	Unicorn-30405.exe
2408	Unicorn-30405.exe
2660	Unicorn-18043.exe
2660	Unicorn-18043.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2388	Unicorn-23456.exe
2388	Unicorn-23456.exe
2504	Unicorn-51807.exe
2504	Unicorn-51807.exe
2696	Unicorn-2054.exe
2696	Unicorn-2054.exe
768	Unicorn-4130.exe
768	Unicorn-4130.exe
1940	Unicorn-41716.exe
2488	Unicorn-50271.exe
1940	Unicorn-41716.exe
2488	Unicorn-50271.exe
772	Unicorn-5474.exe
772	Unicorn-5474.exe
2408	Unicorn-30405.exe
2408	Unicorn-30405.exe
3044	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
992	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1800	2800	WerFault.exe	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe
1536	1884	WerFault.exe	Unicorn-55331.exe
2864	2888	WerFault.exe	Unicorn-63378.exe
2076	2660	WerFault.exe	Unicorn-18043.exe
3044	2504	WerFault.exe	Unicorn-51807.exe
2040	2488	WerFault.exe	Unicorn-50271.exe
992	2408	WerFault.exe	Unicorn-30405.exe
1816	2388	WerFault.exe	Unicorn-23456.exe
2348	2696	WerFault.exe	Unicorn-2054.exe
1988	768	WerFault.exe	Unicorn-4130.exe
1172	1940	WerFault.exe	Unicorn-41716.exe
1108	772	WerFault.exe	Unicorn-5474.exe
1208	2908	WerFault.exe	Unicorn-781.exe
1444	3052	WerFault.exe	Unicorn-61845.exe
1624	2380	WerFault.exe	Unicorn-5649.exe
1708	2496	WerFault.exe	Unicorn-7102.exe
1620	2720	WerFault.exe	Unicorn-37144.exe
2244	636	WerFault.exe	Unicorn-12966.exe
2068	912	WerFault.exe	Unicorn-28504.exe
1700	2976	WerFault.exe	Unicorn-64834.exe
2640	2140	WerFault.exe	Unicorn-21782.exe
704	2132	WerFault.exe	Unicorn-1916.exe
348	2260	WerFault.exe	Unicorn-2264.exe
840	2616	WerFault.exe	Unicorn-6213.exe
2104	2436	WerFault.exe	Unicorn-21258.exe
3172	3068	WerFault.exe	Unicorn-52963.exe
3164	1280	WerFault.exe	Unicorn-61484.exe
3444	1404	WerFault.exe	Unicorn-42578.exe
3488	2252	WerFault.exe	Unicorn-29867.exe
3612	1520	WerFault.exe	Unicorn-64748.exe
3636	2412	WerFault.exe	Unicorn-1968.exe
3684	2428	WerFault.exe	Unicorn-48668.exe
3712	2544	WerFault.exe	Unicorn-56648.exe
3768	1780	WerFault.exe	Unicorn-29693.exe
3836	2572	WerFault.exe	Unicorn-22833.exe
3852	2072	WerFault.exe	Unicorn-6296.exe
3892	2096	WerFault.exe	Unicorn-4153.exe
4060	2004	WerFault.exe	Unicorn-51216.exe
3092	2932	WerFault.exe	Unicorn-11136.exe
3136	2892	WerFault.exe	Unicorn-39627.exe
3436	2324	WerFault.exe	Unicorn-51936.exe
3924	2156	WerFault.exe	Unicorn-42211.exe
3996	1716	WerFault.exe	Unicorn-51968.exe
3580	2468	WerFault.exe	Unicorn-16825.exe
4128	2552	WerFault.exe	Unicorn-62496.exe
4136	1532	WerFault.exe	Unicorn-52040.exe
4260	3028	WerFault.exe	Unicorn-64032.exe
4268	1568	WerFault.exe	Unicorn-42054.exe
4276	2820	WerFault.exe	Unicorn-53472.exe
4284	1984	WerFault.exe	Unicorn-57715.exe
4292	1740	WerFault.exe	Unicorn-59547.exe
4316	1880	WerFault.exe	Unicorn-49559.exe
4380	580	WerFault.exe	Unicorn-22238.exe
4388	340	WerFault.exe	Unicorn-46211.exe
4412	2160	WerFault.exe	Unicorn-47307.exe
4488	1348	WerFault.exe	Unicorn-44604.exe
4696	1600	WerFault.exe	Unicorn-42842.exe
4704	3036	WerFault.exe	Unicorn-8572.exe
4812	2964	WerFault.exe	Unicorn-32714.exe
4820	1824	WerFault.exe	Unicorn-22188.exe
4828	1820	WerFault.exe	Unicorn-819.exe
4848	2516	WerFault.exe	Unicorn-1952.exe
4868	2008	WerFault.exe	Unicorn-22449.exe
4860	1056	WerFault.exe	Unicorn-63073.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exeUnicorn-55331.exeUnicorn-63378.exeUnicorn-18043.exeUnicorn-51807.exeUnicorn-50271.exeUnicorn-30405.exeUnicorn-23456.exeUnicorn-2054.exeUnicorn-4130.exeUnicorn-41716.exeUnicorn-5474.exeUnicorn-61845.exeUnicorn-781.exeUnicorn-12966.exeUnicorn-5649.exeUnicorn-37144.exeUnicorn-64834.exeUnicorn-7102.exeUnicorn-28504.exeUnicorn-29867.exeUnicorn-2264.exeUnicorn-51968.exeUnicorn-21782.exeUnicorn-1916.exeUnicorn-6296.exeUnicorn-6213.exeUnicorn-21258.exeUnicorn-1968.exeUnicorn-48668.exeUnicorn-51216.exeUnicorn-4153.exeUnicorn-61484.exeUnicorn-42578.exeUnicorn-52963.exeUnicorn-11136.exeUnicorn-42211.exeUnicorn-64032.exeUnicorn-29693.exeUnicorn-49559.exeUnicorn-64748.exeUnicorn-47307.exeUnicorn-17541.exeUnicorn-39627.exeUnicorn-56648.exeUnicorn-16825.exeUnicorn-22833.exeUnicorn-62496.exeUnicorn-53472.exeUnicorn-52040.exeUnicorn-51936.exeUnicorn-1952.exeUnicorn-44604.exeUnicorn-32714.exeUnicorn-63073.exeUnicorn-22238.exeUnicorn-13143.exeUnicorn-32713.exeUnicorn-59547.exeUnicorn-42054.exeUnicorn-22188.exeUnicorn-57715.exeUnicorn-55219.exeUnicorn-21088.exe

pid	process
2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe
1884	Unicorn-55331.exe
2888	Unicorn-63378.exe
2660	Unicorn-18043.exe
2504	Unicorn-51807.exe
2488	Unicorn-50271.exe
2408	Unicorn-30405.exe
2388	Unicorn-23456.exe
2696	Unicorn-2054.exe
768	Unicorn-4130.exe
1940	Unicorn-41716.exe
772	Unicorn-5474.exe
3052	Unicorn-61845.exe
2908	Unicorn-781.exe
636	Unicorn-12966.exe
2380	Unicorn-5649.exe
2720	Unicorn-37144.exe
2976	Unicorn-64834.exe
2496	Unicorn-7102.exe
912	Unicorn-28504.exe
2252	Unicorn-29867.exe
2260	Unicorn-2264.exe
1716	Unicorn-51968.exe
2140	Unicorn-21782.exe
2132	Unicorn-1916.exe
2072	Unicorn-6296.exe
2616	Unicorn-6213.exe
2436	Unicorn-21258.exe
2412	Unicorn-1968.exe
2428	Unicorn-48668.exe
2004	Unicorn-51216.exe
2096	Unicorn-4153.exe
1280	Unicorn-61484.exe
1404	Unicorn-42578.exe
3068	Unicorn-52963.exe
2932	Unicorn-11136.exe
2156	Unicorn-42211.exe
3028	Unicorn-64032.exe
1780	Unicorn-29693.exe
1880	Unicorn-49559.exe
1520	Unicorn-64748.exe
2160	Unicorn-47307.exe
1584	Unicorn-17541.exe
2892	Unicorn-39627.exe
2544	Unicorn-56648.exe
2468	Unicorn-16825.exe
2572	Unicorn-22833.exe
2552	Unicorn-62496.exe
2820	Unicorn-53472.exe
1532	Unicorn-52040.exe
2324	Unicorn-51936.exe
2516	Unicorn-1952.exe
1348	Unicorn-44604.exe
2964	Unicorn-32714.exe
1056	Unicorn-63073.exe
580	Unicorn-22238.exe
2752	Unicorn-13143.exe
2816	Unicorn-32713.exe
1740	Unicorn-59547.exe
1568	Unicorn-42054.exe
1824	Unicorn-22188.exe
1984	Unicorn-57715.exe
1552	Unicorn-55219.exe
312	Unicorn-21088.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exeUnicorn-55331.exeUnicorn-63378.exeUnicorn-18043.exeUnicorn-51807.exeUnicorn-50271.exeUnicorn-30405.exeUnicorn-23456.exe

description	pid	process	target process
PID 2800 wrote to memory of 1884	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	Unicorn-55331.exe
PID 2800 wrote to memory of 1884	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	Unicorn-55331.exe
PID 2800 wrote to memory of 1884	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	Unicorn-55331.exe
PID 2800 wrote to memory of 1884	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	Unicorn-55331.exe
PID 1884 wrote to memory of 2888	1884	Unicorn-55331.exe	Unicorn-63378.exe
PID 1884 wrote to memory of 2888	1884	Unicorn-55331.exe	Unicorn-63378.exe
PID 1884 wrote to memory of 2888	1884	Unicorn-55331.exe	Unicorn-63378.exe
PID 1884 wrote to memory of 2888	1884	Unicorn-55331.exe	Unicorn-63378.exe
PID 2800 wrote to memory of 2660	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	Unicorn-18043.exe
PID 2800 wrote to memory of 2660	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	Unicorn-18043.exe
PID 2800 wrote to memory of 2660	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	Unicorn-18043.exe
PID 2800 wrote to memory of 2660	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	Unicorn-18043.exe
PID 2800 wrote to memory of 1800	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	WerFault.exe
PID 2800 wrote to memory of 1800	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	WerFault.exe
PID 2800 wrote to memory of 1800	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	WerFault.exe
PID 2800 wrote to memory of 1800	2800	9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe	WerFault.exe
PID 2888 wrote to memory of 2504	2888	Unicorn-63378.exe	Unicorn-51807.exe
PID 2888 wrote to memory of 2504	2888	Unicorn-63378.exe	Unicorn-51807.exe
PID 2888 wrote to memory of 2504	2888	Unicorn-63378.exe	Unicorn-51807.exe
PID 2888 wrote to memory of 2504	2888	Unicorn-63378.exe	Unicorn-51807.exe
PID 1884 wrote to memory of 2408	1884	Unicorn-55331.exe	Unicorn-30405.exe
PID 1884 wrote to memory of 2408	1884	Unicorn-55331.exe	Unicorn-30405.exe
PID 1884 wrote to memory of 2408	1884	Unicorn-55331.exe	Unicorn-30405.exe
PID 1884 wrote to memory of 2408	1884	Unicorn-55331.exe	Unicorn-30405.exe
PID 2660 wrote to memory of 2488	2660	Unicorn-18043.exe	Unicorn-50271.exe
PID 2660 wrote to memory of 2488	2660	Unicorn-18043.exe	Unicorn-50271.exe
PID 2660 wrote to memory of 2488	2660	Unicorn-18043.exe	Unicorn-50271.exe
PID 2660 wrote to memory of 2488	2660	Unicorn-18043.exe	Unicorn-50271.exe
PID 1884 wrote to memory of 1536	1884	Unicorn-55331.exe	WerFault.exe
PID 1884 wrote to memory of 1536	1884	Unicorn-55331.exe	WerFault.exe
PID 1884 wrote to memory of 1536	1884	Unicorn-55331.exe	WerFault.exe
PID 1884 wrote to memory of 1536	1884	Unicorn-55331.exe	WerFault.exe
PID 2504 wrote to memory of 2388	2504	Unicorn-51807.exe	Unicorn-23456.exe
PID 2504 wrote to memory of 2388	2504	Unicorn-51807.exe	Unicorn-23456.exe
PID 2504 wrote to memory of 2388	2504	Unicorn-51807.exe	Unicorn-23456.exe
PID 2504 wrote to memory of 2388	2504	Unicorn-51807.exe	Unicorn-23456.exe
PID 2888 wrote to memory of 2696	2888	Unicorn-63378.exe	Unicorn-2054.exe
PID 2888 wrote to memory of 2696	2888	Unicorn-63378.exe	Unicorn-2054.exe
PID 2888 wrote to memory of 2696	2888	Unicorn-63378.exe	Unicorn-2054.exe
PID 2888 wrote to memory of 2696	2888	Unicorn-63378.exe	Unicorn-2054.exe
PID 2488 wrote to memory of 768	2488	Unicorn-50271.exe	Unicorn-4130.exe
PID 2488 wrote to memory of 768	2488	Unicorn-50271.exe	Unicorn-4130.exe
PID 2488 wrote to memory of 768	2488	Unicorn-50271.exe	Unicorn-4130.exe
PID 2488 wrote to memory of 768	2488	Unicorn-50271.exe	Unicorn-4130.exe
PID 2408 wrote to memory of 772	2408	Unicorn-30405.exe	Unicorn-5474.exe
PID 2408 wrote to memory of 772	2408	Unicorn-30405.exe	Unicorn-5474.exe
PID 2408 wrote to memory of 772	2408	Unicorn-30405.exe	Unicorn-5474.exe
PID 2408 wrote to memory of 772	2408	Unicorn-30405.exe	Unicorn-5474.exe
PID 2660 wrote to memory of 1940	2660	Unicorn-18043.exe	Unicorn-41716.exe
PID 2660 wrote to memory of 1940	2660	Unicorn-18043.exe	Unicorn-41716.exe
PID 2660 wrote to memory of 1940	2660	Unicorn-18043.exe	Unicorn-41716.exe
PID 2660 wrote to memory of 1940	2660	Unicorn-18043.exe	Unicorn-41716.exe
PID 2888 wrote to memory of 2864	2888	Unicorn-63378.exe	WerFault.exe
PID 2888 wrote to memory of 2864	2888	Unicorn-63378.exe	WerFault.exe
PID 2888 wrote to memory of 2864	2888	Unicorn-63378.exe	WerFault.exe
PID 2888 wrote to memory of 2864	2888	Unicorn-63378.exe	WerFault.exe
PID 2660 wrote to memory of 2076	2660	Unicorn-18043.exe	WerFault.exe
PID 2660 wrote to memory of 2076	2660	Unicorn-18043.exe	WerFault.exe
PID 2660 wrote to memory of 2076	2660	Unicorn-18043.exe	WerFault.exe
PID 2660 wrote to memory of 2076	2660	Unicorn-18043.exe	WerFault.exe
PID 2388 wrote to memory of 3052	2388	Unicorn-23456.exe	Unicorn-61845.exe
PID 2388 wrote to memory of 3052	2388	Unicorn-23456.exe	Unicorn-61845.exe
PID 2388 wrote to memory of 3052	2388	Unicorn-23456.exe	Unicorn-61845.exe
PID 2388 wrote to memory of 3052	2388	Unicorn-23456.exe	Unicorn-61845.exe

C:\Users\Admin\AppData\Local\Temp\9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe
"C:\Users\Admin\AppData\Local\Temp\9f48bb3213652848914631fdff81adf27f7b0a4a2b373f9af0fa8c8ef4f51af0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-22238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22238.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
10⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
11⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-20206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20206.exe
12⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 376
12⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 376
11⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 376
10⤵
- Program crash
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 376
9⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
11⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 380
11⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 376
10⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 380
9⤵
- Program crash
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 380
8⤵
- Program crash
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
8⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
10⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 380
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 380
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 368
8⤵
- Program crash
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 372
7⤵
- Program crash
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
9⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
11⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 380
11⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 376
10⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 380
9⤵
- Program crash
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-14963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14963.exe
8⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
10⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 380
10⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 376
9⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 376
8⤵
- Program crash
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:312

C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
8⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 376
9⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 380
8⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 376
7⤵
- Program crash
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 376
6⤵
- Program crash
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-11165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11165.exe
10⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 376
11⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 380
10⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 380
9⤵
- Program crash
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 368
8⤵
- Program crash
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
9⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
10⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 376
9⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 376
8⤵
- Program crash
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 376
7⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-63073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63073.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
9⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
10⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 376
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 376
8⤵
- Program crash
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 376
7⤵
- Program crash
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 380
6⤵
- Program crash
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 376
5⤵
- Loads dropped DLL
- Program crash
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-6296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6296.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
8⤵
- Executes dropped EXE
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
9⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 376
10⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 380
9⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 380
8⤵
- Program crash
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
7⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
9⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
10⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 380
10⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 376
9⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 376
8⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 376
7⤵
- Program crash
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
7⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
8⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
9⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 372
9⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 376
8⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 372
7⤵
- Program crash
PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 376
6⤵
- Program crash
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-32713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32713.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
9⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 376
9⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 368
8⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 380
7⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-46353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46353.exe
7⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
8⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
9⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 376
9⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 376
8⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 376
7⤵
- Program crash
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 372
6⤵
- Program crash
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 376
5⤵
- Program crash
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 372
4⤵
- Loads dropped DLL
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-39627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39627.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
8⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 376
10⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 380
9⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 376
8⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
7⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-60747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60747.exe
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 368
9⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 376
8⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 376
7⤵
- Program crash
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-819.exe
7⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-34690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34690.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
9⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-29653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29653.exe
10⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 376
10⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 376
9⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 376
8⤵
- Program crash
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 376
7⤵
- Program crash
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 372
6⤵
- Program crash
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
7⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
8⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
9⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 384
8⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 376
7⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 380
6⤵
- Program crash
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 368
5⤵
- Program crash
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
7⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
8⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
9⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 376
8⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 376
7⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 376
6⤵
- Program crash
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 380
5⤵
- Program crash
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 380
4⤵
- Loads dropped DLL
- Program crash
PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 376
3⤵
- Loads dropped DLL
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-5649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5649.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
9⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
11⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 372
11⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 376
10⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 380
9⤵
- Program crash
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-26572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26572.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
9⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
10⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 380
10⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 376
9⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 376
8⤵
- Program crash
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
8⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
9⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
10⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 380
10⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 380
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 380
8⤵
- Program crash
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 376
7⤵
- Program crash
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
7⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
8⤵
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 376
9⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 376
8⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 376
7⤵
- Program crash
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 380
6⤵
- Program crash
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
7⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-11165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11165.exe
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 380
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 368
9⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 376
8⤵
- Program crash
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
7⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
8⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
9⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 372
9⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 372
8⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 380
7⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-42842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42842.exe
6⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
7⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
8⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
9⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 376
9⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 376
8⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 380
7⤵
- Program crash
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 376
6⤵
- Program crash
PID:840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 376
5⤵
- Program crash
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
7⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
9⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 388
9⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 376
8⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 376
7⤵
- Program crash
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
6⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
7⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
8⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
9⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 372
9⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 380
8⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 376
7⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 376
6⤵
- Program crash
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
6⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
7⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
8⤵
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 380
8⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 380
7⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 376
6⤵
- Program crash
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 376
5⤵
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 380
4⤵
- Loads dropped DLL
- Program crash
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
7⤵
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
8⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 384
9⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 376
8⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 380
7⤵
- Program crash
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-8572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8572.exe
6⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
7⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
8⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 384
9⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 376
8⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 384
7⤵
- Program crash
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 384
6⤵
- Program crash
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-819.exe
6⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
8⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 376
8⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 376
7⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 380
6⤵
- Program crash
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 380
5⤵
- Program crash
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
6⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
7⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
8⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
9⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 368
9⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 376
8⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 376
7⤵
- Program crash
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
6⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
7⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
8⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 380
8⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 376
7⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 376
6⤵
- Program crash
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-35037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35037.exe
5⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
6⤵
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 380
7⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 380
6⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 376
5⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 376
4⤵
- Program crash
PID:1172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 376
3⤵
- Loads dropped DLL
- Program crash
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 380
2⤵
- Program crash
PID:1800

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
Filesize
468KB

MD5
42c4adff9d8eb44d16056f5e9859d4a1

SHA1
b98ae550dea2190fe63935a349de3c3502fe2df6

SHA256
82a81a23ec462b83cb859ecdafb913cc146faedc31cdf840f5aedd6d24a2f4cd

SHA512
a839f5f3f8e720ff72fc72c142d53a08a7b5e3f9f79697435b785eaaef6cb7e872a17c5090ef41d1649820eb962562a948a79394503834cba1df8add166f92ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
Filesize
468KB

MD5
3398fa30ceaf13dcf51d76b86912f4cd

SHA1
8b84dc184ee8db85389dd6263fac78dccfaeb7a5

SHA256
f3fe4d4f09765ca68925beb7e2f6888618d0a85d7f3f722f3b1e890c9f787fc9

SHA512
db99c4d8592d5d51b16ec063ef1c00b91363a40daaafeab112d2f401302b091bac83507a50142df367b10e83d67d2ccf3f130d61bb1fa04c17b61b555b477056

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
Filesize
468KB

MD5
6c4d235b0e3d6553dd0c832a8e163ca8

SHA1
100d36e0c5953d7e26e2859c98d6cf135a1071a9

SHA256
38c3c2d5ab37acd3a4b1d55b6cdb1a16ff0be77f6e4b4ca7402835c2227a78ea

SHA512
3f9af3991b8ab1cb99801a5eda7fac6d3e3e43788145a7121b89e05b595e64ea6058699dbdb9933832c421c20c65122b216d0771d73c4ebb1890dd28af47ab5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5649.exe
Filesize
468KB

MD5
f2807db519ece2e6e5bc7d55b644e628

SHA1
aac112a2ca66af082eb200ce062448f111f4cd2a

SHA256
9150868c646599de48a0633d0c50c6e1b61033c51c3c4a3595e18e36a831b889

SHA512
239d70a569e0e549fde4b778ced014e4693e2f2e5172cdc1dc00e96e625472257bcedb5b71ab60ec5a0dca8787156ddaf286942b6c1b6ef568ffa5b9eeeeceeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
Filesize
468KB

MD5
9bdcfd345faf7d4700696843973376fd

SHA1
b0cfd661d8790925228e61a088a4eac86b052d0c

SHA256
9c8435224ae0a0c0bda6426c504c9a7ea12344c1008a6ae750aee501c82cb0ea

SHA512
6414201a08ac4f47815251ef4d053190ef8761dbc10ef8d91666cb757c8c36fcaec9b77cbc0b8da705fe448223b464aede991e207e5dac7b694de2a97b90e80c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
Filesize
468KB

MD5
f0b59ed10e022d0fa335a89f67219c31

SHA1
d840595b85aa2335153081acfc89ca46af2c67d8

SHA256
ff5220999265daf98881e38f1e67a0f005a26c94c3d6ae6f210631cf34741d52

SHA512
cae984283e137688cc7c47dc6280e76d67f19a25bc5aeb08fc7272239ffa4a43d1ad54c0e86e5ff2efd901c99773be894deb81a2eaddbe8d8494363a31397455

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
Filesize
468KB

MD5
5bb051400b7d733f7282a8d772d51022

SHA1
867c3fb4cd4b4ac31f7a4ce3a720c706fbbcf778

SHA256
89b818280241b17f0e8a79a95f48b6ef37526f9d13e7dda0aedd550f0435f680

SHA512
dc2d66a6fdc5a6464245d40a6238c8f773770e81b7ed0b7471308235c37b2019c5dad534d12c3224e2196f5b85917533e25fa4343f2edabd9dcf8a6bf3b8937b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
Filesize
468KB

MD5
e1b9f5ebe780804eb1566f89a54413c3

SHA1
94888a2fd3a62dcd088be6a0f8fc4afc7bf27932

SHA256
e6af76d5df641dc7143201903ebb27fd4e18b764b620397c33316b83e021a840

SHA512
849758c48321e856a1120ac9a2ed2ad4ac886b06faf4fed437c9d5316646d00c9a0b8ac3626e6167d9698850e45142fbdc6edd49cf3f368f1a7f1ad757140950

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
Filesize
468KB

MD5
c38076925d573155ec0b8fc42f4352c9

SHA1
2e5a2884129c5dd48cc5937e5d17c80230418268

SHA256
09c5c970262818822bbe9c32cb8ae4eebb38b837b9a91876247336f944863528

SHA512
16c35cad63931037a70ed23817fb69243603cd40c6e9fb76cbd88f6057d377afe313573f91a9f24b8bc7733057f8448bef7bade9548916d41296ecd18de40a3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
Filesize
468KB

MD5
91ff99d4f51005e96f458a5dd7339192

SHA1
cafb2004e72725401192ed10a616963db8a20f2e

SHA256
6bce0363e77312a58fe24dcc2fae12f4b6a152820b00561e46f58d452f4233f2

SHA512
635068ed593173f62ce60c4f0f56f68fdd0d6cc69d8d238f33e38580e000b012ac2d044ca69de6cddc9f64afdcb829470f17f7c90b4c3157c32c4abbf95a6efa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
Filesize
468KB

MD5
fbc086b2dbe0726cfcb38b9cc17d4030

SHA1
f715110b75f4873cbbc8c9e513a7778b9d2c7b5b

SHA256
26a866219aa29b069a231ba95b11d8b560f82bd04722d5ec1c42545374c09b93

SHA512
489419d94c8fb4c7a048694344d7210a84e534a2b1b92979d9634dc848e9ec8ae8a2128b1dc9ec54dbcc20ce02f959dff4237e28aa2b8ba2281efaf336d8238f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
Filesize
468KB

MD5
2ab78d9ed55722e338f00bc3d315b9c5

SHA1
93b804776cc92236bb18bbc06777633da4ad6826

SHA256
93240dd41d8746f349cf332f529640773b4af6e04b7254889db04c6d70ef369e

SHA512
08d23368abe81ae2705f922684cdaee57c29fa5203ea2d073795db3bf35259e35cab0c70b53fa92fe783aa8527ea568da19655fa34da2eb5d1b8d2925d65b247

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe
Filesize
468KB

MD5
35f19b3e1177b33f72ba58d2a6abc15d

SHA1
f0d3f9ff6d0c768582134e3adb82028b6d6ecb18

SHA256
b43fcaf72662c6c502a856c38e1dce0db7fd15da69ef94b17a49c97dafeb31d9

SHA512
86aad4ba665302f0db360c7e398cf46956ae66d26aa5f604f507e38debcfe833329687c5357eadf85fb712c861be84c34c2aa12df92674ceeab02b9e5237420a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
Filesize
468KB

MD5
ef7c906fa963f5dcc48dadb5ff2d14fc

SHA1
6afbf78297f02c616f3ec83b5311a24303bdc696

SHA256
6fefff0cbcf464243e728e92346c858cab1c4177fc13a7e0720990389b46a678

SHA512
e2c40d2cb2258c5bc30950e66ee8b1dcd443bbf7754b8d2eb918090c4f41bbbe1cd9827edc81b15d0dea699184363409da44990ff3a676047173b9e16b791f12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
Filesize
468KB

MD5
5a0af5f5c022c9c6edaa396ba83707c6

SHA1
455b1c6dd06101c7a6b588a6f19b47812475676c

SHA256
610a7b4b3182d7029e6d7739d4077a22e5949cee7198f85e83dda37ba98f048a

SHA512
acede2c79856077e23ce9418b5fe69aa949bfe2da90e0bc4c7cb481f5c1ec1cab554ad029bae20e760c256cb57a2f53e6d1bbd490f0fb966b7b9ab20b5a65596

Download Submit
memory/636-273-0x00000000024E0000-0x0000000002555000-memory.dmp

Filesize
468KB

Download
memory/636-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/636-272-0x00000000024E0000-0x0000000002555000-memory.dmp

Filesize
468KB

Download
memory/768-194-0x0000000002400000-0x0000000002475000-memory.dmp

Filesize
468KB

Download
memory/768-306-0x0000000002400000-0x0000000002475000-memory.dmp

Filesize
468KB

Download
memory/768-307-0x0000000002400000-0x0000000002475000-memory.dmp

Filesize
468KB

Download
memory/768-195-0x0000000002400000-0x0000000002475000-memory.dmp

Filesize
468KB

Download
memory/768-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/772-123-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/772-217-0x00000000024A0000-0x0000000002515000-memory.dmp

Filesize
468KB

Download
memory/772-350-0x00000000024A0000-0x0000000002515000-memory.dmp

Filesize
468KB

Download
memory/772-351-0x00000000024A0000-0x0000000002515000-memory.dmp

Filesize
468KB

Download
memory/772-222-0x00000000024A0000-0x0000000002515000-memory.dmp

Filesize
468KB

Download
memory/912-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/912-341-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/912-337-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1280-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1404-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1716-413-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/1716-414-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/1716-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1884-25-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/1884-23-0x00000000035C0000-0x0000000003635000-memory.dmp

Filesize
468KB

Download
memory/1940-330-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/1940-135-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1940-203-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/1940-214-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/1940-328-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2004-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2096-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2132-406-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2132-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2132-405-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2140-428-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2140-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2156-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-368-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2252-367-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2260-385-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2260-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2260-386-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2380-287-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2380-289-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2380-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-270-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2388-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-269-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2388-166-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2408-228-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2408-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2408-232-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2408-122-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2412-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2428-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2488-212-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2488-211-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2488-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2496-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2496-427-0x0000000001CF0000-0x0000000001D65000-memory.dmp

Filesize
468KB

Download
memory/2504-170-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2504-48-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-169-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2616-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2660-126-0x0000000002710000-0x0000000002785000-memory.dmp

Filesize
468KB

Download
memory/2660-133-0x0000000002710000-0x0000000002785000-memory.dmp

Filesize
468KB

Download
memory/2660-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2696-291-0x0000000003470000-0x00000000034E5000-memory.dmp

Filesize
468KB

Download
memory/2696-288-0x0000000003470000-0x00000000034E5000-memory.dmp

Filesize
468KB

Download
memory/2696-184-0x0000000003470000-0x00000000034E5000-memory.dmp

Filesize
468KB

Download
memory/2696-185-0x0000000003470000-0x00000000034E5000-memory.dmp

Filesize
468KB

Download
memory/2720-318-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/2720-311-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/2720-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2800-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2800-6-0x0000000001CE0000-0x0000000001D55000-memory.dmp

Filesize
468KB

Download
memory/2888-94-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2888-26-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-372-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2908-377-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2908-246-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2908-244-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2932-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2976-332-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2976-329-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2976-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3028-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-396-0x0000000002420000-0x0000000002495000-memory.dmp

Filesize
468KB

Download
memory/3052-395-0x0000000002420000-0x0000000002495000-memory.dmp

Filesize
468KB

Download
memory/3052-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-254-0x0000000002420000-0x0000000002495000-memory.dmp

Filesize
468KB

Download
memory/3052-256-0x0000000002420000-0x0000000002495000-memory.dmp

Filesize
468KB

Download
memory/3068-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads