Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 22:08
Static task
static1
Behavioral task
behavioral1
Sample
5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe
Resource
win10v2004-20240508-en
General
-
Target
5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe
-
Size
184KB
-
MD5
d20e65c0dbe76a977a5b3a0199c5824a
-
SHA1
ca154827a1fea8a02054d4f2e92181572ecece7b
-
SHA256
5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734
-
SHA512
c95d595d59f9de0747e612945d1ce84d48a0a7bb45fcae7e35dfa2a381afc7523f7d9beb17c6638bcd4b75cc8c94644b13960ea3e73d6dfd026d995f7705b2c7
-
SSDEEP
3072:HJx5Exo6sFETjN4HeDIL+dsghlnViFSnY:HJioKHN4BLqsghlnViFS
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
Processes:
Unicorn-13612.exeUnicorn-11557.exeUnicorn-22418.exeUnicorn-32217.exeUnicorn-1490.exeUnicorn-47162.exeUnicorn-12756.exeUnicorn-46176.exeUnicorn-4588.exeUnicorn-15449.exeUnicorn-35315.exeUnicorn-21776.exeUnicorn-35974.exeUnicorn-40058.exeUnicorn-5247.exeUnicorn-5247.exeUnicorn-38666.exeUnicorn-20192.exeUnicorn-62699.exeUnicorn-65392.exeUnicorn-42279.exeUnicorn-61308.exeUnicorn-44225.exeUnicorn-55086.exeUnicorn-28443.exeUnicorn-13498.exeUnicorn-13498.exeUnicorn-5330.exeUnicorn-20275.exeUnicorn-55683.exeUnicorn-23565.exeUnicorn-47515.exeUnicorn-260.exeUnicorn-30987.exeUnicorn-33679.exeUnicorn-56238.exeUnicorn-41293.exeUnicorn-39709.exeUnicorn-8428.exeUnicorn-39155.exeUnicorn-31563.exeUnicorn-31563.exeUnicorn-64982.exeUnicorn-58205.exeUnicorn-54121.exeUnicorn-38339.exeUnicorn-3529.exeUnicorn-39202.exeUnicorn-4391.exeUnicorn-57676.exeUnicorn-29642.exeUnicorn-3000.exeUnicorn-25558.exeUnicorn-60390.exeUnicorn-52222.exeUnicorn-50639.exeUnicorn-41916.exeUnicorn-52030.exeUnicorn-52030.exeUnicorn-17220.exeUnicorn-28080.exeUnicorn-28080.exeUnicorn-47946.exeUnicorn-15636.exepid process 1456 Unicorn-13612.exe 1244 Unicorn-11557.exe 1152 Unicorn-22418.exe 2744 Unicorn-32217.exe 2456 Unicorn-1490.exe 2600 Unicorn-47162.exe 1816 Unicorn-12756.exe 2780 Unicorn-46176.exe 2816 Unicorn-4588.exe 2416 Unicorn-15449.exe 812 Unicorn-35315.exe 1572 Unicorn-21776.exe 2280 Unicorn-35974.exe 2848 Unicorn-40058.exe 2876 Unicorn-5247.exe 2080 Unicorn-5247.exe 1336 Unicorn-38666.exe 2176 Unicorn-20192.exe 1012 Unicorn-62699.exe 2276 Unicorn-65392.exe 2032 Unicorn-42279.exe 1536 Unicorn-61308.exe 1868 Unicorn-44225.exe 1628 Unicorn-55086.exe 916 Unicorn-28443.exe 2156 Unicorn-13498.exe 2900 Unicorn-13498.exe 2196 Unicorn-5330.exe 2192 Unicorn-20275.exe 1052 Unicorn-55683.exe 1688 Unicorn-23565.exe 2576 Unicorn-47515.exe 2880 Unicorn-260.exe 2532 Unicorn-30987.exe 3028 Unicorn-33679.exe 2208 Unicorn-56238.exe 2448 Unicorn-41293.exe 2200 Unicorn-39709.exe 2664 Unicorn-8428.exe 2804 Unicorn-39155.exe 296 Unicorn-31563.exe 804 Unicorn-31563.exe 2240 Unicorn-64982.exe 1220 Unicorn-58205.exe 2836 Unicorn-54121.exe 2952 Unicorn-38339.exe 2012 Unicorn-3529.exe 636 Unicorn-39202.exe 412 Unicorn-4391.exe 1136 Unicorn-57676.exe 1768 Unicorn-29642.exe 956 Unicorn-3000.exe 1604 Unicorn-25558.exe 908 Unicorn-60390.exe 1504 Unicorn-52222.exe 2932 Unicorn-50639.exe 2008 Unicorn-41916.exe 3068 Unicorn-52030.exe 2748 Unicorn-52030.exe 2520 Unicorn-17220.exe 2296 Unicorn-28080.exe 552 Unicorn-28080.exe 2796 Unicorn-47946.exe 2440 Unicorn-15636.exe -
Loads dropped DLL 64 IoCs
Processes:
5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exeUnicorn-13612.exeUnicorn-11557.exeUnicorn-22418.exeWerFault.exeUnicorn-1490.exeUnicorn-32217.exeUnicorn-47162.exeWerFault.exeWerFault.exeUnicorn-46176.exeUnicorn-35315.exeUnicorn-4588.exeUnicorn-15449.exeUnicorn-12756.exeWerFault.exeWerFault.exeWerFault.exepid process 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe 1456 Unicorn-13612.exe 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe 1456 Unicorn-13612.exe 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe 1244 Unicorn-11557.exe 1244 Unicorn-11557.exe 1152 Unicorn-22418.exe 1152 Unicorn-22418.exe 1456 Unicorn-13612.exe 1456 Unicorn-13612.exe 2480 WerFault.exe 2480 WerFault.exe 2480 WerFault.exe 2480 WerFault.exe 2480 WerFault.exe 2456 Unicorn-1490.exe 2456 Unicorn-1490.exe 1152 Unicorn-22418.exe 1152 Unicorn-22418.exe 2744 Unicorn-32217.exe 2744 Unicorn-32217.exe 1244 Unicorn-11557.exe 1244 Unicorn-11557.exe 2600 Unicorn-47162.exe 2600 Unicorn-47162.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 1788 WerFault.exe 2676 WerFault.exe 2676 WerFault.exe 2676 WerFault.exe 2676 WerFault.exe 2676 WerFault.exe 2780 Unicorn-46176.exe 2780 Unicorn-46176.exe 812 Unicorn-35315.exe 812 Unicorn-35315.exe 2816 Unicorn-4588.exe 2816 Unicorn-4588.exe 2416 Unicorn-15449.exe 1816 Unicorn-12756.exe 1816 Unicorn-12756.exe 2416 Unicorn-15449.exe 2456 Unicorn-1490.exe 2456 Unicorn-1490.exe 2600 Unicorn-47162.exe 2600 Unicorn-47162.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 588 WerFault.exe 1680 WerFault.exe 1680 WerFault.exe 1680 WerFault.exe 1680 WerFault.exe 1680 WerFault.exe 2960 WerFault.exe 2960 WerFault.exe 2960 WerFault.exe -
Program crash 64 IoCs
Processes:
WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exepid pid_target process target process 2580 2512 WerFault.exe 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe 2480 1456 WerFault.exe Unicorn-13612.exe 1788 1244 WerFault.exe Unicorn-11557.exe 2676 1152 WerFault.exe Unicorn-22418.exe 588 2456 WerFault.exe Unicorn-1490.exe 1680 2744 WerFault.exe Unicorn-32217.exe 2960 2600 WerFault.exe Unicorn-47162.exe 884 2780 WerFault.exe Unicorn-46176.exe 320 812 WerFault.exe Unicorn-35315.exe 1968 2816 WerFault.exe Unicorn-4588.exe 1704 1816 WerFault.exe Unicorn-12756.exe 1592 2416 WerFault.exe Unicorn-15449.exe 1580 1572 WerFault.exe Unicorn-21776.exe 2088 2280 WerFault.exe Unicorn-35974.exe 1960 2848 WerFault.exe Unicorn-40058.exe 2524 2876 WerFault.exe Unicorn-5247.exe 668 2080 WerFault.exe Unicorn-5247.exe 2980 2176 WerFault.exe Unicorn-20192.exe 2788 1336 WerFault.exe Unicorn-38666.exe 1032 2880 WerFault.exe Unicorn-260.exe 672 1012 WerFault.exe Unicorn-62699.exe 1800 2276 WerFault.exe Unicorn-65392.exe 2168 1536 WerFault.exe Unicorn-61308.exe 1864 2032 WerFault.exe Unicorn-42279.exe 1748 1868 WerFault.exe Unicorn-44225.exe 572 916 WerFault.exe Unicorn-28443.exe 2336 1628 WerFault.exe Unicorn-55086.exe 2536 2196 WerFault.exe Unicorn-5330.exe 2144 2192 WerFault.exe Unicorn-20275.exe 2556 2156 WerFault.exe Unicorn-13498.exe 2616 2900 WerFault.exe Unicorn-13498.exe 2384 1688 WerFault.exe Unicorn-23565.exe 1524 1052 WerFault.exe Unicorn-55683.exe 1668 2576 WerFault.exe Unicorn-47515.exe 2152 3028 WerFault.exe Unicorn-33679.exe 1780 2532 WerFault.exe Unicorn-30987.exe 3096 3008 WerFault.exe Unicorn-64749.exe 3104 296 WerFault.exe Unicorn-31563.exe 3116 1220 WerFault.exe Unicorn-58205.exe 3144 2200 WerFault.exe Unicorn-39709.exe 3184 2664 WerFault.exe Unicorn-8428.exe 3208 2804 WerFault.exe Unicorn-39155.exe 3332 2836 WerFault.exe Unicorn-54121.exe 3720 2448 WerFault.exe Unicorn-41293.exe 3736 1636 WerFault.exe Unicorn-64749.exe 3760 2952 WerFault.exe Unicorn-38339.exe 3784 2012 WerFault.exe Unicorn-3529.exe 3868 1664 WerFault.exe Unicorn-64749.exe 3912 804 WerFault.exe Unicorn-31563.exe 3932 2620 WerFault.exe Unicorn-21858.exe 3964 756 WerFault.exe Unicorn-45808.exe 3972 1812 WerFault.exe Unicorn-41724.exe 4012 1612 WerFault.exe Unicorn-25942.exe 4048 2504 WerFault.exe Unicorn-691.exe 4084 2316 WerFault.exe Unicorn-10997.exe 3304 2400 WerFault.exe Unicorn-3384.exe 3440 3068 WerFault.exe Unicorn-52030.exe 3460 2008 WerFault.exe Unicorn-41916.exe 3424 2440 WerFault.exe Unicorn-15636.exe 3564 2312 WerFault.exe Unicorn-62144.exe 3568 552 WerFault.exe Unicorn-28080.exe 3688 2208 WerFault.exe Unicorn-56238.exe 3472 636 WerFault.exe Unicorn-39202.exe 3372 780 WerFault.exe Unicorn-21387.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
Processes:
5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exeUnicorn-13612.exeUnicorn-11557.exeUnicorn-22418.exeUnicorn-1490.exeUnicorn-32217.exeUnicorn-47162.exeUnicorn-12756.exeUnicorn-46176.exeUnicorn-15449.exeUnicorn-4588.exeUnicorn-35315.exeUnicorn-21776.exeUnicorn-35974.exeUnicorn-40058.exeUnicorn-5247.exeUnicorn-5247.exeUnicorn-38666.exeUnicorn-20192.exeUnicorn-62699.exeUnicorn-65392.exeUnicorn-42279.exeUnicorn-61308.exeUnicorn-44225.exeUnicorn-55086.exeUnicorn-13498.exeUnicorn-28443.exeUnicorn-5330.exeUnicorn-13498.exeUnicorn-20275.exeUnicorn-55683.exeUnicorn-23565.exeUnicorn-47515.exeUnicorn-260.exeUnicorn-30987.exeUnicorn-33679.exeUnicorn-56238.exeUnicorn-41293.exeUnicorn-39709.exeUnicorn-8428.exeUnicorn-39155.exeUnicorn-31563.exeUnicorn-31563.exeUnicorn-58205.exeUnicorn-64982.exeUnicorn-38339.exeUnicorn-54121.exeUnicorn-3529.exeUnicorn-39202.exeUnicorn-4391.exeUnicorn-57676.exeUnicorn-29642.exeUnicorn-3000.exeUnicorn-25558.exeUnicorn-60390.exeUnicorn-52222.exeUnicorn-50639.exeUnicorn-41916.exeUnicorn-52030.exeUnicorn-52030.exeUnicorn-17220.exeUnicorn-28080.exeUnicorn-47946.exeUnicorn-28080.exepid process 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe 1456 Unicorn-13612.exe 1244 Unicorn-11557.exe 1152 Unicorn-22418.exe 2456 Unicorn-1490.exe 2744 Unicorn-32217.exe 2600 Unicorn-47162.exe 1816 Unicorn-12756.exe 2780 Unicorn-46176.exe 2416 Unicorn-15449.exe 2816 Unicorn-4588.exe 812 Unicorn-35315.exe 1572 Unicorn-21776.exe 2280 Unicorn-35974.exe 2848 Unicorn-40058.exe 2876 Unicorn-5247.exe 2080 Unicorn-5247.exe 1336 Unicorn-38666.exe 2176 Unicorn-20192.exe 1012 Unicorn-62699.exe 2276 Unicorn-65392.exe 2032 Unicorn-42279.exe 1536 Unicorn-61308.exe 1868 Unicorn-44225.exe 1628 Unicorn-55086.exe 2156 Unicorn-13498.exe 916 Unicorn-28443.exe 2196 Unicorn-5330.exe 2900 Unicorn-13498.exe 2192 Unicorn-20275.exe 1052 Unicorn-55683.exe 1688 Unicorn-23565.exe 2576 Unicorn-47515.exe 2880 Unicorn-260.exe 2532 Unicorn-30987.exe 3028 Unicorn-33679.exe 2208 Unicorn-56238.exe 2448 Unicorn-41293.exe 2200 Unicorn-39709.exe 2664 Unicorn-8428.exe 2804 Unicorn-39155.exe 296 Unicorn-31563.exe 804 Unicorn-31563.exe 1220 Unicorn-58205.exe 2240 Unicorn-64982.exe 2952 Unicorn-38339.exe 2836 Unicorn-54121.exe 2012 Unicorn-3529.exe 636 Unicorn-39202.exe 412 Unicorn-4391.exe 1136 Unicorn-57676.exe 1768 Unicorn-29642.exe 956 Unicorn-3000.exe 1604 Unicorn-25558.exe 908 Unicorn-60390.exe 1504 Unicorn-52222.exe 2932 Unicorn-50639.exe 2008 Unicorn-41916.exe 3068 Unicorn-52030.exe 2748 Unicorn-52030.exe 2520 Unicorn-17220.exe 2296 Unicorn-28080.exe 2796 Unicorn-47946.exe 552 Unicorn-28080.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exeUnicorn-13612.exeUnicorn-11557.exeUnicorn-22418.exeUnicorn-1490.exeUnicorn-32217.exeUnicorn-47162.exeUnicorn-46176.exedescription pid process target process PID 2512 wrote to memory of 1456 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe Unicorn-13612.exe PID 2512 wrote to memory of 1456 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe Unicorn-13612.exe PID 2512 wrote to memory of 1456 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe Unicorn-13612.exe PID 2512 wrote to memory of 1456 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe Unicorn-13612.exe PID 1456 wrote to memory of 1244 1456 Unicorn-13612.exe Unicorn-11557.exe PID 1456 wrote to memory of 1244 1456 Unicorn-13612.exe Unicorn-11557.exe PID 1456 wrote to memory of 1244 1456 Unicorn-13612.exe Unicorn-11557.exe PID 1456 wrote to memory of 1244 1456 Unicorn-13612.exe Unicorn-11557.exe PID 2512 wrote to memory of 1152 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe Unicorn-22418.exe PID 2512 wrote to memory of 1152 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe Unicorn-22418.exe PID 2512 wrote to memory of 1152 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe Unicorn-22418.exe PID 2512 wrote to memory of 1152 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe Unicorn-22418.exe PID 2512 wrote to memory of 2580 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe WerFault.exe PID 2512 wrote to memory of 2580 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe WerFault.exe PID 2512 wrote to memory of 2580 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe WerFault.exe PID 2512 wrote to memory of 2580 2512 5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe WerFault.exe PID 1244 wrote to memory of 2744 1244 Unicorn-11557.exe Unicorn-32217.exe PID 1244 wrote to memory of 2744 1244 Unicorn-11557.exe Unicorn-32217.exe PID 1244 wrote to memory of 2744 1244 Unicorn-11557.exe Unicorn-32217.exe PID 1244 wrote to memory of 2744 1244 Unicorn-11557.exe Unicorn-32217.exe PID 1152 wrote to memory of 2456 1152 Unicorn-22418.exe Unicorn-1490.exe PID 1152 wrote to memory of 2456 1152 Unicorn-22418.exe Unicorn-1490.exe PID 1152 wrote to memory of 2456 1152 Unicorn-22418.exe Unicorn-1490.exe PID 1152 wrote to memory of 2456 1152 Unicorn-22418.exe Unicorn-1490.exe PID 1456 wrote to memory of 2600 1456 Unicorn-13612.exe Unicorn-47162.exe PID 1456 wrote to memory of 2600 1456 Unicorn-13612.exe Unicorn-47162.exe PID 1456 wrote to memory of 2600 1456 Unicorn-13612.exe Unicorn-47162.exe PID 1456 wrote to memory of 2600 1456 Unicorn-13612.exe Unicorn-47162.exe PID 1456 wrote to memory of 2480 1456 Unicorn-13612.exe WerFault.exe PID 1456 wrote to memory of 2480 1456 Unicorn-13612.exe WerFault.exe PID 1456 wrote to memory of 2480 1456 Unicorn-13612.exe WerFault.exe PID 1456 wrote to memory of 2480 1456 Unicorn-13612.exe WerFault.exe PID 2456 wrote to memory of 1816 2456 Unicorn-1490.exe Unicorn-12756.exe PID 2456 wrote to memory of 1816 2456 Unicorn-1490.exe Unicorn-12756.exe PID 2456 wrote to memory of 1816 2456 Unicorn-1490.exe Unicorn-12756.exe PID 2456 wrote to memory of 1816 2456 Unicorn-1490.exe Unicorn-12756.exe PID 1152 wrote to memory of 2780 1152 Unicorn-22418.exe Unicorn-46176.exe PID 1152 wrote to memory of 2780 1152 Unicorn-22418.exe Unicorn-46176.exe PID 1152 wrote to memory of 2780 1152 Unicorn-22418.exe Unicorn-46176.exe PID 1152 wrote to memory of 2780 1152 Unicorn-22418.exe Unicorn-46176.exe PID 2744 wrote to memory of 2816 2744 Unicorn-32217.exe Unicorn-4588.exe PID 2744 wrote to memory of 2816 2744 Unicorn-32217.exe Unicorn-4588.exe PID 2744 wrote to memory of 2816 2744 Unicorn-32217.exe Unicorn-4588.exe PID 2744 wrote to memory of 2816 2744 Unicorn-32217.exe Unicorn-4588.exe PID 1244 wrote to memory of 2416 1244 Unicorn-11557.exe Unicorn-15449.exe PID 1244 wrote to memory of 2416 1244 Unicorn-11557.exe Unicorn-15449.exe PID 1244 wrote to memory of 2416 1244 Unicorn-11557.exe Unicorn-15449.exe PID 1244 wrote to memory of 2416 1244 Unicorn-11557.exe Unicorn-15449.exe PID 2600 wrote to memory of 812 2600 Unicorn-47162.exe Unicorn-35315.exe PID 2600 wrote to memory of 812 2600 Unicorn-47162.exe Unicorn-35315.exe PID 2600 wrote to memory of 812 2600 Unicorn-47162.exe Unicorn-35315.exe PID 2600 wrote to memory of 812 2600 Unicorn-47162.exe Unicorn-35315.exe PID 1244 wrote to memory of 1788 1244 Unicorn-11557.exe WerFault.exe PID 1244 wrote to memory of 1788 1244 Unicorn-11557.exe WerFault.exe PID 1244 wrote to memory of 1788 1244 Unicorn-11557.exe WerFault.exe PID 1244 wrote to memory of 1788 1244 Unicorn-11557.exe WerFault.exe PID 1152 wrote to memory of 2676 1152 Unicorn-22418.exe WerFault.exe PID 1152 wrote to memory of 2676 1152 Unicorn-22418.exe WerFault.exe PID 1152 wrote to memory of 2676 1152 Unicorn-22418.exe WerFault.exe PID 1152 wrote to memory of 2676 1152 Unicorn-22418.exe WerFault.exe PID 2780 wrote to memory of 1572 2780 Unicorn-46176.exe Unicorn-21776.exe PID 2780 wrote to memory of 1572 2780 Unicorn-46176.exe Unicorn-21776.exe PID 2780 wrote to memory of 1572 2780 Unicorn-46176.exe Unicorn-21776.exe PID 2780 wrote to memory of 1572 2780 Unicorn-46176.exe Unicorn-21776.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe"C:\Users\Admin\AppData\Local\Temp\5bff862f5c208e7a9c4c8df44df60d73c4dd5b49f79abec80f197c64275c8734.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1456 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4588.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4588.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2816 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52030.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52030.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe10⤵PID:1636
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 20011⤵
- Program crash
PID:3736
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 23610⤵PID:4532
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63934.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63934.exe9⤵PID:2752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe10⤵PID:3844
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe11⤵PID:5348
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe12⤵PID:6500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe13⤵PID:8900
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe14⤵PID:10296
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe15⤵PID:12384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 21614⤵PID:11844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 21613⤵PID:9840
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 21612⤵PID:7820
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 21611⤵PID:6924
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 23610⤵PID:4996
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 2209⤵
- Program crash
PID:3720
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe9⤵PID:3008
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 20010⤵
- Program crash
PID:3096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 2169⤵PID:4524
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 2408⤵
- Program crash
PID:1748
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe8⤵PID:1796
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe9⤵PID:2828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe10⤵PID:3260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe11⤵PID:4708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe12⤵PID:6584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe13⤵PID:7736
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe14⤵PID:10384
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe15⤵PID:12068
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 21615⤵PID:8036
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 21614⤵PID:11180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 21613⤵PID:8512
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 21612⤵PID:7912
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 21611⤵PID:5184
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 23610⤵PID:4672
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe9⤵PID:3312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe10⤵PID:4236
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe11⤵PID:6396
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe12⤵PID:7920
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe13⤵PID:10352
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe14⤵PID:4212
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 21614⤵PID:8492
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 21613⤵PID:11136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 21612⤵PID:9008
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 21611⤵PID:7632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 23610⤵PID:5260
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 2409⤵PID:4640
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe8⤵PID:1776
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe9⤵PID:3376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60852.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60852.exe10⤵PID:4928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe11⤵PID:6700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe12⤵PID:8468
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18069.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18069.exe13⤵PID:10956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4711.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4711.exe14⤵PID:12240
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 21614⤵PID:12560
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 23613⤵PID:11444
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 21612⤵PID:9420
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 21611⤵PID:8080
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 21610⤵PID:6180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 2369⤵PID:4744
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 2408⤵
- Program crash
PID:3144
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 2407⤵
- Program crash
PID:1960
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe8⤵PID:2808
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe9⤵PID:3588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe10⤵PID:5240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe11⤵PID:7036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe12⤵PID:8720
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe13⤵PID:11112
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe14⤵PID:7044
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 23614⤵PID:12660
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 21613⤵PID:11624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 21612⤵PID:9632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 21611⤵PID:7760
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 21610⤵PID:6572
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 2369⤵PID:5024
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 2168⤵
- Program crash
PID:3184
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe7⤵PID:2400
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 2408⤵
- Program crash
PID:3304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 2407⤵
- Program crash
PID:572
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 2406⤵
- Program crash
PID:1968
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 2365⤵
- Loads dropped DLL
- Program crash
PID:1680
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2416 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe8⤵PID:2316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe9⤵PID:2648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe10⤵PID:3464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe11⤵PID:6140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe12⤵PID:8144
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe13⤵PID:10044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe14⤵PID:11772
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 21614⤵PID:7540
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 23613⤵PID:10596
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 23612⤵PID:8412
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 23611⤵PID:7048
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 21610⤵PID:5696
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 2369⤵
- Program crash
PID:4084
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe8⤵PID:840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe9⤵PID:3824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe10⤵PID:6128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49324.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49324.exe11⤵PID:7860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe12⤵PID:308
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe13⤵PID:12196
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 23613⤵PID:5664
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 23612⤵PID:10396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 21611⤵PID:9132
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 21610⤵PID:6920
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 2369⤵PID:5656
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 2408⤵
- Program crash
PID:3912
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe7⤵PID:2620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe8⤵PID:2832
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47401.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47401.exe9⤵PID:3876
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe10⤵PID:5984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe11⤵PID:7888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe12⤵PID:10232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe13⤵PID:12108
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 23613⤵PID:6456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 21612⤵PID:10368
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 21611⤵PID:9140
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 21610⤵PID:6696
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 2369⤵PID:5468
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 2368⤵
- Program crash
PID:3932
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 2407⤵
- Program crash
PID:2556
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe7⤵PID:2504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe8⤵PID:3060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe9⤵PID:3348
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe10⤵PID:5956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe11⤵PID:7804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe12⤵PID:9580
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 22013⤵PID:1632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 23612⤵PID:10468
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 21611⤵PID:9100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 21610⤵PID:6716
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 2369⤵PID:5456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 2368⤵
- Program crash
PID:4048
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe7⤵PID:2692
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe8⤵PID:2240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe9⤵PID:5276
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe10⤵PID:8052
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe11⤵PID:9560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe12⤵PID:11684
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 21612⤵PID:6972
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 21611⤵PID:10524
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 23610⤵PID:8272
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 2369⤵PID:6164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 2168⤵PID:5776
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 2406⤵
- Program crash
PID:668
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:296 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52030.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52030.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe8⤵PID:1792
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe9⤵PID:3980
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe10⤵PID:5852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe11⤵PID:7232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe12⤵PID:9976
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe13⤵PID:11996
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe14⤵PID:11284
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 11996 -s 21614⤵PID:12760
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 21613⤵PID:7144
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 21612⤵PID:10736
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 21611⤵PID:8880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 21610⤵PID:4932
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 2369⤵PID:5376
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 2368⤵
- Program crash
PID:3440
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe7⤵PID:2072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe8⤵PID:3548
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe9⤵PID:5132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-258.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-258.exe10⤵PID:6308
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe11⤵PID:8652
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe12⤵PID:11076
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe13⤵PID:5748
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 22013⤵PID:12500
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 21612⤵PID:11608
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 23611⤵PID:9572
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 21610⤵PID:7940
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 2169⤵PID:6560
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 2368⤵PID:4656
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 2207⤵
- Program crash
PID:3104
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:552 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe7⤵PID:2972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe8⤵PID:3532
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe9⤵PID:6120
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe10⤵PID:7764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exe11⤵PID:10208
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe12⤵PID:12276
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 21612⤵PID:11956
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 21611⤵PID:11228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 21610⤵PID:9084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 2369⤵PID:6936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 2368⤵PID:5648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 2367⤵
- Program crash
PID:3568
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 2406⤵
- Program crash
PID:2144
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 2405⤵
- Program crash
PID:1592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1788
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:812 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-260.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-260.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 2408⤵
- Program crash
PID:1032
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25558.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25558.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe8⤵PID:780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe9⤵PID:3452
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe10⤵PID:4728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe11⤵PID:6112
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe12⤵PID:7576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe13⤵PID:9388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11945.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11945.exe14⤵PID:12260
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 21614⤵PID:6200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 21613⤵PID:10952
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 21612⤵PID:8856
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 21611⤵PID:7460
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 21610⤵PID:5892
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 2369⤵
- Program crash
PID:3372
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe8⤵PID:3516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe9⤵PID:4760
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe10⤵PID:6092
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe11⤵PID:7976
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe12⤵PID:9384
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe13⤵PID:11700
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 21613⤵PID:7584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 21612⤵PID:10860
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 21611⤵PID:8704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 23610⤵PID:7196
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 2169⤵PID:5900
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 2408⤵PID:3820
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 2407⤵
- Program crash
PID:1864
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48029.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48029.exe8⤵PID:1852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe9⤵PID:3428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe10⤵PID:5108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe11⤵PID:6808
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe12⤵PID:8404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe13⤵PID:10884
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe14⤵PID:12160
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10884 -s 21614⤵PID:12552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 21613⤵PID:11360
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 21612⤵PID:9412
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 21611⤵PID:7244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 23610⤵PID:6208
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 2369⤵PID:4812
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe8⤵PID:3480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe9⤵PID:4344
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22926.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22926.exe10⤵PID:6744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe11⤵PID:8328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe12⤵PID:10444
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe13⤵PID:11980
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 22013⤵PID:11860
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 23612⤵PID:11248
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 21611⤵PID:9344
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 21610⤵PID:8168
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 2369⤵PID:6380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 2208⤵PID:4500
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe7⤵PID:1684
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22238.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22238.exe8⤵PID:4076
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exe9⤵PID:4140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe10⤵PID:6656
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe11⤵PID:8216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe12⤵PID:10688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe13⤵PID:7120
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 21613⤵PID:12440
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 23612⤵PID:11052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 21611⤵PID:9272
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 21610⤵PID:7996
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 2169⤵PID:6088
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 2168⤵PID:4608
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 2407⤵
- Program crash
PID:2152
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 2406⤵
- Program crash
PID:2088
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29747.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29747.exe8⤵PID:2660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe9⤵PID:3896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe10⤵PID:4780
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 18811⤵PID:5044
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 21610⤵PID:5224
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 2369⤵PID:4424
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe8⤵PID:4020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe9⤵PID:4968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe10⤵PID:6648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe11⤵PID:8432
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64555.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64555.exe12⤵PID:10832
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe13⤵PID:6992
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 21613⤵PID:12348
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 22012⤵PID:11320
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 21611⤵PID:9404
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 21610⤵PID:8004
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 2169⤵PID:6028
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 2408⤵PID:4492
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 2367⤵
- Program crash
PID:1780
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe7⤵PID:1368
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe8⤵PID:3236
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe9⤵PID:4128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe10⤵PID:6148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33263.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33263.exe11⤵PID:8012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42106.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42106.exe12⤵PID:10080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe13⤵PID:12120
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 21613⤵PID:8224
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 21611⤵PID:8980
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 23610⤵PID:7508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 2169⤵PID:6000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 2368⤵PID:4352
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe7⤵PID:3356
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe8⤵PID:4892
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe9⤵PID:5248
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe10⤵PID:7288
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe11⤵PID:10248
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe12⤵PID:12172
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 21612⤵PID:8204
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 21611⤵PID:11164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 21610⤵PID:8920
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 2369⤵PID:7476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 2168⤵PID:5864
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 2407⤵PID:4172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 2406⤵
- Program crash
PID:2168
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 2405⤵
- Program crash
PID:320
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe8⤵PID:2308
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe9⤵PID:3628
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe10⤵PID:5176
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe11⤵PID:6432
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe12⤵PID:8628
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52983.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52983.exe13⤵PID:11404
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 23613⤵PID:12048
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 21612⤵PID:10056
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 21611⤵PID:8544
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 21610⤵PID:6608
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 2369⤵PID:4864
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe8⤵PID:3668
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe9⤵PID:5300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe10⤵PID:6344
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe11⤵PID:8692
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe12⤵PID:11148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe13⤵PID:11840
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 23613⤵PID:12704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 23612⤵PID:11676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 21611⤵PID:9624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 21610⤵PID:7384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 2169⤵PID:6844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 2408⤵PID:4460
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 2367⤵
- Program crash
PID:3116
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe6⤵
- Executes dropped EXE
PID:2440 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe7⤵PID:2956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe8⤵PID:3504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29415.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29415.exe9⤵PID:5920
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe10⤵PID:7964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe11⤵PID:10504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe12⤵PID:11500
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10504 -s 21612⤵PID:7692
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 21611⤵PID:10424
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 21610⤵PID:9164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 2369⤵PID:6604
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 2168⤵PID:5440
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 2367⤵
- Program crash
PID:3424
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 2406⤵
- Program crash
PID:2616
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe7⤵PID:1664
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 2008⤵
- Program crash
PID:3868
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 2367⤵PID:4544
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe6⤵PID:2064
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe7⤵PID:3232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe8⤵PID:5548
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe9⤵PID:6324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe10⤵PID:9928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe11⤵PID:11964
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 21611⤵PID:5676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 21610⤵PID:10668
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 2169⤵PID:8848
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 2168⤵PID:7164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 2167⤵PID:4952
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 2406⤵
- Program crash
PID:3784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 2205⤵
- Program crash
PID:2980
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:2960
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:2480
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1816 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe8⤵PID:2044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe9⤵PID:3800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe10⤵PID:5708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe11⤵PID:7276
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe12⤵PID:9660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe13⤵PID:11896
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 21613⤵PID:12228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 21612⤵PID:2324
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 21611⤵PID:8936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 23610⤵PID:6408
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 2169⤵PID:5264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 2168⤵
- Program crash
PID:3460
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe7⤵PID:1640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe8⤵PID:3940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe9⤵PID:5364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe10⤵PID:7192
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe11⤵PID:9984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-77.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-77.exe12⤵PID:1452
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 21612⤵PID:12284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 21611⤵PID:10540
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 23610⤵PID:8428
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 2169⤵PID:6296
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 2368⤵PID:5808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 2407⤵
- Program crash
PID:3688
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 2366⤵
- Program crash
PID:2524
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe7⤵PID:1812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe8⤵PID:1492
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exe9⤵PID:3340
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe10⤵PID:5228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe11⤵PID:8024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe12⤵PID:9248
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe13⤵PID:11308
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 21613⤵PID:12116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 21612⤵PID:10380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 21611⤵PID:8264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 21610⤵PID:7064
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 2369⤵PID:5740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 2368⤵
- Program crash
PID:3972
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe7⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe8⤵PID:3136
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe9⤵PID:5072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3623.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3623.exe10⤵PID:6300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe11⤵PID:7824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe12⤵PID:10272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe13⤵PID:928
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 21613⤵PID:7328
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 21612⤵PID:11068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 21611⤵PID:8636
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 21610⤵PID:7552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 2169⤵PID:5192
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 2368⤵PID:4592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 2407⤵
- Program crash
PID:3208
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe6⤵PID:1612
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe7⤵PID:848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe8⤵PID:3596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe9⤵PID:6040
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe10⤵PID:7928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe11⤵PID:9672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe12⤵PID:11424
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 21612⤵PID:12204
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 21611⤵PID:10484
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 21610⤵PID:9156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 2369⤵PID:6756
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 2368⤵PID:5500
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 2367⤵
- Program crash
PID:4012
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 2406⤵
- Program crash
PID:2336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 2405⤵
- Program crash
PID:1704
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe7⤵PID:2312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe8⤵PID:2428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe9⤵PID:3292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe10⤵PID:5412
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe11⤵PID:6672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe12⤵PID:9584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe13⤵PID:11764
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 21613⤵PID:11952
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 21612⤵PID:9728
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 21611⤵PID:8752
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 23610⤵PID:7016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 2369⤵PID:4804
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 2368⤵
- Program crash
PID:3564
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40799.exe7⤵PID:1004
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe8⤵PID:3692
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe9⤵PID:5204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42661.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42661.exe10⤵PID:7068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe11⤵PID:8620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe12⤵PID:10912
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe13⤵PID:12032
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 21613⤵PID:12508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 21612⤵PID:11392
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 21611⤵PID:9564
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 21610⤵PID:7784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 2169⤵PID:6632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 2368⤵PID:4956
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 2407⤵
- Program crash
PID:3332
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 2166⤵
- Program crash
PID:2536
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe6⤵PID:756
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe7⤵PID:1072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe8⤵PID:3948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe9⤵PID:6012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe10⤵PID:7716
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exe11⤵PID:10200
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe12⤵PID:12136
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 21612⤵PID:6520
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 21611⤵PID:11236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 21610⤵PID:9076
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 2169⤵PID:6724
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 2368⤵PID:5476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 2367⤵
- Program crash
PID:3964
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe6⤵PID:2632
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe7⤵PID:4016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe8⤵PID:5520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe9⤵PID:6372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe10⤵PID:9368
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe11⤵PID:11688
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 21611⤵PID:11596
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 21610⤵PID:10188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 2169⤵PID:8820
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 2168⤵PID:7156
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 2406⤵
- Program crash
PID:3760
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 2405⤵
- Program crash
PID:2788
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:588
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1572 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55683.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55683.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:412 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe8⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe9⤵PID:3320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe10⤵PID:4856
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe11⤵PID:5392
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24519.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24519.exe12⤵PID:8048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe13⤵PID:9640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe14⤵PID:6116
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 21614⤵PID:8112
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 21613⤵PID:10896
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 21612⤵PID:8796
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 23611⤵PID:7300
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 21610⤵PID:5156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 2369⤵PID:4180
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe8⤵PID:3408
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe9⤵PID:4736
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54194.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54194.exe10⤵PID:5128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40855.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40855.exe11⤵PID:7876
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33362.exe12⤵PID:10148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe13⤵PID:11988
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 21613⤵PID:7800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 21612⤵PID:10844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 21611⤵PID:8664
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 23610⤵PID:7204
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 2169⤵PID:6080
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 2408⤵PID:3904
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3659.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3659.exe7⤵PID:2792
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe8⤵PID:3488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe9⤵PID:4936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe10⤵PID:5292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe11⤵PID:8152
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe12⤵PID:9680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe13⤵PID:12012
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 21613⤵PID:8180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 22012⤵PID:10908
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 21611⤵PID:8832
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 23610⤵PID:7308
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 2169⤵PID:5316
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 2368⤵PID:4188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 2407⤵
- Program crash
PID:1524
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe7⤵PID:1044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe8⤵PID:3680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe9⤵PID:5084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe10⤵PID:6136
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe10⤵PID:6772
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe11⤵PID:8504
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe11⤵PID:8956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe12⤵PID:10336
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe13⤵PID:12072
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 23613⤵PID:11708
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 23612⤵PID:11852
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 24011⤵PID:9832
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 24010⤵PID:6752
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 2369⤵PID:5688
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 2368⤵PID:4336
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64017.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64017.exe7⤵PID:3956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29742.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29742.exe8⤵PID:4720
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe9⤵PID:6336
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe10⤵PID:7272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe11⤵PID:10320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe12⤵PID:12020
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10320 -s 21612⤵PID:7944
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 21611⤵PID:11124
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 21610⤵PID:8552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 2169⤵PID:7592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 2168⤵PID:5428
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 2407⤵PID:4416
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 2406⤵
- Program crash
PID:672
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:636 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe7⤵PID:2392
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe8⤵PID:3264
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe9⤵PID:4824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe10⤵PID:6036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe11⤵PID:7812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29278.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29278.exe12⤵PID:9948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe13⤵PID:6236
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 21613⤵PID:7904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 21612⤵PID:10808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 21611⤵PID:8660
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 23610⤵PID:7184
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 2169⤵PID:5884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 2168⤵PID:4164
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe7⤵PID:3396
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe8⤵PID:4700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe9⤵PID:5216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe10⤵PID:7924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33362.exe11⤵PID:1392
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe12⤵PID:5644
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 22012⤵PID:6536
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 21611⤵PID:10852
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 21610⤵PID:8684
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 2169⤵PID:7264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 2168⤵PID:5160
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 2407⤵
- Program crash
PID:3472
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe6⤵PID:2696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe7⤵PID:3296
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe8⤵PID:4696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe9⤵PID:6872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe10⤵PID:8564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe11⤵PID:11032
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe12⤵PID:11416
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 21612⤵PID:12600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 21611⤵PID:11540
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 21610⤵PID:9504
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 2169⤵PID:7484
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 2168⤵PID:6244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 2167⤵PID:4104
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 2406⤵
- Program crash
PID:2384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 2405⤵
- Program crash
PID:1580
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57676.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57676.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe7⤵PID:1376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe8⤵PID:3804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe9⤵PID:4220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe10⤵PID:5784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe11⤵PID:7220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9433.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9433.exe12⤵PID:9988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe13⤵PID:11868
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 21613⤵PID:7548
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 22012⤵PID:10904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 21611⤵PID:8844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 21610⤵PID:7356
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 2369⤵PID:5448
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 2368⤵PID:4360
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe7⤵PID:3992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe8⤵PID:4908
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe9⤵PID:6484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe10⤵PID:7844
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe11⤵PID:10784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe12⤵PID:5148
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 21612⤵PID:12516
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 21611⤵PID:11296
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 21610⤵PID:8972
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 2169⤵PID:7752
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 2168⤵PID:5356
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 2407⤵PID:4484
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe6⤵PID:844
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe7⤵PID:3556
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe8⤵PID:4788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exe9⤵PID:6056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe10⤵PID:2916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe11⤵PID:9452
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe12⤵PID:12164
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 23612⤵PID:6676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 23611⤵PID:10724
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 23610⤵PID:8576
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 2169⤵PID:7396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 2168⤵PID:5532
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 2367⤵PID:4112
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 2406⤵
- Program crash
PID:1668
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe6⤵PID:2300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe7⤵PID:3648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe8⤵PID:5008
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 2209⤵PID:5916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 2168⤵PID:5876
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 2167⤵PID:4272
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37374.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37374.exe6⤵PID:3924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe7⤵PID:4820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe8⤵PID:6524
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe9⤵PID:8252
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe10⤵PID:10640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11945.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11945.exe11⤵PID:12248
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 21611⤵PID:12016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 21610⤵PID:11156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 2169⤵PID:9280
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 2168⤵PID:7832
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 2167⤵PID:6076
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 2406⤵PID:4452
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 2405⤵
- Program crash
PID:1800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 2404⤵
- Program crash
PID:884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:2676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 2402⤵
- Program crash
PID:2580
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD5ecc17c71a4aa20470ff694858178e235
SHA1fddf0ac5be305de0b0fe96f00512356d3df2daea
SHA256469c44428085e67af8a19e7937d6de783965124a9f045cfbd0c6f2104aca33d2
SHA5124b257b826df235dda8b43a28684c72d42848ef61dc9f98fcf6f96f11b36e8ae61770acf7507955cf171c56d3a8a48d410ca2f172b7070d966b593fea863d591a
-
Filesize
184KB
MD573280ced95415b17327246e9ed2ab0d3
SHA18930508f5fa9c357b663504fbd8f589e3bf4a661
SHA256c0962932cb3a1cf4da54e1d9c0e61fdd87aacf354939946eb0edfc1abde02bf7
SHA5124352195867e9700279e374cef9bebd2a53dbd7c6ec985ee9a6699b1d53221ad60bb668af58b8e216111537d20bb804e0333d6ec6a0baa8be6f1a81d65496bcd3
-
Filesize
184KB
MD5ebd481f0bd045e39fba9fddcda8625a0
SHA1c160f7e8b28b31a00f932d4b09d5166d6a55cce3
SHA2569173b91d1d730c9b4ac807e3643aa1be923a719ac7bd20f02e9e591fc92ac02b
SHA51293e8aac2b08919f160ba2e9097ae09ce88cfbb98cb06492a942aeadc74697a32d52833ca61e92b5eb385e3af9ab65102a286310d2059048ab383f535f21773e4
-
Filesize
184KB
MD54640017c49170c3b0adeb6ac20d58f50
SHA15ad37e367fc10e3d864c79757b55a1ea1dd8f569
SHA256b6775fb473f5ad19c6aa5ee3a06b14c0e6bf290c52354166f53c0e5619e56a98
SHA512eb2875b1f55c5a6193f207a17db66cd2c121b50daaad8266a110f5336c0f49d785f48e75e9f7ec50214f0e0a1133e828b12b23a5daee8dc8bb2917d8348f0ec6
-
Filesize
184KB
MD581a108ddfe7ebedcbf108733e03a9269
SHA1db93fe8df823055bba65b2a8221bb9fc5b9ea9ab
SHA256e30fc8fc5b420e9c04a802f36da76b7926a8e1f3429c2d39e65dfc69c8b2ffa4
SHA5124e5c6cd3ffa33976eb7386104ac3bd8216489e9a87665ee1a290d070b45579c5b5e1ae61cfb823d6a05a07c25a193377ea833087eeb3604c66c9e4f54dc56e04
-
Filesize
184KB
MD5d39a639a97646590d8c723a3d0fb7cbf
SHA1a4459c6bae7113fa2cf04f5a64063ab2e42aa854
SHA256e08ee1dd5e46f8bf8d5e07a24784cdd050c36d55d8463b8579ff8836352f8c40
SHA5126655faa7ab920bd70550838c3823b6e147842af83c942d3a0c0eced8a5fa9ddda1f18c349be58f9e6fcb3ba3a87eb1e589635e09bff36f72a6a6228f0be37fcf
-
Filesize
184KB
MD5132c91ae312cfee90011ec026f3a499a
SHA186c1f7383cf23546ca5642c56d40f73b220abc0c
SHA2564ae1fe83ea8493fcb42c11d20005b657ac20197439983915bdabb029d8a3e691
SHA5121a9e5307b5a43c5b230aee14f5585a55defdc9c6071a559da9d2866a45635a57da248f4224bbb56ae380323151f84572765a6e210dcc7cc7a9baa8cfd24832e4
-
Filesize
184KB
MD5617adfb2bdc8f4c4577810bd6bb0dc33
SHA1faa69013bca0d60ed5ecc784c07488aa0a377b3a
SHA25606ca93eb08c674dd85587579c3172a99e542e56787a051e16499838827e04d61
SHA512af81cbaa96555bb0373e0949ea381eae56b91685171b0f351621f09febc41fa15c9aaa8bc9818fc7842ee3461248a140250b765a92da51d747d2967247be0238
-
Filesize
184KB
MD5b7f44c01a12f5a74c8b4c362ab0cfaf0
SHA17f3c94106875b1a869075d1585bab44ca6f563e6
SHA25676e6fb5fc0f683207d634f9b378a3206ba0522002a0504ea73bc2f5157d01902
SHA512899f2a176514c0d489ed00d67f1637c9a7ab00d089aec3f911a0c07e5a9c5e378011d937a6c2ab51385d62f0d5c9b4d2bc6ff9913d4e6801869289cf0db7db9f
-
Filesize
184KB
MD5051499480c5ccdd62d78696c4b14d3c7
SHA1336334dc6d7f43a6cfb643adc452bc33b880c5dd
SHA256d86cfad4a28f07f60e5b390ae90c34f20e445a37898f377cb278519733716ffb
SHA512a86b281ffbdf6e9b8324614a748aa40724f43233627da42d80f739b56939c51931b90fdad3a388567c5aead9ba7305afbd7f974638f0144f407be0e25202b64c
-
Filesize
184KB
MD517ceebe5a4dc7bc29eef8064ff28ecec
SHA13299454f336faf60553afc268d5b404bbfe5f751
SHA2561e0d1ee9c81982333f1a542441a34f209aef96f0be6df9455f4c2a433c040205
SHA512a994ef66fb53b20f5c6d0fb1e99f553adf9510048b7b89f2c5e01c8454815a2f710691c4eb2d5c664a4844bca60bf7635378301d078d335783883978b356eeea
-
Filesize
184KB
MD5eebce3b17228d8c91707c160cecd9eb8
SHA16772b802ed920d399fc79e6a663eb09195ae7511
SHA25620f76876c1569635b1e31824b2718d0d2a2535061c9a48c2c8abe84c641786dc
SHA51250dd56660a278db59609d2779775b6e0c37ce57d7c34c8899cb892756a9ad32ae8e0efdc2fcaac273394c7ea8b3b27f37270b9e7c2ac3a24e29a06cbca173c3d
-
Filesize
184KB
MD546efd1df2cd8426fe8b60292235a7574
SHA146e5bb59f4b2a81520bdf21bb131951ce0e0028d
SHA256e4625040eac71eb68a02ac6cfe36adf4552e49184942ad53f49a292437854fc6
SHA51230afc3d28cc90a80a8c6c96c47a77ff9fee376b2b28bac4dcd311e8cd34534bb6c78f29096f622e42db6f8bfed7ce1a1bcb68376444be359a040f2c3923cd883
-
Filesize
184KB
MD53d4010079e3ed03ce12b6b59021a41d5
SHA1bae4d952d91f2ebc66d925c60c9b3c996f2d6bb6
SHA25684884c491c0a45783b2df6b0ae881485ce0c3b7eecdb273272d8dd12687d6256
SHA5124b1f7b6f77dd88f1a5a57f504fa456898a5ea9bfef109d0f9045ecb0885051a7d992df4ec77a836c35a51522cfaa9d98ee3151092729a6dbaf9b7cb85f217802
-
Filesize
184KB
MD511b528b7542881e892e69d77c50262ad
SHA15892eb796d4a5c905d10f42cd7be445185cf9e11
SHA25647610c0c61fb30dd5ca4e20f6ed0b07461e20815b2cbbdd8a098b721339d42cf
SHA51222c2a7f22ab2508378d37cfdd1916d9ca429acfb563f508def63f069f26cdf313bbe18dc337c2c2d15ea05b79105e5b4eed237c36eea8e23cde06200bcd71fe4
-
Filesize
184KB
MD5840fc2b69e575c9f64fee8ba1c110553
SHA14a7ef1a20bd981070f141f5af6cfbf86c00f9eec
SHA25671fe2ed0a24a7052d3217298269ed33fed3e60b4b7454fc42aff0b6dbb37c7c9
SHA512a78c5c5975df783f03fa614a041db96d13de1220529afdca3584b4856255d49e284856997164ddbe397a778ee5d138fd0a51675f5c29fdc377088e90cd14c92f
-
Filesize
184KB
MD583a2a56b6904a9a9a00723560f5d9aa4
SHA1d410d7a624db86ab87955001dfb4d841387e6270
SHA2566ecf5e10905d837ff654eb668e2f0aaed7b47de578f1ea9bc7973cf2c7ace454
SHA5125eaa4dd85bb899b59a335f9c6f3c9851c983b2de8178cffa55e2e32d244df9bf4689c32b1a311465544a48bdc83f47bcf0bce82ee2ad3ebd7109ae5280d6ad30
-
Filesize
184KB
MD5332617895a046858df3676121e769b42
SHA19f6376b160d52b139e79bd1c7c7a9defd5db4c71
SHA25634fda6d6453a80765951a0a216c72a5a9cf4782820906e87020d6ae6a161ba3e
SHA512bd1d69d594aab7a4917f1f192799d5e982492a8dd4136beea87b170ca74b50a19614bc5b30b31e06b5c7262ab899cf6a6dd77f2b6582fe310e401f2ffdfe8cf7
-
Filesize
184KB
MD5c5978e00872c2030ee0645b1689c0981
SHA1bc5afc01f687a383289b1f5fe997d0b960a94884
SHA256340fb9dcfbf37b7cb551b6a364b27f1f5c8510e5dd62337dc214d6fdd54169a1
SHA5126909c78392f5b014fc9b571c44d0e5c434ae7b7115a531f281e00f8acfdf89fbf6aacf563c531e042413788099bdbdd71f511476b1b979a18f870494ed5d84b7
-
Filesize
184KB
MD5cea3dee9e2c230b742480786543b0815
SHA19baa13cc09751b98b14640a7ddb7fc390146fe8e
SHA256f47d9d2c2bd0cdd9888b7c25bf5494e334a3bc6a45d9498b6cdba58b4d2de16e
SHA512a03237261c7b357c9d8af51d40e480ff2b73c6c341dd6fb1b735150a9ec1381bde9f4abaf3abb855d2753d1ee3376e5fac502e8352b6f08517b9645c43ad0da9