Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 20:53
Static task
static1
Behavioral task
behavioral1
Sample
1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe
-
Size
184KB
-
MD5
1ef30c8dbab47b2b8f5e5d56ab0909f0
-
SHA1
796033aa4209f9ee1ef12ed614e6af00737a1652
-
SHA256
78b19d84f28f73ea66f25526714783cecce46496167631129331513add13c4cd
-
SHA512
f54908d9dae1d13aa6c01e0f512eec2f201629f86f93eb1b20a6841de0e071b370e274e41649ffb5e68791e8e44c88c14dc29fa75558224327556176451ba016
-
SSDEEP
3072:zO/7iWolaMuKVR0YeCiLRVp/XPYKzP/FHBBgA5vuUlu0lnVgFknT:zOLoS+R09Lrp/Xxh1k0lnVgFk
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 3008 Unicorn-45386.exe 3020 Unicorn-57721.exe 2512 Unicorn-7129.exe 2580 Unicorn-9371.exe 2544 Unicorn-56434.exe 2464 Unicorn-59127.exe 2324 Unicorn-22548.exe 796 Unicorn-17072.exe 1096 Unicorn-45106.exe 1552 Unicorn-27186.exe 492 Unicorn-16326.exe 1300 Unicorn-41681.exe 1936 Unicorn-39543.exe 1592 Unicorn-15038.exe 2732 Unicorn-3341.exe 1432 Unicorn-23761.exe 2780 Unicorn-7425.exe 1816 Unicorn-23207.exe 1136 Unicorn-9091.exe 768 Unicorn-30066.exe 1352 Unicorn-13730.exe 1504 Unicorn-17068.exe 1872 Unicorn-62739.exe 1516 Unicorn-31266.exe 1508 Unicorn-17622.exe 1688 Unicorn-41572.exe 860 Unicorn-36118.exe 856 Unicorn-36118.exe 2088 Unicorn-44286.exe 2168 Unicorn-28504.exe 2700 Unicorn-32610.exe 1708 Unicorn-53777.exe 2684 Unicorn-18220.exe 2524 Unicorn-23373.exe 2196 Unicorn-41655.exe 2452 Unicorn-18774.exe 1288 Unicorn-23949.exe 2392 Unicorn-38893.exe 2348 Unicorn-3336.exe 1728 Unicorn-63398.exe 1660 Unicorn-9366.exe 1940 Unicorn-23757.exe 1956 Unicorn-58567.exe 1652 Unicorn-42785.exe 748 Unicorn-33871.exe 2224 Unicorn-33871.exe 1948 Unicorn-22173.exe 2772 Unicorn-10134.exe 2592 Unicorn-61836.exe 3048 Unicorn-61836.exe 3004 Unicorn-26471.exe 1580 Unicorn-28993.exe 1420 Unicorn-30123.exe 2276 Unicorn-17125.exe 1696 Unicorn-19263.exe 2192 Unicorn-64934.exe 1564 Unicorn-42375.exe 1960 Unicorn-62241.exe 2536 Unicorn-29054.exe 2444 Unicorn-2734.exe 1964 Unicorn-56019.exe 2472 Unicorn-16056.exe 2656 Unicorn-52812.exe 1988 Unicorn-52812.exe -
Loads dropped DLL 64 IoCs
pid Process 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 3008 Unicorn-45386.exe 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 3008 Unicorn-45386.exe 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 3020 Unicorn-57721.exe 3020 Unicorn-57721.exe 2512 Unicorn-7129.exe 3008 Unicorn-45386.exe 3008 Unicorn-45386.exe 2512 Unicorn-7129.exe 2836 WerFault.exe 2836 WerFault.exe 2836 WerFault.exe 2836 WerFault.exe 2836 WerFault.exe 2544 Unicorn-56434.exe 2544 Unicorn-56434.exe 2512 Unicorn-7129.exe 2512 Unicorn-7129.exe 2580 Unicorn-9371.exe 2580 Unicorn-9371.exe 3020 Unicorn-57721.exe 2464 Unicorn-59127.exe 2464 Unicorn-59127.exe 3020 Unicorn-57721.exe 1868 WerFault.exe 1868 WerFault.exe 1868 WerFault.exe 1868 WerFault.exe 1996 WerFault.exe 1996 WerFault.exe 1996 WerFault.exe 1996 WerFault.exe 1868 WerFault.exe 1996 WerFault.exe 796 Unicorn-17072.exe 796 Unicorn-17072.exe 492 Unicorn-16326.exe 492 Unicorn-16326.exe 2464 Unicorn-59127.exe 2464 Unicorn-59127.exe 2324 Unicorn-22548.exe 2324 Unicorn-22548.exe 2544 Unicorn-56434.exe 2544 Unicorn-56434.exe 1096 Unicorn-45106.exe 1096 Unicorn-45106.exe 2580 Unicorn-9371.exe 2580 Unicorn-9371.exe 2972 WerFault.exe 2972 WerFault.exe 2972 WerFault.exe 2972 WerFault.exe 2972 WerFault.exe 1080 WerFault.exe 1080 WerFault.exe 1080 WerFault.exe 1080 WerFault.exe 944 WerFault.exe 944 WerFault.exe 944 WerFault.exe 944 WerFault.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 2532 2868 WerFault.exe 27 2836 3008 WerFault.exe 28 1868 3020 WerFault.exe 29 1996 2512 WerFault.exe 30 2972 2544 WerFault.exe 33 1080 2580 WerFault.exe 32 944 2464 WerFault.exe 34 2104 796 WerFault.exe 37 1544 492 WerFault.exe 39 2500 2324 WerFault.exe 36 3036 1552 WerFault.exe 40 2628 1096 WerFault.exe 38 1512 1300 WerFault.exe 43 2812 1936 WerFault.exe 44 1604 1816 WerFault.exe 48 2928 1432 WerFault.exe 45 1272 2780 WerFault.exe 49 1540 2732 WerFault.exe 47 1748 1592 WerFault.exe 46 2984 1136 WerFault.exe 53 964 1352 WerFault.exe 55 864 1504 WerFault.exe 57 2460 1688 WerFault.exe 60 2448 860 WerFault.exe 61 3032 856 WerFault.exe 62 3000 768 WerFault.exe 54 1468 2168 WerFault.exe 64 1740 1508 WerFault.exe 59 2588 2700 WerFault.exe 67 2080 1516 WerFault.exe 58 1676 748 WerFault.exe 85 2156 1652 WerFault.exe 83 844 2452 WerFault.exe 75 2240 2392 WerFault.exe 77 2704 1948 WerFault.exe 86 2208 1956 WerFault.exe 82 1608 1728 WerFault.exe 79 2316 2224 WerFault.exe 84 876 2348 WerFault.exe 78 1736 1708 WerFault.exe 70 3184 2772 WerFault.exe 89 3376 1872 WerFault.exe 56 3464 1940 WerFault.exe 81 3720 1660 WerFault.exe 80 3920 2604 WerFault.exe 122 3972 2088 WerFault.exe 63 3992 1288 WerFault.exe 76 4016 2684 WerFault.exe 72 4064 2524 WerFault.exe 73 3084 2196 WerFault.exe 74 3328 532 WerFault.exe 131 3364 2888 WerFault.exe 129 3412 2716 WerFault.exe 136 3484 1564 WerFault.exe 105 3524 3048 WerFault.exe 92 3628 2592 WerFault.exe 91 3692 1696 WerFault.exe 103 3760 2192 WerFault.exe 104 3784 2036 WerFault.exe 123 3792 3004 WerFault.exe 94 3800 2536 WerFault.exe 107 3872 1960 WerFault.exe 106 3284 1964 WerFault.exe 109 3280 2120 WerFault.exe 126 -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 3008 Unicorn-45386.exe 3020 Unicorn-57721.exe 2512 Unicorn-7129.exe 2580 Unicorn-9371.exe 2544 Unicorn-56434.exe 2464 Unicorn-59127.exe 796 Unicorn-17072.exe 2324 Unicorn-22548.exe 1552 Unicorn-27186.exe 492 Unicorn-16326.exe 1096 Unicorn-45106.exe 1300 Unicorn-41681.exe 1936 Unicorn-39543.exe 1592 Unicorn-15038.exe 1816 Unicorn-23207.exe 2732 Unicorn-3341.exe 2780 Unicorn-7425.exe 1432 Unicorn-23761.exe 1136 Unicorn-9091.exe 768 Unicorn-30066.exe 1352 Unicorn-13730.exe 1872 Unicorn-62739.exe 1504 Unicorn-17068.exe 1516 Unicorn-31266.exe 1688 Unicorn-41572.exe 1508 Unicorn-17622.exe 856 Unicorn-36118.exe 860 Unicorn-36118.exe 2088 Unicorn-44286.exe 2168 Unicorn-28504.exe 2700 Unicorn-32610.exe 1708 Unicorn-53777.exe 2684 Unicorn-18220.exe 2524 Unicorn-23373.exe 2196 Unicorn-41655.exe 2452 Unicorn-18774.exe 1288 Unicorn-23949.exe 2392 Unicorn-38893.exe 2348 Unicorn-3336.exe 1728 Unicorn-63398.exe 1660 Unicorn-9366.exe 1940 Unicorn-23757.exe 1652 Unicorn-42785.exe 1956 Unicorn-58567.exe 748 Unicorn-33871.exe 2224 Unicorn-33871.exe 1948 Unicorn-22173.exe 2772 Unicorn-10134.exe 2592 Unicorn-61836.exe 3048 Unicorn-61836.exe 3004 Unicorn-26471.exe 1580 Unicorn-28993.exe 1420 Unicorn-30123.exe 2276 Unicorn-17125.exe 1696 Unicorn-19263.exe 1564 Unicorn-42375.exe 2192 Unicorn-64934.exe 2536 Unicorn-29054.exe 1960 Unicorn-62241.exe 1988 Unicorn-52812.exe 2444 Unicorn-2734.exe 1964 Unicorn-56019.exe 2364 Unicorn-39491.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2868 wrote to memory of 3008 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 28 PID 2868 wrote to memory of 3008 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 28 PID 2868 wrote to memory of 3008 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 28 PID 2868 wrote to memory of 3008 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 28 PID 3008 wrote to memory of 3020 3008 Unicorn-45386.exe 29 PID 3008 wrote to memory of 3020 3008 Unicorn-45386.exe 29 PID 3008 wrote to memory of 3020 3008 Unicorn-45386.exe 29 PID 3008 wrote to memory of 3020 3008 Unicorn-45386.exe 29 PID 2868 wrote to memory of 2512 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 30 PID 2868 wrote to memory of 2512 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 30 PID 2868 wrote to memory of 2512 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 30 PID 2868 wrote to memory of 2512 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 30 PID 2868 wrote to memory of 2532 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 31 PID 2868 wrote to memory of 2532 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 31 PID 2868 wrote to memory of 2532 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 31 PID 2868 wrote to memory of 2532 2868 1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe 31 PID 3020 wrote to memory of 2580 3020 Unicorn-57721.exe 32 PID 3020 wrote to memory of 2580 3020 Unicorn-57721.exe 32 PID 3020 wrote to memory of 2580 3020 Unicorn-57721.exe 32 PID 3020 wrote to memory of 2580 3020 Unicorn-57721.exe 32 PID 3008 wrote to memory of 2464 3008 Unicorn-45386.exe 34 PID 3008 wrote to memory of 2464 3008 Unicorn-45386.exe 34 PID 3008 wrote to memory of 2464 3008 Unicorn-45386.exe 34 PID 3008 wrote to memory of 2464 3008 Unicorn-45386.exe 34 PID 2512 wrote to memory of 2544 2512 Unicorn-7129.exe 33 PID 2512 wrote to memory of 2544 2512 Unicorn-7129.exe 33 PID 2512 wrote to memory of 2544 2512 Unicorn-7129.exe 33 PID 2512 wrote to memory of 2544 2512 Unicorn-7129.exe 33 PID 3008 wrote to memory of 2836 3008 Unicorn-45386.exe 35 PID 3008 wrote to memory of 2836 3008 Unicorn-45386.exe 35 PID 3008 wrote to memory of 2836 3008 Unicorn-45386.exe 35 PID 3008 wrote to memory of 2836 3008 Unicorn-45386.exe 35 PID 2544 wrote to memory of 2324 2544 Unicorn-56434.exe 36 PID 2544 wrote to memory of 2324 2544 Unicorn-56434.exe 36 PID 2544 wrote to memory of 2324 2544 Unicorn-56434.exe 36 PID 2544 wrote to memory of 2324 2544 Unicorn-56434.exe 36 PID 2512 wrote to memory of 796 2512 Unicorn-7129.exe 37 PID 2512 wrote to memory of 796 2512 Unicorn-7129.exe 37 PID 2512 wrote to memory of 796 2512 Unicorn-7129.exe 37 PID 2512 wrote to memory of 796 2512 Unicorn-7129.exe 37 PID 2580 wrote to memory of 1096 2580 Unicorn-9371.exe 38 PID 2580 wrote to memory of 1096 2580 Unicorn-9371.exe 38 PID 2580 wrote to memory of 1096 2580 Unicorn-9371.exe 38 PID 2580 wrote to memory of 1096 2580 Unicorn-9371.exe 38 PID 3020 wrote to memory of 1552 3020 Unicorn-57721.exe 40 PID 3020 wrote to memory of 1552 3020 Unicorn-57721.exe 40 PID 3020 wrote to memory of 1552 3020 Unicorn-57721.exe 40 PID 3020 wrote to memory of 1552 3020 Unicorn-57721.exe 40 PID 2464 wrote to memory of 492 2464 Unicorn-59127.exe 39 PID 2464 wrote to memory of 492 2464 Unicorn-59127.exe 39 PID 2464 wrote to memory of 492 2464 Unicorn-59127.exe 39 PID 2464 wrote to memory of 492 2464 Unicorn-59127.exe 39 PID 3020 wrote to memory of 1868 3020 Unicorn-57721.exe 41 PID 3020 wrote to memory of 1868 3020 Unicorn-57721.exe 41 PID 3020 wrote to memory of 1868 3020 Unicorn-57721.exe 41 PID 3020 wrote to memory of 1868 3020 Unicorn-57721.exe 41 PID 2512 wrote to memory of 1996 2512 Unicorn-7129.exe 42 PID 2512 wrote to memory of 1996 2512 Unicorn-7129.exe 42 PID 2512 wrote to memory of 1996 2512 Unicorn-7129.exe 42 PID 2512 wrote to memory of 1996 2512 Unicorn-7129.exe 42 PID 796 wrote to memory of 1300 796 Unicorn-17072.exe 43 PID 796 wrote to memory of 1300 796 Unicorn-17072.exe 43 PID 796 wrote to memory of 1300 796 Unicorn-17072.exe 43 PID 796 wrote to memory of 1300 796 Unicorn-17072.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1ef30c8dbab47b2b8f5e5d56ab0909f0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1096 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-16596.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16596.exe9⤵PID:2384
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe10⤵PID:3172
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe11⤵PID:4588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35462.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35462.exe12⤵PID:5512
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe13⤵PID:8044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe14⤵PID:8548
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 23614⤵PID:4284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 21613⤵PID:3076
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 21612⤵PID:6252
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 21611⤵PID:5772
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 23610⤵PID:5068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 2369⤵
- Program crash
PID:3992
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe8⤵PID:2000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe9⤵PID:3680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe10⤵PID:5020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41108.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41108.exe11⤵PID:5848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22136.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22136.exe12⤵PID:6448
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe13⤵PID:8960
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 21613⤵PID:8664
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 21612⤵PID:8176
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 21611⤵PID:7060
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 21610⤵PID:5336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 2369⤵PID:4568
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 2408⤵
- Program crash
PID:2080
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56019.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56019.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe9⤵PID:868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59159.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59159.exe10⤵PID:4200
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe11⤵PID:5300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe12⤵PID:6576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe13⤵PID:8980
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 23613⤵PID:2904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 21612⤵PID:7348
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 21611⤵PID:6472
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 21610⤵PID:4336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 2369⤵
- Program crash
PID:3284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 2368⤵
- Program crash
PID:2240
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 2407⤵
- Program crash
PID:1604
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe8⤵PID:2604
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 2409⤵
- Program crash
PID:3920
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 2368⤵
- Program crash
PID:3720
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe7⤵PID:2036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe8⤵PID:3256
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe9⤵PID:3820
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 22010⤵PID:6048
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 2169⤵PID:5116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 2368⤵
- Program crash
PID:3784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 2407⤵
- Program crash
PID:1740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 2406⤵
- Program crash
PID:2628
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe9⤵PID:3828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe10⤵PID:4100
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8269.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8269.exe11⤵PID:6024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe12⤵PID:6932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49619.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49619.exe13⤵PID:9044
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 21613⤵PID:8928
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 21612⤵PID:7368
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 21611⤵PID:6400
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 23610⤵PID:4208
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 2369⤵
- Program crash
PID:3872
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 2368⤵
- Program crash
PID:3464
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe8⤵PID:2232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe9⤵PID:3984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe10⤵PID:5760
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35758.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35758.exe11⤵PID:7036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe12⤵PID:8840
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 21612⤵PID:8656
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 23611⤵PID:8100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 21610⤵PID:6184
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 2369⤵PID:5096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 2368⤵
- Program crash
PID:3800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 2407⤵
- Program crash
PID:3032
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42785.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42785.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe8⤵PID:3204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe9⤵PID:5108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe10⤵PID:5216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe11⤵PID:8144
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe12⤵PID:8712
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 23612⤵PID:9240
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 23611⤵PID:8248
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 21610⤵PID:6792
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 2169⤵PID:5376
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 2368⤵PID:3844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 2367⤵
- Program crash
PID:2156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 2206⤵
- Program crash
PID:1272
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 2405⤵
- Loads dropped DLL
- Program crash
PID:1080
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe8⤵PID:816
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41951.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41951.exe9⤵PID:2020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe10⤵PID:4528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe11⤵PID:2796
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe12⤵PID:7800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe13⤵PID:9000
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 21613⤵PID:5868
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 21612⤵PID:7264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 21611⤵PID:6868
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 23610⤵PID:4916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 2169⤵PID:3448
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe8⤵PID:744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe9⤵PID:4340
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe10⤵PID:5400
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe11⤵PID:7272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe12⤵PID:8456
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 23612⤵PID:2188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 22011⤵PID:908
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 22010⤵PID:6480
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 2169⤵PID:4804
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 2408⤵PID:3592
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe7⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe8⤵PID:3436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe9⤵PID:4248
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8648.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8648.exe10⤵PID:6900
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe11⤵PID:8540
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 23611⤵PID:8788
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 21610⤵PID:7704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 2369⤵PID:6068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 2168⤵PID:4384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 2407⤵
- Program crash
PID:4064
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1420 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe7⤵PID:2716
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16269.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16269.exe8⤵PID:3316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe9⤵PID:3648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe10⤵PID:5488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe11⤵PID:6896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe12⤵PID:8868
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 21612⤵PID:4840
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 23611⤵PID:8024
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 23610⤵PID:5396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 2169⤵PID:4648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 2368⤵
- Program crash
PID:3412
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14685.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14685.exe7⤵PID:3388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe8⤵PID:4620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe9⤵PID:2864
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe10⤵PID:7616
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe11⤵PID:8876
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 23611⤵PID:5900
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 23610⤵PID:8068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 2169⤵PID:6860
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 2168⤵PID:4616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 2407⤵PID:4160
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 2406⤵
- Program crash
PID:964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 2165⤵
- Program crash
PID:3036
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1868
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2464 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:492 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-39543.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39543.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe8⤵PID:532
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe9⤵PID:1008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe10⤵PID:3840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe11⤵PID:5548
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe12⤵PID:5544
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe13⤵PID:8932
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 21613⤵PID:3232
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 21612⤵PID:8168
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 23611⤵PID:1228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 21610⤵PID:4700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 2369⤵
- Program crash
PID:3328
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe8⤵PID:1496
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe9⤵PID:3220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe10⤵PID:5388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe11⤵PID:6412
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe12⤵PID:8764
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 21612⤵PID:3636
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 21611⤵PID:7940
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 2369⤵PID:4796
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 2208⤵
- Program crash
PID:3524
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 2167⤵
- Program crash
PID:864
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe7⤵
- Executes dropped EXE
PID:2472 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe8⤵PID:3148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe9⤵PID:4908
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe10⤵PID:6104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16241.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16241.exe11⤵PID:6716
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe12⤵PID:8428
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 23612⤵PID:8644
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 23611⤵PID:7456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 21610⤵PID:6392
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 2169⤵PID:5292
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 2368⤵PID:3928
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 2367⤵
- Program crash
PID:844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 2406⤵
- Program crash
PID:2812
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe8⤵PID:2272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe9⤵PID:3516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe10⤵PID:4692
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe10⤵PID:4304
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6681.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6681.exe11⤵PID:5960
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe12⤵PID:7372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe13⤵PID:9188
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 23613⤵PID:9316
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 23612⤵PID:8352
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 21611⤵PID:6620
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 22010⤵PID:5528
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 2169⤵PID:4180
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe8⤵PID:3492
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12179.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12179.exe9⤵PID:4988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe10⤵PID:6132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe11⤵PID:7216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe12⤵PID:8892
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 23612⤵PID:9284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 23611⤵PID:8292
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 21610⤵PID:7084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 2169⤵PID:5320
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 2408⤵PID:4172
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe7⤵PID:2892
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe8⤵PID:3564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe9⤵PID:5088
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe10⤵PID:6960
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe11⤵PID:8596
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 23611⤵PID:8916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 23610⤵PID:7744
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 2369⤵PID:5444
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 2368⤵PID:4456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 2407⤵
- Program crash
PID:3084
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe7⤵PID:3772
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe8⤵PID:3372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe9⤵PID:5860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe10⤵PID:6500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe11⤵PID:8676
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 21611⤵PID:9104
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 21610⤵PID:7584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 2169⤵PID:6260
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 2168⤵PID:5064
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 2367⤵
- Program crash
PID:3760
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 2406⤵
- Program crash
PID:3376
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 492 -s 2405⤵
- Program crash
PID:1544
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-8427.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8427.exe7⤵PID:2708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe8⤵PID:2244
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe9⤵PID:4296
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe10⤵PID:5756
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe11⤵PID:7192
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe12⤵PID:8288
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 21612⤵PID:8920
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 21611⤵PID:7700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 22010⤵PID:6636
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 2169⤵PID:4480
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 2368⤵PID:3428
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 2367⤵
- Program crash
PID:876
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe6⤵PID:1032
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 2406⤵
- Program crash
PID:2460
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-39491.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39491.exe6⤵
- Suspicious use of SetWindowsHookEx
PID:2364 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe7⤵PID:3616
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe8⤵PID:4388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe9⤵PID:5672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe10⤵PID:7132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe11⤵PID:8732
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 23611⤵PID:4400
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 23610⤵PID:7900
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 2169⤵PID:5180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 2168⤵PID:4696
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 2367⤵PID:3708
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 2366⤵
- Program crash
PID:1608
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 2405⤵
- Program crash
PID:2928
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:944
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:2836
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2324 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe8⤵PID:1392
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe9⤵PID:3652
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe10⤵PID:4764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14190.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14190.exe11⤵PID:5792
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe12⤵PID:7480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe13⤵PID:8552
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 23613⤵PID:4964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 23612⤵PID:7976
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 22011⤵PID:6644
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 21610⤵PID:5192
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 2369⤵PID:4540
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 2168⤵
- Program crash
PID:2316
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe7⤵PID:916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe8⤵PID:1768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe9⤵PID:4420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe10⤵PID:5816
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe11⤵PID:7860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe12⤵PID:9160
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 23612⤵PID:5920
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 21611⤵PID:7492
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 21610⤵PID:7068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 2369⤵PID:5652
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 2168⤵PID:4968
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 2207⤵
- Program crash
PID:3972
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe8⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe9⤵PID:4712
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30252.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30252.exe10⤵PID:5948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe11⤵PID:7124
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe12⤵PID:8968
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 21612⤵PID:8748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 21611⤵PID:8124
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 21610⤵PID:6324
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 2169⤵PID:5164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 2368⤵PID:3676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 2367⤵
- Program crash
PID:2704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 2406⤵
- Program crash
PID:1748
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe7⤵
- Executes dropped EXE
PID:2656 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe8⤵PID:2728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe9⤵PID:4608
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe10⤵PID:5712
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe11⤵PID:7644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe12⤵PID:8816
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 23612⤵PID:5908
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 21611⤵PID:8084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 21610⤵PID:6612
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 2169⤵PID:5148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 2368⤵PID:3140
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 2367⤵
- Program crash
PID:2208
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe6⤵PID:680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe7⤵PID:3116
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe8⤵PID:4444
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe9⤵PID:5944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe10⤵PID:6884
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe11⤵PID:8796
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 23611⤵PID:8380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 21610⤵PID:7172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 2169⤵PID:6696
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 2168⤵PID:5052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 2367⤵PID:3244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 2406⤵
- Program crash
PID:1468
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 2405⤵
- Program crash
PID:2500
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:748 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe8⤵PID:1824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe9⤵PID:3228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe10⤵PID:6140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe11⤵PID:7320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe12⤵PID:9196
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 21612⤵PID:5440
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 21611⤵PID:7816
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 21610⤵PID:6456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 2369⤵PID:4920
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 2368⤵
- Program crash
PID:3692
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 2367⤵
- Program crash
PID:1676
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21675.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21675.exe7⤵PID:3936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe8⤵PID:3132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe9⤵PID:5704
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe10⤵PID:7112
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe11⤵PID:8900
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 21611⤵PID:8476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 21610⤵PID:7288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 2369⤵PID:6148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 2368⤵PID:4780
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 2367⤵
- Program crash
PID:3484
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 2406⤵
- Program crash
PID:2448
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 2365⤵
- Program crash
PID:1540
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:2972
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:796 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe8⤵PID:2120
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe9⤵PID:3576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe10⤵PID:4256
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20906.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20906.exe11⤵PID:5660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe12⤵PID:7116
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe13⤵PID:9116
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 21613⤵PID:8560
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 21612⤵PID:7660
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 21611⤵PID:6604
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 21610⤵PID:4452
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 2369⤵
- Program crash
PID:3280
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 2368⤵
- Program crash
PID:3184
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe7⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe8⤵PID:3500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe9⤵PID:4484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe10⤵PID:6124
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe11⤵PID:7568
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe12⤵PID:8752
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 23612⤵PID:8200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 21611⤵PID:8060
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 21610⤵PID:6768
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 2169⤵PID:4316
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 2368⤵PID:4136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 2407⤵
- Program crash
PID:2588
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe7⤵PID:2888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe8⤵PID:2832
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe9⤵PID:3960
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe10⤵PID:5616
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe11⤵PID:7004
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe12⤵PID:8624
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 23612⤵PID:8956
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 21611⤵PID:7780
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 23610⤵PID:3220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 2369⤵PID:4736
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 2368⤵
- Program crash
PID:3364
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe7⤵PID:936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe8⤵PID:3744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe9⤵PID:5988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe10⤵PID:7156
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe11⤵PID:9080
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 21611⤵PID:1220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 21610⤵PID:7508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 2169⤵PID:6356
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 2168⤵PID:4852
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 2407⤵
- Program crash
PID:3628
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 2406⤵
- Program crash
PID:2984
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe7⤵PID:984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe8⤵PID:1332
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50259.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50259.exe9⤵PID:5056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7558.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7558.exe10⤵PID:5720
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe11⤵PID:7952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe12⤵PID:9208
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 23612⤵PID:5904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 21611⤵PID:7244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 23610⤵PID:6992
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 2369⤵PID:5344
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 2368⤵PID:3324
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe7⤵PID:1624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe8⤵PID:3212
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe9⤵PID:6076
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe10⤵PID:7236
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe11⤵PID:9168
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 21611⤵PID:5420
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 21610⤵PID:7756
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 2169⤵PID:6432
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 2168⤵PID:5080
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 2407⤵
- Program crash
PID:3792
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe6⤵PID:1672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe7⤵PID:3732
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe8⤵PID:4128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe9⤵PID:5688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe10⤵PID:8072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe11⤵PID:9032
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 23611⤵PID:5596
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 23610⤵PID:8228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 2169⤵PID:2664
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 2168⤵PID:5412
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 2167⤵PID:3604
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 2406⤵
- Program crash
PID:1736
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 2405⤵
- Program crash
PID:1512
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe6⤵PID:1720
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe7⤵PID:3240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe8⤵PID:5012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe9⤵PID:6804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe10⤵PID:8460
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 21610⤵PID:8672
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 2169⤵PID:7540
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 2368⤵PID:6008
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 2367⤵PID:4216
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 2366⤵
- Program crash
PID:4016
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe5⤵PID:1648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe6⤵PID:1252
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39315.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39315.exe7⤵PID:4404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe8⤵PID:5824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe9⤵PID:7104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe10⤵PID:8704
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 23610⤵PID:9092
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 2369⤵PID:7884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 2168⤵PID:6228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 2167⤵PID:4584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 2366⤵PID:3644
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 2405⤵
- Program crash
PID:3000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 2404⤵
- Program crash
PID:2104
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:1996
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 2402⤵
- Program crash
PID:2532
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD5dffff9f46d940c8d832330116019da14
SHA1880cfbb836e9f2f0cfeb2da300e9893c62df15b8
SHA2560d5c7b0d3321285acc457757d895603456a6f52f3d35f77deee155a489d175fa
SHA51231fa2e91e829d9d9d3b2bc5dfed5fdd517373bb2cf9a11bae28ef4106521416ce4ac9ecfe0b6183db3041aff52405afcf1274cf08cd1b5384ac3c4d8fe4aff06
-
Filesize
184KB
MD50e51052b5a4f462fadad70c362880f90
SHA10b3e97ed51c933ec9fff64e84f1ebe76d13a30ad
SHA256c1ce3869e6504c748df7372c07cc1c75b34db324c591a6b620941bfa14ea3a6f
SHA512d6692fda19be74415584594008eada480cb4481d587c3d339d67487bda61bb92bb50d28439d1d6e2e09b6c00c89b37e81aaa3d7ec4f3b6e1ea45563998d47605
-
Filesize
184KB
MD5fb43067c68c5b51cb46c7e9827078f78
SHA18580112d69736e4280d4a5140709d1d6103306e8
SHA2567c9c64144e4159dc67072d262ca9d02a1bc60db46a7e91d6f2beb56d6917d66f
SHA512265c6e20bc9a090216f01637a20e8b2098c23909c87764e255352be60d5288dc9d08fcd187c9304017c5cc7e8823512d446d0acbf316b1f50387bf23091f98c9
-
Filesize
184KB
MD5ab1106646d3932ac1ede12afc6d04a31
SHA178e9e0005f8ade954ac0ad0fa0b083ef91a7ea44
SHA256dbd295cb523f51f4f5fa561572b2c2e9816f77070ec3e59bf30bb59776d5939e
SHA5129506163594d330264a1d5472ef5c59ad707b9651a1884b8cf9100d699891eeeec7674240b40811199dbcce43fdd9234a3066ef4431edbefc3e8958e3ff5df126
-
Filesize
184KB
MD5c17d68d1e167a2382e14fc9b889167e4
SHA1570d2bd135d661e7b97710f326b4a11851e9d16d
SHA25639892c974330d97f715bd606f1963237353dce962845586ebc5400d8d83de2f8
SHA5128a8b55babda9361c446eba94dbbc94e204e57a7ed3676b61533381831c63a38ebc8272a2b508287a2cd51c0c8ceb3a3945a805fab55b92de023d43389d1eebf5
-
Filesize
184KB
MD5e511f4094d115061356057afbfb1284f
SHA1e3c271df0e004d41fa0a95233c588b68b9458863
SHA256f4ed1d3390fb010a11a55543b173d90884053af3e6cd45feef4538011a0a7d39
SHA5127c818a2008486984849b20dbd94204d5b4675a46da3a21755c9637299ad5012c8f31a553de4607cd016696f3f7e7a700d798f62d016ab8b48379dc99ec43737d
-
Filesize
184KB
MD5654723d67684a89ca67b01e6d8fae24a
SHA122af29a8d7681a9465fede61a5355906d2518301
SHA2564604d3dd9d9e3ca66a147cf7e8bd8aa37fcf204153efd049d4de25ce9568b937
SHA51239e702b041d05597a54871bf16f1006505f3146f10c0ac0f6e306c75cedc87640bfe64dbcf5941ccbd6f47efab81416491b4af23d11d271c635b8ed098eafbc6
-
Filesize
184KB
MD550f109dd79ced1edf4406a1d4203ce38
SHA1f1138c380cc568d6e904b3941fd98113773734b2
SHA25614287ea9268aaaaa5e8f9c6d91a64fd69c1938d4629c132638681a4889a98887
SHA5126e19dd66e6b55cf4b54f3bfd42d22cc0003f02c60a4f4d7fda0a50ee082f6153672ff6df04c50132bf466ac52c51db9db83082d9b36fb46556b9830941c98a4d
-
Filesize
184KB
MD510bbb0bf880059e6fa2d45d359df531d
SHA18676a230bab24bccf55e86251ae018d1c0ef948c
SHA256c2fe620af04f3c50ba0eb9740b7217aebb7fb0bdea9916a8cbdd3df459c02288
SHA5125bd41dbe720332ed29334461f0e93a4fc59601cd8001cf2cc0cbd3c9f2f2efc65bbf71a9ae6c833527629466cee8664a3149d848da53c1b7d5568b1cf0465ee4
-
Filesize
184KB
MD5972ef42cefd2c00431e7c8ade9d2c56c
SHA19e33ba24a0d8c9d34f423072f85724a41bbdd69c
SHA256fc06e6a5b215604fd92896317a1e8fc6bdb9924301deb605fc511bda6aa47bc9
SHA5128e705ddc7b6aaf16ae204db1fcc50c5a7cb92a47bf22ba3644dcb9da985c3a9d3afceaeb692684e9f761123ff1aaa49830fb4b5f92ce86f9cad9ca05e236dda2
-
Filesize
184KB
MD53749778499bbdf517d13b7490dc95e9c
SHA1a5f4308081b3f90d417ff22744394e579e2cf1d1
SHA25675cd94b8aa62604b8ea1dc593e8955cdd8fc0f0954acf5dff956ac199ec58211
SHA5128425609bac005d3213663e1776163eef379cbd7106d30488f2c113bcc5cf47277e7ac37badd03e4b53891422df4f71b59b417663696d5600292fc62f510f56c8
-
Filesize
184KB
MD57aeb024a6eb50f5c6fbb5ce74d04385c
SHA19e870f370c9b312e224bab3d7348a9f53e655752
SHA25659e266301190205c96b257e2641edba85c46e31b3fc6de389ff07809812f775d
SHA512f3674aa8fe283cfd356c2e4f62db4e3eee588a3ea340e40873a0977c6e8f7c5985913dd86b5b9a3b969a1cbba23fa049e1b4a350b40d433b7ea77bbaeab690af
-
Filesize
184KB
MD58880acc9876d8cc8189f69b4a8f78db0
SHA1ca11930b3303a430d3f437505faecfc0c569328a
SHA25680ee40be6e8052f45a2568f1390bea63583a379839bd7885fd57764a6c620685
SHA512c577671283df9abb2e190bb8a1ea673e6d9342582563611c8a2ee49fcc2e95d1ca40bdc694f03222ae2279a44b444f6d21e33e950868a2f332e81e02122afbe7
-
Filesize
184KB
MD5b6d91d4dafcfdbdf422995fc10bd87fe
SHA13975ec9470c73a594892b6e892332166c359d877
SHA2566a042f29ee9d12131aa3ac99fd94666ac0bad396b042b3d60dfa5eed7de8f8bb
SHA512b1dcf90a1cd1edc73e282c1a7a8bb9098d2f6c5cb16a1cbae0b358fb22564f1eacdda005ee6921f61e296544670b1ceff232d4c3bec139cfe48605ca97ee873d
-
Filesize
184KB
MD5a49123403b16c84c0878897e7b442588
SHA1a1fce4ad7ab5f9d2a23df70af9a4c4d2057a16cf
SHA256cc2de6158585ae360e1cc6e53f07486f770312a5958ff4d5df99e21d3147d105
SHA5126c515011b7345ca4180a574d5513937d7bc2a35e18e3e2a4cbb704d8e3d92a0266366a1adab3eb51ec0ee2c00c6eb02146473cfff1e2e17aaf8829a209cb719d
-
Filesize
184KB
MD529e0fb6b8f4e1367d1b5dc7a4b5fef0a
SHA143b443e58390c24d11a50fd41d95c40bbeaefe66
SHA256d4c375fce9741a1e0273f072273116acf646454012ffa43c2da08d70f80df216
SHA512ed7257b7167cd77973e947de4b28ef62107229d4a86671db60ac83a7b997f749fcbfbecc65653256e51e12f26fee4dbafa48f8957b745f2d02f97cecaead70ff