Analysis
-
max time kernel
40s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 03:16
Static task
static1
Behavioral task
behavioral1
Sample
5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe
-
Size
184KB
-
MD5
5a1dfac770532be77a0faa7b7286dae0
-
SHA1
a593f39d4b510e69687c09327f1978058ed75c5b
-
SHA256
03601958043efd09ad5301b8a717c1b1e8da0c28fdbad57845396b7830bad982
-
SHA512
e4b005fbba7a60e8bf8aa33f4f0f6129dda2b695752664468c9bdd95ce36dc93838a08ef2a2e58a74ce6d287f6b0c6205aa33cdcda6164fc76c21870338f5d96
-
SSDEEP
3072:I/Ewq7o17DOOIHtWWpNaxKSKhln4iFvn3:I/uoIDHtta4SKhln4iFv
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 1668 Unicorn-45085.exe 668 Unicorn-4893.exe 2880 Unicorn-34228.exe 2584 Unicorn-3061.exe 2692 Unicorn-22927.exe 2472 Unicorn-17393.exe 2528 Unicorn-49188.exe 2240 Unicorn-29322.exe 2796 Unicorn-9167.exe 2440 Unicorn-21782.exe 2632 Unicorn-41648.exe 2840 Unicorn-7906.exe 1568 Unicorn-53578.exe 1288 Unicorn-39282.exe 604 Unicorn-55426.exe 680 Unicorn-55426.exe 772 Unicorn-19224.exe 812 Unicorn-2504.exe 992 Unicorn-22370.exe 2260 Unicorn-38898.exe 1472 Unicorn-19032.exe 1620 Unicorn-51057.exe 1192 Unicorn-64056.exe 1208 Unicorn-50289.exe 2272 Unicorn-17617.exe 1056 Unicorn-46952.exe 616 Unicorn-50097.exe 1744 Unicorn-50097.exe 2356 Unicorn-45691.exe 1628 Unicorn-19.exe 1612 Unicorn-1088.exe 948 Unicorn-33111.exe 2696 Unicorn-9967.exe 2044 Unicorn-11036.exe 2860 Unicorn-56708.exe 2448 Unicorn-9199.exe 2252 Unicorn-22198.exe 2828 Unicorn-42064.exe 2148 Unicorn-57751.exe 2932 Unicorn-7673.exe 2800 Unicorn-41222.exe 2776 Unicorn-27155.exe 1528 Unicorn-60704.exe 1444 Unicorn-56983.exe 2744 Unicorn-7097.exe 636 Unicorn-23241.exe 3012 Unicorn-11311.exe 1480 Unicorn-34837.exe 2552 Unicorn-54703.exe 2424 Unicorn-18501.exe 2124 Unicorn-38367.exe 2284 Unicorn-7806.exe 2100 Unicorn-3016.exe 912 Unicorn-6353.exe 1644 Unicorn-20421.exe 2320 Unicorn-55362.exe 2880 Unicorn-19160.exe 2684 Unicorn-51641.exe 1960 Unicorn-38642.exe 2996 Unicorn-54786.exe 2768 Unicorn-8273.exe 2160 Unicorn-20203.exe 1108 Unicorn-41138.exe 2812 Unicorn-23541.exe -
Loads dropped DLL 64 IoCs
pid Process 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 1668 Unicorn-45085.exe 1668 Unicorn-45085.exe 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 1668 Unicorn-45085.exe 668 Unicorn-4893.exe 1668 Unicorn-45085.exe 668 Unicorn-4893.exe 1696 WerFault.exe 1696 WerFault.exe 1696 WerFault.exe 1696 WerFault.exe 1696 WerFault.exe 2584 Unicorn-3061.exe 2692 Unicorn-22927.exe 2584 Unicorn-3061.exe 2692 Unicorn-22927.exe 668 Unicorn-4893.exe 668 Unicorn-4893.exe 2792 WerFault.exe 2792 WerFault.exe 2792 WerFault.exe 2792 WerFault.exe 2792 WerFault.exe 2528 Unicorn-49188.exe 2528 Unicorn-49188.exe 2692 Unicorn-22927.exe 2472 Unicorn-17393.exe 2692 Unicorn-22927.exe 2472 Unicorn-17393.exe 2240 Unicorn-29322.exe 2240 Unicorn-29322.exe 2584 Unicorn-3061.exe 2584 Unicorn-3061.exe 3028 WerFault.exe 3028 WerFault.exe 3028 WerFault.exe 3028 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3028 WerFault.exe 2440 Unicorn-21782.exe 2440 Unicorn-21782.exe 2796 Unicorn-9167.exe 2840 Unicorn-7906.exe 2840 Unicorn-7906.exe 2796 Unicorn-9167.exe 2240 Unicorn-29322.exe 2240 Unicorn-29322.exe 2528 Unicorn-49188.exe 2528 Unicorn-49188.exe 1568 Unicorn-53578.exe 1568 Unicorn-53578.exe 2632 Unicorn-41648.exe 2472 Unicorn-17393.exe 2472 Unicorn-17393.exe 2632 Unicorn-41648.exe 2152 WerFault.exe 2152 WerFault.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 2648 824 WerFault.exe 27 1696 1668 WerFault.exe 28 2792 668 WerFault.exe 29 3028 2584 WerFault.exe 32 3016 2692 WerFault.exe 33 2152 2528 WerFault.exe 36 1540 2472 WerFault.exe 35 1700 2240 WerFault.exe 37 1724 2440 WerFault.exe 40 2208 2840 WerFault.exe 42 2092 2796 WerFault.exe 39 960 1568 WerFault.exe 43 2600 2632 WerFault.exe 41 1588 1628 WerFault.exe 65 2228 1288 WerFault.exe 46 1556 812 WerFault.exe 50 868 680 WerFault.exe 48 112 2260 WerFault.exe 52 2680 1472 WerFault.exe 53 864 772 WerFault.exe 49 3068 604 WerFault.exe 47 2912 992 WerFault.exe 51 1492 1620 WerFault.exe 57 2548 1192 WerFault.exe 58 1080 1208 WerFault.exe 59 1760 2272 WerFault.exe 60 2888 1056 WerFault.exe 61 1664 2356 WerFault.exe 64 1612 616 WerFault.exe 62 3048 948 WerFault.exe 67 1656 1744 WerFault.exe 63 828 2696 WerFault.exe 73 2372 2044 WerFault.exe 74 3004 2860 WerFault.exe 75 3008 2448 WerFault.exe 76 2384 2252 WerFault.exe 77 2396 2828 WerFault.exe 78 1068 2148 WerFault.exe 79 3108 1444 WerFault.exe 86 3100 636 WerFault.exe 87 3092 2800 WerFault.exe 81 3084 1528 WerFault.exe 83 3076 2776 WerFault.exe 82 2704 2932 WerFault.exe 80 3124 2744 WerFault.exe 85 3252 3012 WerFault.exe 88 3460 2124 WerFault.exe 94 3588 2760 WerFault.exe 118 3476 2768 WerFault.exe 110 3768 2684 WerFault.exe 107 4024 1304 WerFault.exe 157 4348 3200 WerFault.exe 185 4332 2464 WerFault.exe 132 4340 448 WerFault.exe 162 4324 1688 WerFault.exe 151 4316 2880 WerFault.exe 106 4308 2928 WerFault.exe 142 4300 2752 WerFault.exe 168 4292 2988 WerFault.exe 152 4284 2160 WerFault.exe 111 4276 2780 WerFault.exe 116 4268 2812 WerFault.exe 114 4260 2312 WerFault.exe 163 4252 1960 WerFault.exe 108 -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 1668 Unicorn-45085.exe 668 Unicorn-4893.exe 2584 Unicorn-3061.exe 2692 Unicorn-22927.exe 2528 Unicorn-49188.exe 2472 Unicorn-17393.exe 2240 Unicorn-29322.exe 2440 Unicorn-21782.exe 2796 Unicorn-9167.exe 2840 Unicorn-7906.exe 1568 Unicorn-53578.exe 2632 Unicorn-41648.exe 1288 Unicorn-39282.exe 604 Unicorn-55426.exe 772 Unicorn-19224.exe 680 Unicorn-55426.exe 812 Unicorn-2504.exe 992 Unicorn-22370.exe 2260 Unicorn-38898.exe 1472 Unicorn-19032.exe 1620 Unicorn-51057.exe 1192 Unicorn-64056.exe 1208 Unicorn-50289.exe 2272 Unicorn-17617.exe 1056 Unicorn-46952.exe 616 Unicorn-50097.exe 2356 Unicorn-45691.exe 1628 Unicorn-19.exe 1744 Unicorn-50097.exe 948 Unicorn-33111.exe 2696 Unicorn-9967.exe 2044 Unicorn-11036.exe 2860 Unicorn-56708.exe 2448 Unicorn-9199.exe 2252 Unicorn-22198.exe 2828 Unicorn-42064.exe 2148 Unicorn-57751.exe 2932 Unicorn-7673.exe 2800 Unicorn-41222.exe 2776 Unicorn-27155.exe 1528 Unicorn-60704.exe 2744 Unicorn-7097.exe 1444 Unicorn-56983.exe 3012 Unicorn-11311.exe 636 Unicorn-23241.exe 1480 Unicorn-34837.exe 2552 Unicorn-54703.exe 2424 Unicorn-18501.exe 2124 Unicorn-38367.exe 2284 Unicorn-7806.exe 2100 Unicorn-3016.exe 912 Unicorn-6353.exe 1644 Unicorn-20421.exe 2320 Unicorn-55362.exe 2880 Unicorn-19160.exe 2684 Unicorn-51641.exe 1960 Unicorn-38642.exe 2996 Unicorn-54786.exe 2160 Unicorn-20203.exe 2768 Unicorn-8273.exe 1108 Unicorn-41138.exe 2764 Unicorn-57282.exe 2968 Unicorn-4360.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 824 wrote to memory of 1668 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 28 PID 824 wrote to memory of 1668 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 28 PID 824 wrote to memory of 1668 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 28 PID 824 wrote to memory of 1668 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 28 PID 1668 wrote to memory of 668 1668 Unicorn-45085.exe 29 PID 1668 wrote to memory of 668 1668 Unicorn-45085.exe 29 PID 1668 wrote to memory of 668 1668 Unicorn-45085.exe 29 PID 1668 wrote to memory of 668 1668 Unicorn-45085.exe 29 PID 824 wrote to memory of 2880 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 30 PID 824 wrote to memory of 2880 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 30 PID 824 wrote to memory of 2880 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 30 PID 824 wrote to memory of 2880 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 30 PID 824 wrote to memory of 2648 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 31 PID 824 wrote to memory of 2648 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 31 PID 824 wrote to memory of 2648 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 31 PID 824 wrote to memory of 2648 824 5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe 31 PID 1668 wrote to memory of 2584 1668 Unicorn-45085.exe 32 PID 1668 wrote to memory of 2584 1668 Unicorn-45085.exe 32 PID 1668 wrote to memory of 2584 1668 Unicorn-45085.exe 32 PID 1668 wrote to memory of 2584 1668 Unicorn-45085.exe 32 PID 668 wrote to memory of 2692 668 Unicorn-4893.exe 33 PID 668 wrote to memory of 2692 668 Unicorn-4893.exe 33 PID 668 wrote to memory of 2692 668 Unicorn-4893.exe 33 PID 668 wrote to memory of 2692 668 Unicorn-4893.exe 33 PID 1668 wrote to memory of 1696 1668 Unicorn-45085.exe 34 PID 1668 wrote to memory of 1696 1668 Unicorn-45085.exe 34 PID 1668 wrote to memory of 1696 1668 Unicorn-45085.exe 34 PID 1668 wrote to memory of 1696 1668 Unicorn-45085.exe 34 PID 2584 wrote to memory of 2472 2584 Unicorn-3061.exe 35 PID 2584 wrote to memory of 2472 2584 Unicorn-3061.exe 35 PID 2584 wrote to memory of 2472 2584 Unicorn-3061.exe 35 PID 2584 wrote to memory of 2472 2584 Unicorn-3061.exe 35 PID 2692 wrote to memory of 2528 2692 Unicorn-22927.exe 36 PID 2692 wrote to memory of 2528 2692 Unicorn-22927.exe 36 PID 2692 wrote to memory of 2528 2692 Unicorn-22927.exe 36 PID 2692 wrote to memory of 2528 2692 Unicorn-22927.exe 36 PID 668 wrote to memory of 2240 668 Unicorn-4893.exe 37 PID 668 wrote to memory of 2240 668 Unicorn-4893.exe 37 PID 668 wrote to memory of 2240 668 Unicorn-4893.exe 37 PID 668 wrote to memory of 2240 668 Unicorn-4893.exe 37 PID 668 wrote to memory of 2792 668 Unicorn-4893.exe 38 PID 668 wrote to memory of 2792 668 Unicorn-4893.exe 38 PID 668 wrote to memory of 2792 668 Unicorn-4893.exe 38 PID 668 wrote to memory of 2792 668 Unicorn-4893.exe 38 PID 2528 wrote to memory of 2796 2528 Unicorn-49188.exe 39 PID 2528 wrote to memory of 2796 2528 Unicorn-49188.exe 39 PID 2528 wrote to memory of 2796 2528 Unicorn-49188.exe 39 PID 2528 wrote to memory of 2796 2528 Unicorn-49188.exe 39 PID 2692 wrote to memory of 2440 2692 Unicorn-22927.exe 40 PID 2692 wrote to memory of 2440 2692 Unicorn-22927.exe 40 PID 2692 wrote to memory of 2440 2692 Unicorn-22927.exe 40 PID 2692 wrote to memory of 2440 2692 Unicorn-22927.exe 40 PID 2472 wrote to memory of 2632 2472 Unicorn-17393.exe 41 PID 2472 wrote to memory of 2632 2472 Unicorn-17393.exe 41 PID 2472 wrote to memory of 2632 2472 Unicorn-17393.exe 41 PID 2472 wrote to memory of 2632 2472 Unicorn-17393.exe 41 PID 2240 wrote to memory of 2840 2240 Unicorn-29322.exe 42 PID 2240 wrote to memory of 2840 2240 Unicorn-29322.exe 42 PID 2240 wrote to memory of 2840 2240 Unicorn-29322.exe 42 PID 2240 wrote to memory of 2840 2240 Unicorn-29322.exe 42 PID 2584 wrote to memory of 1568 2584 Unicorn-3061.exe 43 PID 2584 wrote to memory of 1568 2584 Unicorn-3061.exe 43 PID 2584 wrote to memory of 1568 2584 Unicorn-3061.exe 43 PID 2584 wrote to memory of 1568 2584 Unicorn-3061.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5a1dfac770532be77a0faa7b7286dae0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:824 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1668 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:668 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9167.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9167.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2796 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:680 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe11⤵PID:2624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe12⤵PID:3632
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 23612⤵PID:4148
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe11⤵PID:3580
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 24011⤵PID:4792
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe10⤵PID:1640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe11⤵PID:3912
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 23611⤵PID:4740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 24010⤵
- Program crash
PID:2396
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4371.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4371.exe10⤵PID:1776
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe11⤵PID:3624
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 23611⤵PID:4748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 23610⤵
- Program crash
PID:3768
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 2409⤵
- Program crash
PID:1760
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41222.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41222.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1108 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe10⤵PID:2312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe11⤵PID:3604
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 23611⤵
- Program crash
PID:4260
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe10⤵PID:3884
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 22010⤵PID:4868
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe9⤵PID:448
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe10⤵PID:3704
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 23610⤵
- Program crash
PID:4340
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 2409⤵
- Program crash
PID:3092
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 2408⤵
- Program crash
PID:868
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe10⤵PID:2564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe11⤵PID:3500
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 21610⤵
- Program crash
PID:3476
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe9⤵PID:2820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe10⤵PID:3568
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 23610⤵PID:4784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 2409⤵
- Program crash
PID:3076
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe9⤵PID:1048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe10⤵PID:3668
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe11⤵PID:6076
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 20411⤵PID:3780
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 23610⤵PID:4196
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe9⤵PID:3724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe10⤵PID:5044
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 23610⤵PID:5280
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 2409⤵
- Program crash
PID:4284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 2408⤵
- Program crash
PID:2888
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 2407⤵
- Program crash
PID:2092
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe10⤵PID:2876
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe11⤵PID:3192
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe12⤵PID:5988
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 23612⤵PID:3236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 23611⤵PID:3900
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exe10⤵PID:3296
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 22010⤵PID:4556
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe9⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe10⤵PID:3316
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 23610⤵PID:3532
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 2409⤵
- Program crash
PID:3008
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3016.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3016.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe9⤵PID:1768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe10⤵PID:3524
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 23610⤵PID:4156
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe9⤵PID:3492
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 2409⤵PID:4876
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 2208⤵
- Program crash
PID:1080
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7673.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe9⤵PID:2032
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33362.exe10⤵PID:3808
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe11⤵PID:5668
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 23611⤵PID:5960
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 23610⤵PID:4672
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5819.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5819.exe9⤵PID:3644
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 2409⤵PID:4124
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16794.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16794.exe8⤵PID:1688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe9⤵PID:3976
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 2369⤵
- Program crash
PID:4324
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 2408⤵
- Program crash
PID:2704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 2407⤵
- Program crash
PID:1556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 2406⤵
- Loads dropped DLL
- Program crash
PID:2152
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2440 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-39282.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39282.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9967.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9967.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26612.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26612.exe9⤵PID:1988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe10⤵PID:2752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe11⤵PID:3952
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 23611⤵
- Program crash
PID:4300
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe10⤵PID:3820
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 24010⤵PID:4244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 2369⤵
- Program crash
PID:828
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe9⤵PID:1576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe10⤵PID:888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe11⤵PID:3968
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 2408⤵
- Program crash
PID:1492
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe9⤵PID:2168
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe10⤵PID:3168
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 23610⤵PID:3936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 2369⤵
- Program crash
PID:3460
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe8⤵PID:2848
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 2408⤵
- Program crash
PID:3004
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 2407⤵
- Program crash
PID:2228
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1192 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53489.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53489.exe9⤵PID:2892
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe10⤵PID:3176
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 23610⤵PID:3796
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exe9⤵PID:3288
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 24010⤵PID:3688
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 2409⤵PID:4100
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe8⤵PID:2464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe9⤵PID:3200
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe10⤵PID:4052
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 23610⤵
- Program crash
PID:4348
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe9⤵PID:3996
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe10⤵PID:5600
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 23610⤵PID:5924
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 2409⤵
- Program crash
PID:4332
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 2408⤵
- Program crash
PID:2372
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe8⤵PID:3036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe9⤵PID:3308
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 2369⤵PID:3992
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe8⤵PID:3360
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe9⤵PID:5152
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 2049⤵PID:5448
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 2408⤵PID:4108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 2407⤵
- Program crash
PID:2548
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 2406⤵
- Program crash
PID:1724
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 2405⤵
- Loads dropped DLL
- Program crash
PID:3016
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2840 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe9⤵PID:1220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe10⤵PID:3848
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 23610⤵PID:4716
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe9⤵PID:3512
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe10⤵PID:5868
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 23610⤵PID:5956
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2409⤵PID:4228
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47739.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47739.exe8⤵PID:2132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe9⤵PID:3552
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 2369⤵PID:4188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 2408⤵
- Program crash
PID:2384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 2367⤵
- Program crash
PID:3068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 2166⤵
- Program crash
PID:2208
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 2447⤵
- Program crash
PID:1588
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56983.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56983.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1444 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe7⤵PID:2780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe8⤵PID:1976
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe9⤵PID:3736
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 2369⤵PID:4164
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe8⤵PID:3828
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 2208⤵
- Program crash
PID:4276
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48782.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48782.exe7⤵PID:1952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe8⤵PID:3652
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 2368⤵PID:4172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 2207⤵
- Program crash
PID:3108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 2406⤵
- Program crash
PID:864
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 2405⤵
- Program crash
PID:1700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:2792
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17393.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17393.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2632 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe9⤵PID:2928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe10⤵PID:3984
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 23610⤵
- Program crash
PID:4308
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe9⤵PID:3788
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 2409⤵
- Program crash
PID:4316
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 2368⤵
- Program crash
PID:1656
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23241.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23241.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:636 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe8⤵
- Executes dropped EXE
PID:2812 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe9⤵PID:2988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe10⤵PID:3960
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 23610⤵
- Program crash
PID:4292
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe9⤵PID:3744
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 2409⤵
- Program crash
PID:4268
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe8⤵PID:1376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe9⤵PID:3596
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 2369⤵PID:4236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 2408⤵
- Program crash
PID:3100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 2407⤵
- Program crash
PID:112
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe8⤵
- Suspicious use of SetWindowsHookEx
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3795.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3795.exe9⤵PID:1864
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe10⤵PID:3544
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 23610⤵PID:4204
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe9⤵PID:3708
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 2409⤵PID:4116
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe8⤵PID:1304
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 2409⤵
- Program crash
PID:4024
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 2408⤵
- Program crash
PID:3084
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe7⤵
- Suspicious use of SetWindowsHookEx
PID:2968 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe8⤵PID:2612
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe9⤵PID:3560
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 2369⤵PID:4884
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe8⤵PID:3716
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 2208⤵PID:4140
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 2407⤵
- Program crash
PID:1664
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 2406⤵
- Program crash
PID:2600
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1472 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:616 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe8⤵PID:2788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe9⤵PID:3136
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 20810⤵PID:5128
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 2369⤵PID:4028
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exe8⤵PID:3280
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 2408⤵PID:4640
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 2367⤵
- Program crash
PID:1612
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7097.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7097.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe7⤵PID:2952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe8⤵PID:3184
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 2368⤵PID:3816
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 2167⤵
- Program crash
PID:3124
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 2406⤵
- Program crash
PID:2680
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 2405⤵
- Program crash
PID:1540
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1568 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22370.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22370.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe6⤵
- Executes dropped EXE
PID:1612
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe8⤵PID:1980
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe9⤵PID:3660
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 2369⤵PID:4132
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe8⤵PID:3696
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 2408⤵
- Program crash
PID:4252
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe7⤵PID:1372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe8⤵PID:3876
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 2368⤵PID:5096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 2407⤵
- Program crash
PID:1068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 2406⤵
- Program crash
PID:2912
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11311.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11311.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe7⤵PID:1456
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe8⤵PID:2712
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 2409⤵PID:4180
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe8⤵PID:3484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49237.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49237.exe9⤵PID:4088
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 2208⤵PID:4212
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe7⤵PID:2772
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe8⤵PID:3536
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 2368⤵PID:4220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 2407⤵
- Program crash
PID:3252
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe6⤵PID:2760
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe7⤵PID:2916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe8⤵PID:3860
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 2168⤵PID:4800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 2367⤵
- Program crash
PID:3588
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2406⤵
- Program crash
PID:3048
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 2405⤵
- Program crash
PID:960
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:3028
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:1696
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe2⤵
- Executes dropped EXE
PID:2880
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 2402⤵
- Program crash
PID:2648
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD5cfb9a6bf989c4d191b2cfd709f4298a5
SHA1c27140b76127f5beea26444c77652b73039c6104
SHA256c10e2acf2b7ca0d98e5521e8cf13636edb0b17e9edc02643ad1ae942a375a986
SHA5124fd87854b77553f08fb378edf73a9f2d9dc24f6980de37d25f32c4c3e965adb9726cabf39102f3381bb461c68fd8cada9ab6aa6a52d0d2fadbde94c7de33ab67
-
Filesize
184KB
MD581cd787ec9c4a3d95f26a2b046284c30
SHA1db00c285b55ff957be124e7f852a7b80257c6784
SHA2561372ce69ff30ec9c6a821b315df071fd2c94dd41d217c46b2646b439e14ccf84
SHA512c8f85b23d19bc4ebd3568ccd287fbc45444dd09e576726f295a766c66ef7fcd4b2ee47ea5292de01796881d4f85c3eb910e8fd7aadf85a6c4c742cc4fbd3584f
-
Filesize
184KB
MD57c9cae7c5b3f26b3cd0b75935423a78c
SHA142d56b1f7b118b3c757197ac0cdf5a82a0101a60
SHA25680d1d6823969281e38f319a4ee759d468b1173eb96dc97204c1b6af97b653955
SHA5127ab76e87aa6b9824944e3d9252ecb607d8be61c96dde52a9c7055cf48ac3f54142003120422364794c573d002b4070f347ea6a03a48f76c0a9ebe530fdad3742
-
Filesize
184KB
MD5249292fb850c0f34a1e2c6f07efa8512
SHA1b6c97e18cc6d7c1cb5585b9bdbb9171942ed3237
SHA25613de346fe95e8da375475bb835f1aab17525a94a57be77748f9958a6a9baba1e
SHA5129e58e552e1b3d46fd0f60d22f11c2dc83c5e69ced1b0be501a76362f8c2d32c7ff13b93e5f95fe2e4c10091770cd15e57a3f0d7d462ae89a4f7925e10e185f97
-
Filesize
184KB
MD500d3639929d91eaac714a43c0f5cd97a
SHA1af20bcd2c515a73ff32173c9d06e3aca192ad2d7
SHA256fd0d898d112ddb50b3d492951541aaf11e708787dac29902ed645e43ff8e6133
SHA5128347caa8fe80e362bd6cf1b69980a20c71c8f012f1e2b342b70f84213f392ec97cd7f64e9c001b3cf41ad544f89e4d2502179e6632714428e1dd12d41a467145
-
Filesize
184KB
MD5c15a5eb30f01c5b0abaa5a2680593d20
SHA15d3a7fbc771d01ab0e5c01e78e2efd70b1a05ceb
SHA2565dd66e4cb8c19cb67829ddeb3acc215308b9865be0c16398bd34de317720a88a
SHA512120dead4cf7f4e3110999fc0534c6744e1f094dc6edda967e288ab9bae844608438c1816dfbe262269f145a0affbcd9907feeab9f905836b6e1763d1c179ce3e
-
Filesize
184KB
MD5e98e4ba544e9a726a8dbe507cd0be8ce
SHA1ec2fd5de408b0a5097c8e5f55f739226fe5e1c69
SHA2569c4679ba3c2df242c14418a4269387038f352b725b434ab60eff607b74538457
SHA5129cf859bc19dadcf8aa624833576b17a4dfbb433913e09cdd097fbe2712ee70afe1d15e008edd4b4e554f4d6c3d9bcbde4f3ae1cf49e788c2dcbb62106391f09c
-
Filesize
184KB
MD587b24cfdaffcb65696c0e56e2f74aac8
SHA117eb528056545c011d70675096f8130145172471
SHA2563714f37bf155b1951867112b0a4384e3bbc0420efde0701229dffb5451d24edb
SHA5127dba9883f172d2e8813185a368ef97113837dbee830d5ce0de32968027dca72356f4944bcdc7b83120b1fa09c4e896b2d35adcfaf945cfe1e8e0f84b6c39e972
-
Filesize
184KB
MD53b717b07480d51702caf23edf92775df
SHA15d1a4f9162e03f9ed095ea979d2ee683df57cd82
SHA25653919618d03db21bf594e719819cb8067a3a86260a9b9274dcbfa6396dcf4c01
SHA512c1137f1a78a9dd51fe393c27e497f1d5cf42710a579e3b7da779dd0d43a5a5aa1e0e33ab622300f09667092ed7b9b59ab18ccc6125d8e9b61eca8239800e0795
-
Filesize
184KB
MD5891c419ecf8c89009cf1ce339bf425c1
SHA189e263cb4f23634d5d3d005b8a5a5611f7a334af
SHA256f5d35164b8d517c50665f816ce4ce2d9ed2ef2f0b4577b1a45b3d00054cd2221
SHA512c312a78c94c0d04403ef7de0224109100bdc1cd91aba22358164bd5003bf21d7791551ce38e9ba341ee04a390dd4784afabacf8de22eabe366a47b1e407f06c3
-
Filesize
184KB
MD5312ab577d00b9b383840587db14afb54
SHA19f89f05962d7e0e3a4ac2f84dbb98fc93eb11cd1
SHA2565887d19519727c6bf6abf1c81c73ea063b6728c898fb260200392e4df88304e9
SHA512208b15243749b5aef0c1aa93304da0716901846053cf2f8af19fb84b2d2da314fa1fb31b45899e61b387971b4995d98e59f8ecdad9f4a64732016f3ca1481f37
-
Filesize
184KB
MD56e412350772af26789979573d4ea4dcb
SHA11fb3795cab34f4c10c74c8bde13b87c344e5e515
SHA2569f32707fc7bf53ee7c144691645ba93cc5904abd5e952414bd9b69723ab41b77
SHA51229724b216870644f2828ef6c67c052a8f32daa8cf666494a99ac8580af5f5f39eab325fc94ad88df53a949e78f44d44f225024475f32fe6394af7f8ab9fc096d
-
Filesize
184KB
MD5167474952000370d3866beb02415e0df
SHA1a55e484c314ed8435191933aa5bfd9f47c6da6bf
SHA256d069870e942850cd8d1feefc377e06d0453bfe0352807f65e0a7f03413a3b5d7
SHA5125abb98222b290fc76ff3704cf145ed26a8319a864f5dd24a46c531f1df174679e3698d9a331f643854dba2bfce1e7be067099aafac6f2d227922d2d5744ab710
-
Filesize
184KB
MD5ea4c70f253b067320c85298cc1cc818a
SHA1c1eec6cdcad8de21b8d6a17d04d758e467953b07
SHA2561d0e383f2305038ca1246b46767247f82cc866e686292f6046c91cae32f3c81e
SHA512c0c3b4639f4a0efc1e80245875f21d9190c720a9e9a8febe9c468ccf0533d1a940f41de427adb2bfe45b80172c366e185b57ebad09d70d4fbd0d491c19c9a910