Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 03:50
Static task
static1
Behavioral task
behavioral1
Sample
ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe
Resource
win10v2004-20240426-en
General
-
Target
ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe
-
Size
184KB
-
MD5
0aa5f88a38bda3719246c3eba1d3b81f
-
SHA1
5bcb9cf68d00d270e79e257bf4a72a7200ff4880
-
SHA256
ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826
-
SHA512
0048e90a02237db77df693ee551df205231eb4125b9654003accc65d8490323d9873031e97e4c79acd8d4d09045a7c562893afd6d2b7a33959f3fcbc8f613a2f
-
SSDEEP
3072:SVCmRn8on7HNTioaWe3/vBRsShlnViFfn3:SVKoBuoapvHsShlnViFf
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 996 Unicorn-61139.exe 2532 Unicorn-51461.exe 2584 Unicorn-64268.exe 2716 Unicorn-63428.exe 2732 Unicorn-27034.exe 2440 Unicorn-30564.exe 2708 Unicorn-39936.exe 2792 Unicorn-2281.exe 2896 Unicorn-28883.exe 2236 Unicorn-12354.exe 2004 Unicorn-58026.exe 1136 Unicorn-18162.exe 2972 Unicorn-47305.exe 936 Unicorn-53522.exe 2968 Unicorn-33656.exe 2204 Unicorn-35541.exe 2276 Unicorn-19890.exe 1488 Unicorn-36418.exe 1144 Unicorn-48348.exe 2160 Unicorn-32721.exe 1040 Unicorn-63940.exe 1664 Unicorn-44952.exe 1876 Unicorn-14355.exe 812 Unicorn-31953.exe 916 Unicorn-63748.exe 1952 Unicorn-47220.exe 2884 Unicorn-27354.exe 1976 Unicorn-62715.exe 2368 Unicorn-62715.exe 2388 Unicorn-33380.exe 1028 Unicorn-14775.exe 2140 Unicorn-34641.exe 2768 Unicorn-24496.exe 2756 Unicorn-36918.exe 2460 Unicorn-40448.exe 2488 Unicorn-4246.exe 2504 Unicorn-55331.exe 1996 Unicorn-6322.exe 2704 Unicorn-54106.exe 2776 Unicorn-24003.exe 884 Unicorn-57059.exe 1856 Unicorn-23318.exe 1200 Unicorn-7858.exe 1032 Unicorn-11065.exe 1768 Unicorn-42668.exe 2660 Unicorn-46198.exe 288 Unicorn-47459.exe 1640 Unicorn-14594.exe 1316 Unicorn-13717.exe 2928 Unicorn-10681.exe 2536 Unicorn-10681.exe 2912 Unicorn-30547.exe 420 Unicorn-36463.exe 1928 Unicorn-48201.exe 2000 Unicorn-53458.exe 296 Unicorn-37314.exe 2040 Unicorn-3873.exe 2320 Unicorn-17064.exe 1064 Unicorn-20594.exe 2852 Unicorn-33400.exe 2596 Unicorn-53266.exe 2512 Unicorn-16488.exe 3008 Unicorn-3489.exe 2648 Unicorn-37973.exe -
Loads dropped DLL 64 IoCs
pid Process 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 996 Unicorn-61139.exe 996 Unicorn-61139.exe 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 2532 Unicorn-51461.exe 2532 Unicorn-51461.exe 996 Unicorn-61139.exe 996 Unicorn-61139.exe 2584 Unicorn-64268.exe 2584 Unicorn-64268.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2936 WerFault.exe 2716 Unicorn-63428.exe 2716 Unicorn-63428.exe 2532 Unicorn-51461.exe 2532 Unicorn-51461.exe 2440 Unicorn-30564.exe 2440 Unicorn-30564.exe 2732 Unicorn-27034.exe 2732 Unicorn-27034.exe 2584 Unicorn-64268.exe 2584 Unicorn-64268.exe 1444 WerFault.exe 1444 WerFault.exe 1444 WerFault.exe 1444 WerFault.exe 1272 WerFault.exe 1272 WerFault.exe 1272 WerFault.exe 1272 WerFault.exe 1444 WerFault.exe 1272 WerFault.exe 2708 Unicorn-39936.exe 2708 Unicorn-39936.exe 2716 Unicorn-63428.exe 2716 Unicorn-63428.exe 2896 Unicorn-28883.exe 2896 Unicorn-28883.exe 2440 Unicorn-30564.exe 2440 Unicorn-30564.exe 2792 Unicorn-2281.exe 2792 Unicorn-2281.exe 2004 Unicorn-58026.exe 2004 Unicorn-58026.exe 2236 Unicorn-12354.exe 2236 Unicorn-12354.exe 2732 Unicorn-27034.exe 2732 Unicorn-27034.exe 1088 WerFault.exe 1088 WerFault.exe 1088 WerFault.exe 1088 WerFault.exe 1088 WerFault.exe 1744 WerFault.exe 1744 WerFault.exe 1744 WerFault.exe 1744 WerFault.exe 1128 WerFault.exe 1128 WerFault.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 2568 2128 WerFault.exe 27 2936 996 WerFault.exe 28 1444 2532 WerFault.exe 29 1272 2584 WerFault.exe 30 1088 2716 WerFault.exe 32 1744 2440 WerFault.exe 34 1128 2732 WerFault.exe 33 1964 2708 WerFault.exe 36 2324 2896 WerFault.exe 38 2284 2792 WerFault.exe 37 2400 2004 WerFault.exe 40 2764 2236 WerFault.exe 39 1492 2972 WerFault.exe 44 572 1136 WerFault.exe 43 2864 2968 WerFault.exe 46 352 2204 WerFault.exe 47 1248 936 WerFault.exe 45 772 2276 WerFault.exe 48 620 1488 WerFault.exe 49 304 1144 WerFault.exe 50 2720 2160 WerFault.exe 54 2984 1040 WerFault.exe 55 2908 1876 WerFault.exe 57 2332 1664 WerFault.exe 56 2964 2368 WerFault.exe 63 2944 2884 WerFault.exe 60 604 916 WerFault.exe 59 2136 812 WerFault.exe 58 2664 1028 WerFault.exe 66 2392 1952 WerFault.exe 61 1604 2140 WerFault.exe 65 1832 2388 WerFault.exe 64 2624 1976 WerFault.exe 62 1724 2768 WerFault.exe 70 3472 2776 WerFault.exe 79 3552 2756 WerFault.exe 72 3668 288 WerFault.exe 86 3780 884 WerFault.exe 80 3872 1856 WerFault.exe 81 3972 1928 WerFault.exe 96 4008 2660 WerFault.exe 85 4016 1316 WerFault.exe 87 4044 1032 WerFault.exe 83 3088 2648 WerFault.exe 111 3112 2852 WerFault.exe 107 3120 2644 WerFault.exe 112 3180 2380 WerFault.exe 147 3208 2000 WerFault.exe 102 3308 2040 WerFault.exe 104 3296 2512 WerFault.exe 109 3560 2192 WerFault.exe 114 3568 1768 WerFault.exe 84 3600 1640 WerFault.exe 88 3652 1064 WerFault.exe 106 3728 2416 WerFault.exe 116 3768 1312 WerFault.exe 117 3772 2320 WerFault.exe 105 4052 2704 WerFault.exe 78 3144 1324 WerFault.exe 118 3540 1728 WerFault.exe 120 3688 880 WerFault.exe 128 3828 1364 WerFault.exe 125 3176 2504 WerFault.exe 76 3248 1360 WerFault.exe 126 -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 996 Unicorn-61139.exe 2532 Unicorn-51461.exe 2584 Unicorn-64268.exe 2716 Unicorn-63428.exe 2732 Unicorn-27034.exe 2440 Unicorn-30564.exe 2708 Unicorn-39936.exe 2896 Unicorn-28883.exe 2792 Unicorn-2281.exe 2236 Unicorn-12354.exe 2004 Unicorn-58026.exe 2972 Unicorn-47305.exe 1136 Unicorn-18162.exe 2968 Unicorn-33656.exe 936 Unicorn-53522.exe 2204 Unicorn-35541.exe 2276 Unicorn-19890.exe 1488 Unicorn-36418.exe 1144 Unicorn-48348.exe 2160 Unicorn-32721.exe 1040 Unicorn-63940.exe 1664 Unicorn-44952.exe 1876 Unicorn-14355.exe 916 Unicorn-63748.exe 812 Unicorn-31953.exe 2884 Unicorn-27354.exe 1976 Unicorn-62715.exe 1952 Unicorn-47220.exe 2368 Unicorn-62715.exe 1028 Unicorn-14775.exe 2388 Unicorn-33380.exe 2140 Unicorn-34641.exe 2768 Unicorn-24496.exe 2756 Unicorn-36918.exe 2460 Unicorn-40448.exe 2488 Unicorn-4246.exe 2504 Unicorn-55331.exe 1996 Unicorn-6322.exe 2704 Unicorn-54106.exe 2776 Unicorn-24003.exe 884 Unicorn-57059.exe 1856 Unicorn-23318.exe 1200 Unicorn-7858.exe 1032 Unicorn-11065.exe 288 Unicorn-47459.exe 1768 Unicorn-42668.exe 1640 Unicorn-14594.exe 2660 Unicorn-46198.exe 2928 Unicorn-10681.exe 1316 Unicorn-13717.exe 2536 Unicorn-10681.exe 2912 Unicorn-30547.exe 420 Unicorn-36463.exe 1928 Unicorn-48201.exe 2000 Unicorn-53458.exe 296 Unicorn-37314.exe 2040 Unicorn-3873.exe 2320 Unicorn-17064.exe 1064 Unicorn-20594.exe 2852 Unicorn-33400.exe 2596 Unicorn-53266.exe 2512 Unicorn-16488.exe 3008 Unicorn-3489.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2128 wrote to memory of 996 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 28 PID 2128 wrote to memory of 996 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 28 PID 2128 wrote to memory of 996 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 28 PID 2128 wrote to memory of 996 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 28 PID 996 wrote to memory of 2532 996 Unicorn-61139.exe 29 PID 996 wrote to memory of 2532 996 Unicorn-61139.exe 29 PID 996 wrote to memory of 2532 996 Unicorn-61139.exe 29 PID 996 wrote to memory of 2532 996 Unicorn-61139.exe 29 PID 2128 wrote to memory of 2584 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 30 PID 2128 wrote to memory of 2584 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 30 PID 2128 wrote to memory of 2584 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 30 PID 2128 wrote to memory of 2584 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 30 PID 2128 wrote to memory of 2568 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 31 PID 2128 wrote to memory of 2568 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 31 PID 2128 wrote to memory of 2568 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 31 PID 2128 wrote to memory of 2568 2128 ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe 31 PID 2532 wrote to memory of 2716 2532 Unicorn-51461.exe 32 PID 2532 wrote to memory of 2716 2532 Unicorn-51461.exe 32 PID 2532 wrote to memory of 2716 2532 Unicorn-51461.exe 32 PID 2532 wrote to memory of 2716 2532 Unicorn-51461.exe 32 PID 996 wrote to memory of 2732 996 Unicorn-61139.exe 33 PID 996 wrote to memory of 2732 996 Unicorn-61139.exe 33 PID 996 wrote to memory of 2732 996 Unicorn-61139.exe 33 PID 996 wrote to memory of 2732 996 Unicorn-61139.exe 33 PID 2584 wrote to memory of 2440 2584 Unicorn-64268.exe 34 PID 2584 wrote to memory of 2440 2584 Unicorn-64268.exe 34 PID 2584 wrote to memory of 2440 2584 Unicorn-64268.exe 34 PID 2584 wrote to memory of 2440 2584 Unicorn-64268.exe 34 PID 996 wrote to memory of 2936 996 Unicorn-61139.exe 35 PID 996 wrote to memory of 2936 996 Unicorn-61139.exe 35 PID 996 wrote to memory of 2936 996 Unicorn-61139.exe 35 PID 996 wrote to memory of 2936 996 Unicorn-61139.exe 35 PID 2716 wrote to memory of 2708 2716 Unicorn-63428.exe 36 PID 2716 wrote to memory of 2708 2716 Unicorn-63428.exe 36 PID 2716 wrote to memory of 2708 2716 Unicorn-63428.exe 36 PID 2716 wrote to memory of 2708 2716 Unicorn-63428.exe 36 PID 2532 wrote to memory of 2792 2532 Unicorn-51461.exe 37 PID 2532 wrote to memory of 2792 2532 Unicorn-51461.exe 37 PID 2532 wrote to memory of 2792 2532 Unicorn-51461.exe 37 PID 2532 wrote to memory of 2792 2532 Unicorn-51461.exe 37 PID 2440 wrote to memory of 2896 2440 Unicorn-30564.exe 38 PID 2440 wrote to memory of 2896 2440 Unicorn-30564.exe 38 PID 2440 wrote to memory of 2896 2440 Unicorn-30564.exe 38 PID 2440 wrote to memory of 2896 2440 Unicorn-30564.exe 38 PID 2732 wrote to memory of 2236 2732 Unicorn-27034.exe 39 PID 2732 wrote to memory of 2236 2732 Unicorn-27034.exe 39 PID 2732 wrote to memory of 2236 2732 Unicorn-27034.exe 39 PID 2732 wrote to memory of 2236 2732 Unicorn-27034.exe 39 PID 2584 wrote to memory of 2004 2584 Unicorn-64268.exe 40 PID 2584 wrote to memory of 2004 2584 Unicorn-64268.exe 40 PID 2584 wrote to memory of 2004 2584 Unicorn-64268.exe 40 PID 2584 wrote to memory of 2004 2584 Unicorn-64268.exe 40 PID 2532 wrote to memory of 1444 2532 Unicorn-51461.exe 41 PID 2532 wrote to memory of 1444 2532 Unicorn-51461.exe 41 PID 2532 wrote to memory of 1444 2532 Unicorn-51461.exe 41 PID 2532 wrote to memory of 1444 2532 Unicorn-51461.exe 41 PID 2584 wrote to memory of 1272 2584 Unicorn-64268.exe 42 PID 2584 wrote to memory of 1272 2584 Unicorn-64268.exe 42 PID 2584 wrote to memory of 1272 2584 Unicorn-64268.exe 42 PID 2584 wrote to memory of 1272 2584 Unicorn-64268.exe 42 PID 2708 wrote to memory of 1136 2708 Unicorn-39936.exe 43 PID 2708 wrote to memory of 1136 2708 Unicorn-39936.exe 43 PID 2708 wrote to memory of 1136 2708 Unicorn-39936.exe 43 PID 2708 wrote to memory of 1136 2708 Unicorn-39936.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe"C:\Users\Admin\AppData\Local\Temp\ddfaafd154bf2a2b10e5f1e008f4ba8154b3fab5640a8f28ea52b12d531de826.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:996 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1064 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe10⤵PID:1708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe11⤵PID:3880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe12⤵PID:5740
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe13⤵PID:8048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe14⤵PID:9348
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 23614⤵PID:5148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 21613⤵PID:8532
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 21612⤵PID:7084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 23611⤵PID:5388
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 23610⤵
- Program crash
PID:3652
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe9⤵PID:2840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64972.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64972.exe10⤵PID:5072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe11⤵PID:6000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe12⤵PID:7592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe13⤵PID:10044
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 21613⤵PID:10388
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 21612⤵PID:8964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 21611⤵PID:6224
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 21610⤵PID:5360
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 2409⤵PID:4752
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-163.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-163.exe9⤵PID:2380
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 24010⤵
- Program crash
PID:3180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 2369⤵
- Program crash
PID:3112
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 2408⤵
- Program crash
PID:2984
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:296 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe9⤵PID:3940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe10⤵PID:4108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe11⤵PID:5336
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe12⤵PID:7528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe13⤵PID:10056
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 21613⤵PID:10112
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 21612⤵PID:8492
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 23611⤵PID:6820
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 21610⤵PID:4552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 2169⤵PID:4360
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37443.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37443.exe8⤵PID:2788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exe9⤵PID:4268
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe10⤵PID:5376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58249.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58249.exe11⤵PID:7928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe12⤵PID:9904
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 21612⤵PID:3432
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 21611⤵PID:9080
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 21610⤵PID:6644
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 2169⤵PID:5512
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 2408⤵PID:4432
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 2407⤵
- Program crash
PID:572
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe9⤵PID:780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45086.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45086.exe10⤵PID:3108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe11⤵PID:5828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe12⤵PID:8136
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe13⤵PID:9984
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 21613⤵PID:10356
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21612⤵PID:8876
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 23611⤵PID:6180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 23610⤵PID:4716
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 2369⤵
- Program crash
PID:3308
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe8⤵PID:2084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe9⤵PID:4556
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47934.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47934.exe10⤵PID:6312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe11⤵PID:7940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe12⤵PID:7896
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 22012⤵PID:11044
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 21611⤵PID:9224
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 21610⤵PID:7304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 2369⤵PID:6024
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 2408⤵
- Program crash
PID:3176
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe8⤵PID:3128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe9⤵PID:4124
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50274.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50274.exe10⤵PID:5872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe11⤵PID:8156
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 22012⤵PID:10148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 21611⤵PID:8584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 21610⤵PID:7116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 2169⤵PID:5520
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 2368⤵
- Program crash
PID:3772
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 2407⤵
- Program crash
PID:2332
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 2406⤵
- Program crash
PID:1964
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:420 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe9⤵PID:2540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe10⤵PID:3488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe11⤵PID:4696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe12⤵PID:6232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2925.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2925.exe13⤵PID:7752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe14⤵PID:11092
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 21614⤵PID:6032
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 21613⤵PID:5844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 23612⤵PID:7244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 21611⤵PID:5472
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 21610⤵PID:3416
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe9⤵PID:3588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe10⤵PID:4904
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe11⤵PID:6348
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe12⤵PID:7644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe13⤵PID:10316
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 21612⤵PID:8828
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 21611⤵PID:7312
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 21610⤵PID:5772
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 420 -s 2209⤵PID:4304
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe8⤵PID:2816
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe9⤵PID:3900
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe10⤵PID:4724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe11⤵PID:6668
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe12⤵PID:8840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe13⤵PID:5808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 23612⤵PID:9800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 21611⤵PID:7648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 21610⤵PID:6256
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 2369⤵PID:4792
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2408⤵
- Program crash
PID:1724
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe8⤵PID:3060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe9⤵PID:3148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe10⤵PID:5408
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22899.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22899.exe11⤵PID:7628
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe12⤵PID:10136
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe12⤵PID:10224
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 22012⤵PID:10620
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 21611⤵PID:8548
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 21610⤵PID:6904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 2169⤵PID:4868
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 2368⤵
- Program crash
PID:3972
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 2407⤵
- Program crash
PID:2720
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe8⤵PID:2612
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe9⤵PID:3664
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe10⤵PID:5788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe11⤵PID:8052
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe12⤵PID:9232
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 21612⤵PID:10304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 21611⤵PID:8832
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 21610⤵PID:5140
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 2369⤵PID:4144
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 2368⤵
- Program crash
PID:3208
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe7⤵PID:2656
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe8⤵PID:3720
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11493.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11493.exe9⤵PID:5328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe10⤵PID:7796
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe11⤵PID:2556
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 21611⤵PID:10824
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 21610⤵PID:9056
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 2169⤵PID:6596
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 2168⤵PID:5164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 2407⤵
- Program crash
PID:3552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 2406⤵
- Program crash
PID:1492
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 2405⤵
- Loads dropped DLL
- Program crash
PID:1088
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2792 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe8⤵PID:896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe9⤵PID:872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe10⤵PID:4572
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe11⤵PID:6760
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe12⤵PID:7812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe13⤵PID:10220
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 21613⤵PID:11148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 21612⤵PID:8476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 21611⤵PID:7880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 21610⤵PID:5280
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 2369⤵PID:4528
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe8⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe9⤵PID:5000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe10⤵PID:6688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe11⤵PID:7672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe12⤵PID:10444
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 22012⤵PID:11108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 21611⤵PID:9256
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 21610⤵PID:7708
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 2169⤵PID:5456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 2208⤵PID:4644
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe7⤵PID:1312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe8⤵PID:1748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe9⤵PID:2784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe10⤵PID:5256
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe11⤵PID:7556
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe12⤵PID:10088
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 21612⤵PID:3464
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 23611⤵PID:8540
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 21610⤵PID:6536
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 2169⤵PID:4636
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 2368⤵
- Program crash
PID:3768
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 2407⤵
- Program crash
PID:2136
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe7⤵PID:2416
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe8⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exe9⤵PID:3928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe10⤵PID:5952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe11⤵PID:8000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13207.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13207.exe12⤵PID:10020
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 21612⤵PID:10816
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 21611⤵PID:8812
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 21610⤵PID:6356
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 2369⤵PID:5200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 2368⤵
- Program crash
PID:3728
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe7⤵PID:1700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe8⤵PID:3808
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe9⤵PID:5912
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe10⤵PID:7876
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10571.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10571.exe11⤵PID:10076
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 21610⤵PID:9096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 2169⤵PID:6864
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 2168⤵PID:5396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 2407⤵
- Program crash
PID:3568
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 2406⤵
- Program crash
PID:352
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe7⤵
- Executes dropped EXE
PID:2648 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-65508.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65508.exe8⤵PID:2088
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 2209⤵PID:4768
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 2368⤵
- Program crash
PID:3088
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe7⤵PID:2104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe8⤵PID:3188
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe9⤵PID:5448
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe10⤵PID:7660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe11⤵PID:10028
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 21611⤵PID:10152
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 21610⤵PID:8576
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 2369⤵PID:6912
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 2168⤵PID:4888
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 2407⤵
- Program crash
PID:3780
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exe6⤵PID:2644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe7⤵PID:2812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe8⤵PID:4092
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52967.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52967.exe9⤵PID:5260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe10⤵PID:7480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe11⤵PID:9976
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 21611⤵PID:2248
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 21610⤵PID:8384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 2369⤵PID:6720
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 2368⤵PID:4680
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 2367⤵
- Program crash
PID:3120
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 2406⤵
- Program crash
PID:2944
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 2405⤵
- Program crash
PID:2284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1444
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2236 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1488 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe8⤵PID:1324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe9⤵PID:3192
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe10⤵PID:4172
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe11⤵PID:5584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe12⤵PID:7788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe13⤵PID:10172
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 21613⤵PID:9688
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 21612⤵PID:8648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 21611⤵PID:7004
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 23610⤵PID:3084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 2369⤵
- Program crash
PID:3144
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe8⤵PID:3228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe9⤵PID:3956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe10⤵PID:6056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe11⤵PID:7576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe12⤵PID:9872
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 21612⤵PID:10832
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 21611⤵PID:8944
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 21610⤵PID:6416
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 2169⤵PID:4564
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 2408⤵
- Program crash
PID:4008
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34142.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34142.exe7⤵PID:1692
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe8⤵PID:3756
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe9⤵PID:5004
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe10⤵PID:6280
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe11⤵PID:7344
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe12⤵PID:11248
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 21612⤵PID:6108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 21611⤵PID:8868
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 21610⤵PID:7296
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 2369⤵PID:5836
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 2368⤵PID:4344
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 2407⤵
- Program crash
PID:1832
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe7⤵PID:1360
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe8⤵PID:3520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe9⤵PID:4656
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe10⤵PID:5612
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe11⤵PID:7844
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe12⤵PID:10228
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 21612⤵PID:10288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 21611⤵PID:8692
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 23610⤵PID:7100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 2369⤵PID:4264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 2368⤵
- Program crash
PID:3248
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe7⤵PID:3616
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43104.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43104.exe8⤵PID:4728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe9⤵PID:6396
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe10⤵PID:8332
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe11⤵PID:5700
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 21611⤵PID:7368
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 21610⤵PID:9392
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 2169⤵PID:7384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 2368⤵PID:5504
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 2407⤵PID:3852
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 2406⤵
- Program crash
PID:620
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-30547.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30547.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe7⤵PID:2056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe8⤵PID:2484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11749.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11749.exe9⤵PID:5104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe10⤵PID:6628
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe11⤵PID:7284
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe12⤵PID:11016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 21611⤵PID:8612
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 21610⤵PID:7600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 2169⤵PID:5908
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 2368⤵PID:4368
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe7⤵PID:1872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe8⤵PID:4292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11250.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11250.exe9⤵PID:7076
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38860.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38860.exe10⤵PID:9104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe11⤵PID:7216
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 23610⤵PID:9700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 2169⤵PID:7488
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 2168⤵PID:5964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 2407⤵PID:4828
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe6⤵PID:716
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe7⤵PID:3252
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe8⤵PID:3796
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe9⤵PID:5748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46931.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46931.exe10⤵PID:7932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe11⤵PID:9600
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 21611⤵PID:10296
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 21610⤵PID:8748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 2369⤵PID:7136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 2368⤵PID:4300
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe7⤵PID:3548
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44467.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44467.exe8⤵PID:5900
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe9⤵PID:8164
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13207.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13207.exe10⤵PID:10000
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 21610⤵PID:10808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 2169⤵PID:8884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 2368⤵PID:6276
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 2207⤵PID:4384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 2406⤵
- Program crash
PID:2664
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 2405⤵
- Program crash
PID:2764
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48348.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48348.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14594.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14594.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe7⤵PID:2868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe8⤵PID:2516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe9⤵PID:4744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe10⤵PID:6436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe11⤵PID:8404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe12⤵PID:10556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 21611⤵PID:9400
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 21610⤵PID:7428
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 2169⤵PID:5716
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 2168⤵PID:4608
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe7⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe8⤵PID:3800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe9⤵PID:5688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe10⤵PID:7964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe11⤵PID:10160
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 22011⤵PID:10472
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 21610⤵PID:9136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 2369⤵PID:6784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 2368⤵PID:5488
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 2407⤵
- Program crash
PID:3600
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe6⤵PID:1364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe7⤵PID:3404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe8⤵PID:4272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe9⤵PID:5536
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe10⤵PID:7852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe11⤵PID:10108
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 21611⤵PID:10900
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 21610⤵PID:8488
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 2169⤵PID:7032
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 2168⤵PID:5676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 2167⤵
- Program crash
PID:3828
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 2406⤵
- Program crash
PID:1604
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 2365⤵
- Program crash
PID:304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1128
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:2936
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2896 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe8⤵PID:504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe9⤵PID:3388
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 24010⤵PID:5572
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 2168⤵
- Program crash
PID:3872
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe7⤵PID:3056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe8⤵PID:2496
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exe9⤵PID:4196
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe10⤵PID:6540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe11⤵PID:8460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe12⤵PID:10440
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 21611⤵PID:9408
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 2169⤵PID:6044
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 2368⤵PID:4424
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 2407⤵
- Program crash
PID:604
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe7⤵PID:1764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe8⤵PID:3644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe9⤵PID:4892
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe10⤵PID:5368
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57564.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57564.exe11⤵PID:7988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe12⤵PID:9484
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 22012⤵PID:10700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 21611⤵PID:8424
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 21610⤵PID:7000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 2169⤵PID:5544
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 2368⤵PID:4284
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe7⤵PID:3680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45086.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45086.exe8⤵PID:3160
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe9⤵PID:6048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe10⤵PID:7732
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe11⤵PID:10048
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 21611⤵PID:10400
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 21610⤵PID:9040
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 2169⤵PID:6424
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 2168⤵PID:4652
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 2407⤵
- Program crash
PID:4044
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 2406⤵
- Program crash
PID:1248
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe7⤵PID:880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe8⤵PID:3376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe9⤵PID:3896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe10⤵PID:5968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe11⤵PID:8104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe12⤵PID:9876
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 21612⤵PID:9860
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 23611⤵PID:9208
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 21610⤵PID:6888
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 2169⤵PID:5320
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 2368⤵
- Program crash
PID:3688
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe7⤵PID:3440
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe8⤵PID:3076
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12178.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12178.exe9⤵PID:5840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe10⤵PID:8080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe11⤵PID:9924
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 21611⤵PID:10372
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 2169⤵PID:6228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 2168⤵PID:4616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 2407⤵
- Program crash
PID:4016
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56146.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56146.exe6⤵PID:2412
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47369.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47369.exe7⤵PID:3812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe8⤵PID:4340
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe9⤵PID:6588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe10⤵PID:1736
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45189.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45189.exe11⤵PID:11220
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 21611⤵PID:11040
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 21610⤵PID:8292
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 2169⤵PID:7580
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 2168⤵PID:5276
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 2367⤵PID:4464
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 2206⤵
- Program crash
PID:2624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 2405⤵
- Program crash
PID:2324
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe8⤵PID:2560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe9⤵PID:4456
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe10⤵PID:6116
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe11⤵PID:7640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe12⤵PID:9960
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 21612⤵PID:10364
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 21611⤵PID:9012
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 21610⤵PID:6448
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 2169⤵PID:5436
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 2368⤵PID:4480
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe7⤵PID:2528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11173.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11173.exe8⤵PID:4152
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6761.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6761.exe9⤵PID:6656
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe10⤵PID:2448
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe11⤵PID:10488
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 22011⤵PID:11100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 23610⤵PID:9264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 2169⤵PID:7612
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 2168⤵PID:5948
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 2407⤵PID:4416
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe7⤵PID:1460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe8⤵PID:3216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe9⤵PID:6072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39365.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39365.exe10⤵PID:7572
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe11⤵PID:10508
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 23611⤵PID:10840
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 23610⤵PID:8760
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 2169⤵PID:6556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 2368⤵PID:4100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 2167⤵
- Program crash
PID:3296
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 2406⤵
- Program crash
PID:2908
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe7⤵PID:2188
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe8⤵PID:4712
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe9⤵PID:6868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe10⤵PID:8788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe11⤵PID:7096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 21610⤵PID:9584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 2169⤵PID:8108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 2168⤵PID:5620
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 2367⤵PID:4592
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38704.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38704.exe6⤵PID:1464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exe7⤵PID:4240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe8⤵PID:6068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19407.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19407.exe9⤵PID:836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe10⤵PID:9912
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 21610⤵PID:10872
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 2169⤵PID:8088
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 2168⤵PID:6928
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 2167⤵PID:5656
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2406⤵
- Program crash
PID:4052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 2405⤵
- Program crash
PID:2864
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1744
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2004 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47459.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47459.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:288 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 2207⤵
- Program crash
PID:3668
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe6⤵PID:1728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe7⤵PID:3324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exe8⤵PID:3916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe9⤵PID:5756
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe10⤵PID:7736
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe11⤵PID:10200
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 21611⤵PID:10248
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 21610⤵PID:8632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 2169⤵PID:7144
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 2168⤵PID:4808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 2367⤵
- Program crash
PID:3540
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 2406⤵
- Program crash
PID:2392
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe6⤵PID:904
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe7⤵PID:1036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe8⤵PID:3752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe9⤵PID:6840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe10⤵PID:8508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe11⤵PID:6488
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 21610⤵PID:9424
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 2169⤵PID:8116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 2168⤵PID:5444
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 2367⤵PID:4840
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe6⤵PID:1880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe7⤵PID:4440
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23072.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23072.exe8⤵PID:6952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe9⤵PID:8724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe10⤵PID:7068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 2169⤵PID:9524
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 2168⤵PID:8188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 2167⤵PID:5856
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 2406⤵PID:4848
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 2405⤵
- Program crash
PID:772
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe6⤵PID:672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe7⤵PID:1008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe8⤵PID:4232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe9⤵PID:7024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe10⤵PID:8976
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe11⤵PID:6372
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 23610⤵PID:9656
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 2169⤵PID:4200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 2168⤵PID:5580
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 2367⤵PID:4760
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 2366⤵
- Program crash
PID:3472
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe5⤵PID:2192
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe6⤵PID:1676
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe7⤵PID:3168
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe8⤵PID:5800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58379.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58379.exe9⤵PID:7992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe10⤵PID:10844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 2169⤵PID:9092
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 2168⤵PID:7180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 2167⤵PID:5224
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 2366⤵
- Program crash
PID:3560
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 2405⤵
- Program crash
PID:2964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 2404⤵
- Program crash
PID:2400
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:1272
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 2402⤵
- Program crash
PID:2568
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD5dcf6832f87626c8938a6c1f574489a60
SHA10cd774b743d04483155a0cf01d17935af258f02d
SHA256689f2fa2985524c3d506b5d54e8318912fe3e8a550040be7937bbf218d1ac817
SHA5128a2c9d786bc165948cd876e9a8cb975b19d8e414a293e445fcc820e1e31cba6faea74242fba73d0c3440bf65783a3d9edd97561d8299e2b225de23d470a7353a
-
Filesize
184KB
MD58b6361f8c88bc2db7ee4eb77fb5e5cf1
SHA1ad72e23914daa4a98bf35268ee3de706028bbbe6
SHA25626d5264a0450b9355f63f9235135f46ea0aac12db4fc70d0b419e2446efebada
SHA512fec687bdb210c8f8072ccf10aa150733c8e6975e3ce2815b88f4e739b158d7ce11a57e4c673b7349dc1e2f3119a56d9f1b34bf21d323925d3fadd00fa4f7cc3e
-
Filesize
184KB
MD5011c842b1f7e16cf8ca02ba1cc3aa69e
SHA1ebeff2c2c81c4dcf5d83415b54b07d50cd4b065b
SHA256b3d990e442c2facf48cb94ffdc569b5a6a9608744ecd53bc731ab4c5c697e330
SHA512cd89b84d63d66505f397d386c56810efc9eaffe649463125e9d8f2ff6ef0972582ab9c4e28427c3271d7c0eac994fcdce0f6dd9c088f95970500f4681de704bd
-
Filesize
184KB
MD51952f074a417d4b314591aff6d174bf4
SHA1d5e58aa50411913c68f0110d1047e352622247b1
SHA25685c27b0dd56382fbcce1c095fc3dcd5c3650678f5ab134a88aee81421e113d05
SHA512bda19c16b67be3b8ac8075f85d0b9a6b56e8b77ec3a25d8f9d0b460abb6dbeba921abd0747fddd9cc3d9b75d7ec686d5ead668bec5588e042a8e5eabda7d9e2f
-
Filesize
184KB
MD536b1e39c4279ee2916d4f54f272a566f
SHA1c50d87bc1124e06dbe6a3fbe39779f05446fdd6f
SHA25638dc6c4fd9457478e6088bf0df48b2bc3dc65e885ea36f2fda00473faaf6b78a
SHA51235c4fc01ed1a7076cc139b9e1529b5b09622ca4966e0978e0fb7a963e22e8efded5d30fdfa1124e6d05a68790f16963349e8ebbe3a746a9d1c8a8f5b5903d36e
-
Filesize
184KB
MD5b577ec3998e30480b6c87e706a807353
SHA1c2b4e43974448dbd7252bb4f075778e84a10c1fc
SHA256d7aa504b1ddb86c8e04ae4eae068062f8cbd53fb29ba41595932644a44622cd6
SHA5124068a0a247e6f5b214dbf737d4411f7d284b69c0f6c7d32b7f21a61578b391c1d71bc72f30263cb8d707b66855778c803215942e33a83d5d691c69793069e238
-
Filesize
184KB
MD5b08d9eb63aac796f73c51ecb835a34aa
SHA16123c80341a4c5546ce1c62330aee0c82398c549
SHA256b6dcd008dd18cceda3c6ed48d644e32f9acb39363a6777dbb5521a5bc31974d3
SHA5128249f6194adcf396777a16202fd354fc63986451bbf29dc6dc47931b1e558110895e733999fe10eb353bc9563cdf7439aa20bffab8e21d7b2fc3f11aedfb2ad9
-
Filesize
184KB
MD5d158f2ef7f7eba2586762905a1673967
SHA14182ebda05c915095d19c651a85ee4996b06beb7
SHA256fb74b357422f36bbf9230cc682e197ffab38404f88aa282ff3dd8e362918da37
SHA512c1dc7ef8bda2f1b4f71767f420d1f829d8bd7a3b4511c9c6b86fbf1c49b5e2adc2ad575672dd2426d21955d3b928a5002aebb072e53003da5348d1468efb6bb9
-
Filesize
184KB
MD5f44a95ec424583d2c432c67d1ccd4613
SHA16090175a8d89443b8df96a6b27e227e533fcbcba
SHA25644fed093f2f5003e29cfbc8f97ccd2cb380edc465f271c59f89e334cbec33bab
SHA51297cd5bb3802bc0b8be75fd32031cdaae6a924757d5cceb844cf0ac2ea906bd0817a80f257e5543a91be2d7166f03369e415bdef9239cfa373fb5aadd8b21685b
-
Filesize
184KB
MD5b9daca1e8ed0b5624d1deb417618dd6d
SHA1d080b51cdd91950f3aca38778c6a55f2b885d34f
SHA2562e201ba91068ac630a724de71e26b2261b84fb75b7dbf6f5a2a2c1e75ecf28e3
SHA5123bbe7866445cd879bfb0f1273f2036d11f62f962a04de7ee28dc9e2237ca3d6fc419d8e773b249391489e60d59c046adf573c19fe299cfd94e60b0d21f28951e
-
Filesize
184KB
MD5d43dd3c6ccc463f41f2dbb2a424b042b
SHA14fafc3ff35205e0a87a64dabe5328d285c5bd277
SHA2563040cae42c95ef4c54d5efa41f703e2f5cd4a93ef984110f70b5ab07d6f3faf3
SHA5125b8b3d0d0f7a04b8387770fc1bdc17f69ecc7e52a0f642b1f658f31b383eb8422e9040d104f59a8c70b67c712e059243729be18cc631ed690eb70bbdb6babdd5
-
Filesize
184KB
MD5a0e9f03d8eaaed49672162ad9f07902a
SHA122b476fa1bbb182a93b8fc6d858440fd625f4235
SHA25642c93035dec2fc39f7409648ad7574c5fc21af32b0fd5d707c3a1a71b96b1171
SHA512eef1272218bf19f7c346987f5289fb5947ceab82fae4de32bff17b57324480f0c148ba6b95d915b5adcfe10c3d25f240c24df8b41aef010f955dcbf0d040677e
-
Filesize
184KB
MD531191a3cdd88ff8fcdfb1b92290f9053
SHA121e7b30bead706563d501d50f1c2a5ae5b78d05a
SHA2567f6e6c10c5e34878562a3f0f58cc275772fd265d8f755bb697d1b70bfdcc1983
SHA51278297c741ae4ba9b09797b0156d0381bbe2e02b48a4f6b8b31bdd9da8478c502a85b5a2bfae524827daf6a2921fba67e90d4ddeba1b5a268b814489394903b64
-
Filesize
184KB
MD5e8b3d17e72f66f990aae5e02eaa7efb3
SHA1a4fc810c76de204a5e068fb77cb2e3983f3b748d
SHA256f628483800784f933ef346f6d5fa8c9a1667b27f30cc0eccf4a0b570a0a5d0c8
SHA51213eb3cc59b67862ac6a56905447fa8eb98b48f331dc13096ef7cc803bee58d24f64382e9d2fd4dcea1d69e450db26e0ad3cd1435a7bc1728b4d7e0b11b7be9ca
-
Filesize
184KB
MD5407b1f89b10f7009a58a541a77cf07d5
SHA1a3fb64ef6def32ec9e02b8f263ee4af88e322623
SHA256d970e3fda4d980644f05dfe66caa33b14bf456931b8012bcdfbefdf17fdfe76c
SHA512ac8fa6af6d84cb8579b6738556450143aa7726307d57803dd403ed9687f0b1a145e60273fff2d2a96aeec683c0617d5a1edf74aec7449989f00862b83335a303
-
Filesize
184KB
MD59a5dcc256c3dcf7f5ca784caf37dd4ed
SHA1ac4e01ca2c481f77e6de4b7000968d624a0887b3
SHA25691e183241d1ad77c89c386fb77637ca40a23eed3ff0e7b3607ed7e6c5490f5a2
SHA51228e9f453951ee24b9aa2bb05ea0b337244e0c08eb83ac6625dd1f6a845f425bd709428c98fc4c1dacb81dfb3693fb791a504fe8a3de01fc05fbc3f17a6d60636
-
Filesize
184KB
MD5fc4a335d8c4029c1fabe1c5f26ed785b
SHA1fc468d64c6ef8a61f095529fad8f5cd55657a0c4
SHA256cc24ea9d8cce5251540a5c1ecde3074bf15d47cfbef1d63db4457361abebba8a
SHA512975371ee24a5cefb83675fb24d07b76638a2e550bbb573b0ca912755556713971274776244ab1496fc639bce08727ff7bf46acc0a97aa774f04f14e9604f7fd1