Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 20:25
Static task
static1
Behavioral task
behavioral1
Sample
3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe
Resource
win10v2004-20240508-en
General
-
Target
3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe
-
Size
184KB
-
MD5
9113d5850e060f72c13405a25b7a7f99
-
SHA1
4bb5c99a4a851c3e2cc445e6190d5644a1e84487
-
SHA256
3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548
-
SHA512
cb4bec92c0d9e5f310af3c038f9d147ffd76fdd28563316433379a117faa16bc02711e9f935f91b83ab7f3e91e7bcefd9bc7a7268c52a64daa7eb7de6df36e3f
-
SSDEEP
1536:x7S/6jZlubW4otxU7DOAlkwMHsIyvhcldmd8+dLN2VzUtEhl5hj5nizpv3:ZdabW4oTcDOVdHHWWYdLNKSEhlnViFf
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2736 Unicorn-17733.exe 2480 Unicorn-40374.exe 2592 Unicorn-49097.exe 2400 Unicorn-3472.exe 1564 Unicorn-64925.exe 2420 Unicorn-6165.exe 1656 Unicorn-41381.exe 852 Unicorn-3809.exe 1544 Unicorn-35927.exe 2444 Unicorn-46788.exe 1648 Unicorn-25621.exe 2272 Unicorn-58568.exe 1340 Unicorn-65345.exe 2412 Unicorn-36010.exe 552 Unicorn-3145.exe 784 Unicorn-7784.exe 2472 Unicorn-27650.exe 2228 Unicorn-34426.exe 1928 Unicorn-23566.exe 1584 Unicorn-40177.exe 1944 Unicorn-12143.exe 1028 Unicorn-42123.exe 960 Unicorn-48900.exe 616 Unicorn-15480.exe 2224 Unicorn-11972.exe 2072 Unicorn-38615.exe 2112 Unicorn-45392.exe 2872 Unicorn-8443.exe 1884 Unicorn-24225.exe 2252 Unicorn-44645.exe 2960 Unicorn-44645.exe 2612 Unicorn-16611.exe 1972 Unicorn-43275.exe 2388 Unicorn-35107.exe 2820 Unicorn-50052.exe 980 Unicorn-41137.exe 2356 Unicorn-58241.exe 1744 Unicorn-34291.exe 908 Unicorn-36752.exe 1200 Unicorn-58796.exe 2184 Unicorn-36560.exe 1492 Unicorn-32476.exe 1660 Unicorn-18086.exe 2348 Unicorn-14556.exe 2096 Unicorn-45283.exe 636 Unicorn-20032.exe 1236 Unicorn-43877.exe 2668 Unicorn-63742.exe 564 Unicorn-55574.exe 1924 Unicorn-64297.exe 1084 Unicorn-25402.exe 280 Unicorn-45268.exe 2268 Unicorn-29508.exe 2976 Unicorn-56150.exe 1196 Unicorn-25978.exe 1596 Unicorn-21894.exe 2496 Unicorn-3441.exe 2864 Unicorn-32584.exe 1072 Unicorn-1111.exe 2352 Unicorn-23670.exe 1472 Unicorn-34530.exe 1644 Unicorn-30468.exe 940 Unicorn-7909.exe 308 Unicorn-43274.exe -
Loads dropped DLL 64 IoCs
pid Process 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 2736 Unicorn-17733.exe 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 2736 Unicorn-17733.exe 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 2592 Unicorn-49097.exe 2592 Unicorn-49097.exe 2480 Unicorn-40374.exe 2480 Unicorn-40374.exe 2736 Unicorn-17733.exe 2736 Unicorn-17733.exe 776 WerFault.exe 776 WerFault.exe 776 WerFault.exe 776 WerFault.exe 776 WerFault.exe 2400 Unicorn-3472.exe 2400 Unicorn-3472.exe 2592 Unicorn-49097.exe 2592 Unicorn-49097.exe 1564 Unicorn-64925.exe 1564 Unicorn-64925.exe 2480 Unicorn-40374.exe 2480 Unicorn-40374.exe 2420 Unicorn-6165.exe 2420 Unicorn-6165.exe 1528 WerFault.exe 1528 WerFault.exe 1528 WerFault.exe 1528 WerFault.exe 2280 WerFault.exe 2280 WerFault.exe 2280 WerFault.exe 2280 WerFault.exe 1528 WerFault.exe 2280 WerFault.exe 1656 Unicorn-41381.exe 1656 Unicorn-41381.exe 2400 Unicorn-3472.exe 2400 Unicorn-3472.exe 852 Unicorn-3809.exe 852 Unicorn-3809.exe 2444 Unicorn-46788.exe 2444 Unicorn-46788.exe 1544 Unicorn-35927.exe 1564 Unicorn-64925.exe 1564 Unicorn-64925.exe 1544 Unicorn-35927.exe 2420 Unicorn-6165.exe 2420 Unicorn-6165.exe 1648 Unicorn-25621.exe 1648 Unicorn-25621.exe 1904 WerFault.exe 1904 WerFault.exe 1904 WerFault.exe 1904 WerFault.exe 1904 WerFault.exe 1112 WerFault.exe 1112 WerFault.exe 1112 WerFault.exe 1112 WerFault.exe 1268 WerFault.exe 1268 WerFault.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 2692 2740 WerFault.exe 27 776 2736 WerFault.exe 28 1528 2592 WerFault.exe 30 2280 2480 WerFault.exe 29 1904 2400 WerFault.exe 32 1112 1564 WerFault.exe 33 1268 2420 WerFault.exe 34 2516 1656 WerFault.exe 36 2632 852 WerFault.exe 37 2576 2444 WerFault.exe 39 2628 1544 WerFault.exe 38 2712 1648 WerFault.exe 40 1404 2272 WerFault.exe 43 2044 2412 WerFault.exe 45 488 1340 WerFault.exe 44 872 552 WerFault.exe 46 3024 2472 WerFault.exe 47 1396 784 WerFault.exe 48 2120 1928 WerFault.exe 50 2136 2228 WerFault.exe 49 2140 1744 WerFault.exe 79 2980 1584 WerFault.exe 54 2660 1944 WerFault.exe 55 848 960 WerFault.exe 57 2768 636 WerFault.exe 87 2868 1028 WerFault.exe 56 1264 2872 WerFault.exe 62 268 2960 WerFault.exe 64 1636 1472 WerFault.exe 111 840 2356 WerFault.exe 78 284 2224 WerFault.exe 59 1808 2612 WerFault.exe 66 2432 1884 WerFault.exe 63 2100 2820 WerFault.exe 76 288 2112 WerFault.exe 61 1312 2096 WerFault.exe 86 2336 1084 WerFault.exe 92 2728 564 WerFault.exe 90 2436 1924 WerFault.exe 93 2744 1972 WerFault.exe 74 3116 1660 WerFault.exe 84 3124 280 WerFault.exe 94 3176 1236 WerFault.exe 88 3184 2668 WerFault.exe 89 3640 2864 WerFault.exe 108 3836 2348 WerFault.exe 85 3856 2268 WerFault.exe 102 3880 2976 WerFault.exe 103 3992 2072 WerFault.exe 60 4024 1200 WerFault.exe 81 4084 1492 WerFault.exe 83 3140 1440 WerFault.exe 91 3168 2252 WerFault.exe 65 3216 908 WerFault.exe 80 3300 616 WerFault.exe 58 3320 980 WerFault.exe 77 3616 1196 WerFault.exe 105 3624 940 WerFault.exe 113 3632 2388 WerFault.exe 75 3704 2496 WerFault.exe 107 3984 2184 WerFault.exe 82 3412 1652 WerFault.exe 133 3684 2572 WerFault.exe 154 3428 1520 WerFault.exe 153 -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 2736 Unicorn-17733.exe 2592 Unicorn-49097.exe 2480 Unicorn-40374.exe 2400 Unicorn-3472.exe 1564 Unicorn-64925.exe 2420 Unicorn-6165.exe 1656 Unicorn-41381.exe 852 Unicorn-3809.exe 2444 Unicorn-46788.exe 1544 Unicorn-35927.exe 1648 Unicorn-25621.exe 2272 Unicorn-58568.exe 1340 Unicorn-65345.exe 2412 Unicorn-36010.exe 552 Unicorn-3145.exe 2472 Unicorn-27650.exe 784 Unicorn-7784.exe 2228 Unicorn-34426.exe 1928 Unicorn-23566.exe 1584 Unicorn-40177.exe 1944 Unicorn-12143.exe 1028 Unicorn-42123.exe 960 Unicorn-48900.exe 616 Unicorn-15480.exe 2224 Unicorn-11972.exe 2072 Unicorn-38615.exe 2112 Unicorn-45392.exe 2872 Unicorn-8443.exe 1884 Unicorn-24225.exe 2960 Unicorn-44645.exe 2612 Unicorn-16611.exe 1972 Unicorn-43275.exe 2388 Unicorn-35107.exe 2820 Unicorn-50052.exe 980 Unicorn-41137.exe 2356 Unicorn-58241.exe 908 Unicorn-36752.exe 1744 Unicorn-34291.exe 1200 Unicorn-58796.exe 2184 Unicorn-36560.exe 1492 Unicorn-32476.exe 1660 Unicorn-18086.exe 2348 Unicorn-14556.exe 2096 Unicorn-45283.exe 636 Unicorn-20032.exe 2668 Unicorn-63742.exe 1236 Unicorn-43877.exe 1440 Unicorn-18626.exe 564 Unicorn-55574.exe 1924 Unicorn-64297.exe 1084 Unicorn-25402.exe 280 Unicorn-45268.exe 1596 Unicorn-21894.exe 2976 Unicorn-56150.exe 1196 Unicorn-25978.exe 2268 Unicorn-29508.exe 2496 Unicorn-3441.exe 2864 Unicorn-32584.exe 2352 Unicorn-23670.exe 1472 Unicorn-34530.exe 1644 Unicorn-30468.exe 940 Unicorn-7909.exe 308 Unicorn-43274.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2740 wrote to memory of 2736 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 28 PID 2740 wrote to memory of 2736 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 28 PID 2740 wrote to memory of 2736 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 28 PID 2740 wrote to memory of 2736 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 28 PID 2736 wrote to memory of 2480 2736 Unicorn-17733.exe 29 PID 2736 wrote to memory of 2480 2736 Unicorn-17733.exe 29 PID 2736 wrote to memory of 2480 2736 Unicorn-17733.exe 29 PID 2736 wrote to memory of 2480 2736 Unicorn-17733.exe 29 PID 2740 wrote to memory of 2592 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 30 PID 2740 wrote to memory of 2592 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 30 PID 2740 wrote to memory of 2592 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 30 PID 2740 wrote to memory of 2592 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 30 PID 2740 wrote to memory of 2692 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 31 PID 2740 wrote to memory of 2692 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 31 PID 2740 wrote to memory of 2692 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 31 PID 2740 wrote to memory of 2692 2740 3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe 31 PID 2592 wrote to memory of 2400 2592 Unicorn-49097.exe 32 PID 2592 wrote to memory of 2400 2592 Unicorn-49097.exe 32 PID 2592 wrote to memory of 2400 2592 Unicorn-49097.exe 32 PID 2592 wrote to memory of 2400 2592 Unicorn-49097.exe 32 PID 2480 wrote to memory of 1564 2480 Unicorn-40374.exe 33 PID 2480 wrote to memory of 1564 2480 Unicorn-40374.exe 33 PID 2480 wrote to memory of 1564 2480 Unicorn-40374.exe 33 PID 2480 wrote to memory of 1564 2480 Unicorn-40374.exe 33 PID 2736 wrote to memory of 2420 2736 Unicorn-17733.exe 34 PID 2736 wrote to memory of 2420 2736 Unicorn-17733.exe 34 PID 2736 wrote to memory of 2420 2736 Unicorn-17733.exe 34 PID 2736 wrote to memory of 2420 2736 Unicorn-17733.exe 34 PID 2736 wrote to memory of 776 2736 Unicorn-17733.exe 35 PID 2736 wrote to memory of 776 2736 Unicorn-17733.exe 35 PID 2736 wrote to memory of 776 2736 Unicorn-17733.exe 35 PID 2736 wrote to memory of 776 2736 Unicorn-17733.exe 35 PID 2400 wrote to memory of 1656 2400 Unicorn-3472.exe 36 PID 2400 wrote to memory of 1656 2400 Unicorn-3472.exe 36 PID 2400 wrote to memory of 1656 2400 Unicorn-3472.exe 36 PID 2400 wrote to memory of 1656 2400 Unicorn-3472.exe 36 PID 2592 wrote to memory of 852 2592 Unicorn-49097.exe 37 PID 2592 wrote to memory of 852 2592 Unicorn-49097.exe 37 PID 2592 wrote to memory of 852 2592 Unicorn-49097.exe 37 PID 2592 wrote to memory of 852 2592 Unicorn-49097.exe 37 PID 1564 wrote to memory of 1544 1564 Unicorn-64925.exe 38 PID 1564 wrote to memory of 1544 1564 Unicorn-64925.exe 38 PID 1564 wrote to memory of 1544 1564 Unicorn-64925.exe 38 PID 1564 wrote to memory of 1544 1564 Unicorn-64925.exe 38 PID 2480 wrote to memory of 2444 2480 Unicorn-40374.exe 39 PID 2480 wrote to memory of 2444 2480 Unicorn-40374.exe 39 PID 2480 wrote to memory of 2444 2480 Unicorn-40374.exe 39 PID 2480 wrote to memory of 2444 2480 Unicorn-40374.exe 39 PID 2420 wrote to memory of 1648 2420 Unicorn-6165.exe 40 PID 2420 wrote to memory of 1648 2420 Unicorn-6165.exe 40 PID 2420 wrote to memory of 1648 2420 Unicorn-6165.exe 40 PID 2420 wrote to memory of 1648 2420 Unicorn-6165.exe 40 PID 2592 wrote to memory of 1528 2592 Unicorn-49097.exe 41 PID 2592 wrote to memory of 1528 2592 Unicorn-49097.exe 41 PID 2592 wrote to memory of 1528 2592 Unicorn-49097.exe 41 PID 2592 wrote to memory of 1528 2592 Unicorn-49097.exe 41 PID 2480 wrote to memory of 2280 2480 Unicorn-40374.exe 42 PID 2480 wrote to memory of 2280 2480 Unicorn-40374.exe 42 PID 2480 wrote to memory of 2280 2480 Unicorn-40374.exe 42 PID 2480 wrote to memory of 2280 2480 Unicorn-40374.exe 42 PID 1656 wrote to memory of 2272 1656 Unicorn-41381.exe 43 PID 1656 wrote to memory of 2272 1656 Unicorn-41381.exe 43 PID 1656 wrote to memory of 2272 1656 Unicorn-41381.exe 43 PID 1656 wrote to memory of 2272 1656 Unicorn-41381.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe"C:\Users\Admin\AppData\Local\Temp\3765d7d83b429f73f858289268fc8aff9ec4d93a7ed110f1a5f1f9c3e45fa548.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1564 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1544 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-27650.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27650.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-38615.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38615.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-32476.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32476.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-12870.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12870.exe9⤵PID:868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe10⤵PID:3752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe11⤵PID:5428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe12⤵PID:6872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe13⤵PID:8888
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 23613⤵PID:8916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 21612⤵PID:8096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 21611⤵PID:5156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 23610⤵PID:4552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 2169⤵
- Program crash
PID:4084
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe8⤵PID:1952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe9⤵PID:3564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59129.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59129.exe10⤵PID:4636
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe11⤵PID:6828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe12⤵PID:9176
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 23612⤵PID:9052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 23611⤵PID:7752
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 23610⤵PID:5936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 2369⤵PID:4960
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 2408⤵
- Program crash
PID:3992
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14556.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14556.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe8⤵PID:2000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe9⤵PID:3248
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe10⤵PID:4568
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe11⤵PID:6996
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe12⤵PID:8812
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 23612⤵PID:4236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 23611⤵PID:7492
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 23610⤵PID:5464
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 2169⤵PID:4840
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 2368⤵
- Program crash
PID:3836
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 2407⤵
- Program crash
PID:3024
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8443.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8443.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52341.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52341.exe8⤵PID:2052
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50644.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50644.exe9⤵PID:3964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe10⤵PID:4820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe11⤵PID:6752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe12⤵PID:8560
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 21612⤵PID:8740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 21611⤵PID:7244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 21610⤵PID:5916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 2169⤵PID:4624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 2168⤵
- Program crash
PID:3184
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 2367⤵
- Program crash
PID:1264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 2406⤵
- Program crash
PID:2628
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:784 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:564 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe8⤵PID:2572
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe9⤵PID:3224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe10⤵PID:4372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe11⤵PID:5388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe12⤵PID:8048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe13⤵PID:6456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 21612⤵PID:8660
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 21611⤵PID:6364
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 21610⤵PID:4704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 2369⤵
- Program crash
PID:3684
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 2168⤵
- Program crash
PID:2728
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 2367⤵
- Program crash
PID:268
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 2407⤵
- Program crash
PID:2436
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 2406⤵
- Program crash
PID:1396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 2405⤵
- Loads dropped DLL
- Program crash
PID:1112
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2444 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:552 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18086.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18086.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe8⤵PID:2824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe9⤵PID:3736
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe10⤵PID:4900
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe11⤵PID:7008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62230.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62230.exe12⤵PID:8880
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 23612⤵PID:8248
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 21611⤵PID:7500
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 21610⤵PID:5980
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 2369⤵PID:4468
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 2368⤵
- Program crash
PID:3116
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe7⤵PID:2172
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe8⤵PID:3444
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37702.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37702.exe9⤵PID:4604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe10⤵PID:6508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe11⤵PID:8360
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 23611⤵PID:8432
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 21610⤵PID:7020
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 2169⤵PID:5824
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 2368⤵PID:3340
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 2407⤵
- Program crash
PID:284
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe7⤵PID:1640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe8⤵PID:3436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe9⤵PID:4164
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe10⤵PID:6384
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe11⤵PID:8068
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 23611⤵PID:8948
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 21610⤵PID:6368
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 2169⤵PID:5620
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 2368⤵PID:3812
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 2367⤵
- Program crash
PID:1312
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 2406⤵
- Program crash
PID:872
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7909.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7909.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:940 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe8⤵PID:2972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe9⤵PID:3488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe10⤵PID:4176
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe11⤵PID:5904
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe12⤵PID:7912
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe13⤵PID:8524
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 21612⤵PID:8608
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 21611⤵PID:7160
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 23610⤵PID:4904
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29045.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29045.exe9⤵PID:4212
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe10⤵PID:6020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe11⤵PID:7328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe12⤵PID:5592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 21611⤵PID:8252
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 21610⤵PID:6172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 2409⤵PID:5000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 2168⤵
- Program crash
PID:3624
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6300.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6300.exe7⤵PID:1624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe8⤵PID:4060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63680.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63680.exe9⤵PID:5572
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe10⤵PID:7316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe11⤵PID:8212
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 23611⤵PID:5748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 23610⤵PID:1272
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 2369⤵PID:6260
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 2168⤵PID:4412
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 2407⤵
- Program crash
PID:3984
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43274.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43274.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exe7⤵PID:3688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe8⤵PID:4580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe9⤵PID:1036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe10⤵PID:8044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe11⤵PID:6160
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 21610⤵PID:8684
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 2169⤵PID:6284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 2368⤵PID:5172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 2367⤵PID:3556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 2206⤵
- Program crash
PID:288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 2405⤵
- Program crash
PID:2576
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:2280
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1648 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe6⤵
- Executes dropped EXE
PID:2252 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe7⤵
- Suspicious use of SetWindowsHookEx
PID:1440 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe8⤵PID:1932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe9⤵PID:3796
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe10⤵PID:5028
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe11⤵PID:6788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe12⤵PID:8672
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 23612⤵PID:8956
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 21611⤵PID:7252
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 21610⤵PID:6064
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 2169⤵PID:4320
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 2368⤵
- Program crash
PID:3140
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe7⤵PID:2916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe8⤵PID:3244
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe9⤵PID:4292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe10⤵PID:5860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe11⤵PID:6860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7513.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7513.exe12⤵PID:8832
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 21612⤵PID:8872
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 21611⤵PID:8160
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 21610⤵PID:6484
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 2369⤵PID:5024
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe8⤵PID:4336
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe9⤵PID:5284
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42500.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42500.exe10⤵PID:8104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe11⤵PID:5808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 23610⤵PID:8704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 2169⤵PID:6292
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 2208⤵PID:5068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 2407⤵
- Program crash
PID:3168
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe7⤵PID:2620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe8⤵PID:3196
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe9⤵PID:4880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe10⤵PID:5408
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe11⤵PID:7608
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe12⤵PID:5516
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 21611⤵PID:8440
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 23610⤵PID:6664
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 2169⤵PID:5492
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 2368⤵PID:3604
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 2167⤵
- Program crash
PID:2336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 2406⤵
- Program crash
PID:2120
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-45268.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45268.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:280 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe7⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe8⤵PID:3496
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe9⤵PID:4364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50333.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50333.exe10⤵PID:5308
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe11⤵PID:7688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe12⤵PID:9132
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 21612⤵PID:8236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 21611⤵PID:7476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 21610⤵PID:7048
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 2169⤵PID:4668
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 2368⤵
- Program crash
PID:3412
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 2367⤵
- Program crash
PID:3124
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe6⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe7⤵PID:3576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe8⤵PID:4400
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42186.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42186.exe9⤵PID:6540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe10⤵PID:7988
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 23610⤵PID:9212
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 2369⤵PID:1892
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 2168⤵PID:5700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 2367⤵PID:4152
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 2406⤵
- Program crash
PID:1808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 2405⤵
- Program crash
PID:2712
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1884 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:636 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 2447⤵
- Program crash
PID:2768
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe6⤵PID:1992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41516.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41516.exe7⤵PID:3608
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe8⤵PID:5008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe9⤵PID:6220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe10⤵PID:7936
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 21610⤵PID:8940
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 2169⤵PID:6972
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 2168⤵PID:5544
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 2367⤵PID:4200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 2406⤵
- Program crash
PID:2432
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe6⤵PID:2196
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe7⤵PID:3800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe8⤵PID:4988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe9⤵PID:6876
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe10⤵PID:7460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe11⤵PID:8376
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 21611⤵PID:5812
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 23610⤵PID:7652
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 2169⤵PID:7192
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 2168⤵PID:6004
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 2367⤵PID:4544
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 2366⤵
- Program crash
PID:3176
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 2405⤵
- Program crash
PID:2136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1268
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:776
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41381.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41381.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1656 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-58568.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58568.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56150.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56150.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe9⤵PID:1964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe10⤵PID:3484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe11⤵PID:4824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe12⤵PID:6428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe13⤵PID:9028
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 21613⤵PID:4288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 23612⤵PID:7568
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 21611⤵PID:5512
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 23610⤵PID:4916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 2369⤵
- Program crash
PID:3880
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe8⤵PID:2192
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe9⤵PID:3744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe10⤵PID:4284
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe11⤵PID:6276
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe12⤵PID:8028
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 23612⤵PID:9084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 23611⤵PID:7096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 23610⤵PID:5656
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 2369⤵PID:4476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 2408⤵
- Program crash
PID:2744
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe8⤵PID:1536
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe9⤵PID:4044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe10⤵PID:4640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe11⤵PID:6836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe12⤵PID:8516
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 21612⤵PID:8696
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 21611⤵PID:7288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 21610⤵PID:5256
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 2169⤵PID:4732
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe8⤵PID:3396
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe9⤵PID:4504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe10⤵PID:5356
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe11⤵PID:8032
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe12⤵PID:6056
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 21612⤵PID:5764
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 21611⤵PID:8176
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 21610⤵PID:6312
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 2369⤵PID:5132
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 2408⤵PID:3548
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 2407⤵
- Program crash
PID:2980
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe8⤵PID:2020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe9⤵PID:3304
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe10⤵PID:4672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe11⤵PID:6704
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe12⤵PID:8636
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 21612⤵PID:8900
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 21611⤵PID:7180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 21610⤵PID:5832
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 2369⤵PID:3936
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe8⤵PID:3332
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe9⤵PID:5036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe10⤵PID:6400
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe11⤵PID:8080
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 21611⤵PID:9204
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 21610⤵PID:6712
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 2169⤵PID:5552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 2408⤵PID:3972
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe7⤵PID:1520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe8⤵PID:3144
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe9⤵PID:4812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe10⤵PID:6128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe11⤵PID:8136
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe12⤵PID:8600
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 21612⤵PID:6692
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 21611⤵PID:8220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 21610⤵PID:6212
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 2369⤵PID:5436
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 2368⤵
- Program crash
PID:3428
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 2407⤵
- Program crash
PID:2100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 2406⤵
- Program crash
PID:1404
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe8⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe9⤵PID:3372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe10⤵PID:4896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe11⤵PID:6932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe12⤵PID:8552
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 21612⤵PID:3908
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 23611⤵PID:7852
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 21610⤵PID:5924
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 2369⤵PID:4860
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 2368⤵
- Program crash
PID:3856
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe7⤵PID:2860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe8⤵PID:3956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe9⤵PID:5372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe10⤵PID:6380
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe11⤵PID:9112
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 23611⤵PID:4224
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 21610⤵PID:8016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 2369⤵PID:5856
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 2168⤵PID:4348
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 2407⤵
- Program crash
PID:3632
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe7⤵PID:2060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe8⤵PID:3700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe9⤵PID:5940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe10⤵PID:7592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe11⤵PID:8596
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 21611⤵PID:2560
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 21610⤵PID:8180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 2169⤵PID:6600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 2368⤵PID:4196
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 2367⤵
- Program crash
PID:3616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 2406⤵
- Program crash
PID:2660
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 2405⤵
- Program crash
PID:2516
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65345.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65345.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1340 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:616 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36752.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36752.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe7⤵PID:1460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25886.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25886.exe8⤵PID:4072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe9⤵PID:4240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe10⤵PID:6132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe11⤵PID:8060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe12⤵PID:9200
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 21612⤵PID:1556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 21611⤵PID:3480
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 23610⤵PID:6940
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 2369⤵PID:4992
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe8⤵PID:4276
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe9⤵PID:5612
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe10⤵PID:7640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe11⤵PID:4312
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 21611⤵PID:8804
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 21610⤵PID:7272
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 2369⤵PID:7152
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 2408⤵PID:5052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 2367⤵
- Program crash
PID:3216
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe6⤵PID:2204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23748.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23748.exe7⤵PID:3376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe8⤵PID:4388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe9⤵PID:5244
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe10⤵PID:7784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe11⤵PID:8788
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 21611⤵PID:8712
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 21610⤵PID:7684
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 2169⤵PID:6964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 2368⤵PID:4836
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe7⤵PID:4420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe8⤵PID:6124
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe9⤵PID:7992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe10⤵PID:8732
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 21610⤵PID:6740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 2169⤵PID:936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 2168⤵PID:6416
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 2407⤵PID:4808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 2406⤵
- Program crash
PID:3300
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58796.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58796.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22383.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22383.exe7⤵PID:3052
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe8⤵PID:3364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe9⤵PID:4440
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe10⤵PID:6356
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe11⤵PID:8024
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 21611⤵PID:8200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 21610⤵PID:6556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 2169⤵PID:5720
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 2368⤵PID:3204
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe7⤵PID:3404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe8⤵PID:4740
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe9⤵PID:6572
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe10⤵PID:8468
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 23610⤵PID:8616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 2369⤵PID:6784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 2168⤵PID:5884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 2407⤵PID:3656
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe6⤵PID:696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe7⤵PID:3660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe8⤵PID:5232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe9⤵PID:6776
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe10⤵PID:8204
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 23610⤵PID:5188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 2369⤵PID:7744
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 2168⤵PID:5380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 2167⤵PID:5108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 2406⤵
- Program crash
PID:4024
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 2405⤵
- Program crash
PID:488
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1904
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:852 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe8⤵PID:2160
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe9⤵PID:3868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe10⤵PID:5420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe11⤵PID:7076
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe12⤵PID:8536
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 23612⤵PID:5164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 23611⤵PID:7888
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 23610⤵PID:6148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 2369⤵PID:4220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 2368⤵
- Program crash
PID:3704
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe7⤵PID:2664
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe8⤵PID:3264
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe9⤵PID:4980
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe10⤵PID:6316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe11⤵PID:8128
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 21611⤵PID:9064
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 21610⤵PID:6472
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 2169⤵PID:5536
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 2368⤵PID:3600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 2407⤵
- Program crash
PID:840
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe7⤵PID:2332
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe8⤵PID:3896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe9⤵PID:4772
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56363.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56363.exe10⤵PID:5396
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19283.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19283.exe11⤵PID:7216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe12⤵PID:5844
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 21612⤵PID:7060
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 21611⤵PID:8228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 23610⤵PID:7068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 2169⤵PID:5360
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 2168⤵PID:4456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 2367⤵
- Program crash
PID:3640
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 2406⤵
- Program crash
PID:2868
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 2406⤵
- Program crash
PID:2140
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 2405⤵
- Program crash
PID:2044
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:980 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1111.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1111.exe6⤵
- Executes dropped EXE
PID:1072
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe6⤵PID:2008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34739.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34739.exe7⤵PID:3848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe8⤵PID:5268
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe9⤵PID:7032
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe10⤵PID:8648
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 23610⤵PID:5212
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 2169⤵PID:7896
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 2368⤵PID:5684
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 2367⤵PID:4360
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 2406⤵
- Program crash
PID:3320
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1472 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 2406⤵
- Program crash
PID:1636
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 2405⤵
- Program crash
PID:848
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 2404⤵
- Program crash
PID:2632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:1528
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 2402⤵
- Program crash
PID:2692
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD5958bc12971fc372a8a25ef52ee17a48f
SHA137d023c0da946b72a2900052d900545ad057ffcc
SHA256b119d1762720dde9d6d60707e83f86508a35d8d4948993958f13f860b69ba4c8
SHA5129989d0ec621a2c6be6d4ad2f3920987d64976cabc3bcbb9788a77678e8e877d14b10c7555dcde033d9bb25c48ec76072d4ccaabf910c3f8aaeaf31cc2af7a669
-
Filesize
184KB
MD54e89c960f7d6198823c724db399b4e48
SHA14b822ff9b113c5ce5e24a8fa27b713cbfe4610c1
SHA25636302fccb5bcf8de1d6f39906fd9adb60d5de243d03b5472e8c8aea5730f7403
SHA512c90368324cf60c428224589a5af26201cf3ee6ab116d1dc57549071cb082b7e8f9cdbb091bae6ab30c69735f8b6e40eab621b76304ca0789f72c280cf79f208d
-
Filesize
184KB
MD5f9815edb18ed34dbad3dcb086e3ecb76
SHA1d2b80d35c4080231a08b85f8f489cf5238abdba0
SHA256744006b2a89562d6933faddd45a27ee0bfaaf5b4ba51a05739adabc62b8130aa
SHA5124acda3dcc8f87b0e6c3e6bd442ebc11fc0ba915fc61e5e8a61a54abf65999b8582fbcc612e651298b784ed874fab0f56a9406d8ea7981f6b6b497b855a46dd29
-
Filesize
184KB
MD5c9d54af4c4d40aa64bcfb7bed29b0b45
SHA131d2be2c91232fbbd2c948d37018d8ccb05c1dc1
SHA256b6d696c7ee1005f1623e86a919ed9460c727c92a4a93aaa4a7120d16d0124924
SHA512dc43747cd2002da001cc0525258ba16d32d1c623e4f647c467239e19341b813a7cd8d90fdbaeed13db5d8d2fc2a3b6ebd2e390854d89c35ffea4322713f68781
-
Filesize
184KB
MD5ad4752b60c1b1702018f4679f6d421e7
SHA1a1f50f9f72eee07410e566385eadd83e49d85536
SHA256e84c9722daab67fc7d77e306a02beee3199ec32b21cc6c6aafaa0ddb4b99b063
SHA5129620db1453c7eb9246de3aba0d7e1b2d8a151b8eab0abdf60bb48cab89e527df9190c6561b65e3aa1e6dbced97a538570e38fee2aff5c4efb772040131ef0f56
-
Filesize
184KB
MD5285e1cfe689df7cab7dd36efc08ee35e
SHA17771c51b6d554dc085a51a234f05c0827b71d717
SHA25628f1874487433ff8203aa68ecc61756b44396096c6c85f3465dc4fd12a63a89e
SHA512871fdf703722a2916c49e53b2ac9b4b3e2cfcb02212898d68c4c2e41b0af5b75364a2b44e3d4df7648c45b33e3d0e05db426f0c68adc6f152a66c00e65f0d2a4
-
Filesize
184KB
MD503adc8d37325dcd4f9c52b7303fe0b5b
SHA166d9e0c8068f10941ac4cfd674dda9528e4b9f26
SHA2567f276fffab054489a742624c1b111a32ce38abc14e986d8bea4172c43011df11
SHA512dc10a050274d0a3cf4e652451c2ce866450b0bc256ceb80706a83fad33917be3d92b362c785b119707dbfc34490cbdb667a2b5cb62c59914c5c5292922de5c5e
-
Filesize
184KB
MD573ef5723fb606e1bbef1ebbee7fc5247
SHA1c3566585b3b9ec4db23a21097ca6d33de78445c0
SHA256c5390a9e75c024faf460c830f5f01a65c4d746011bcbaf4271f12b3025eb590f
SHA512f38120b49da5724e4b68e83ac1475aade683c674a26541dd6fabba1ec56b1457a4c705e7899f9eb7505172dbc0c1c4614d7ad3edcf54e504bc87621e64e3e341
-
Filesize
184KB
MD52b95d38f4f7111e49e74f4e5ec1529f8
SHA16339d1b652cb4df2a06ba4113d5209682597e175
SHA2566cf35312f0624aeef603074622314b7a6573c5d7c67418b2f9060158ac4a6887
SHA51249b79c04dc28e6b275d2d495a2f7f7de31e4261aa88da18f7374cc8022ec8bd7b691c89cf33cd434567208adb8308788507f5e2ecb0291f9972cf6422b070774
-
Filesize
184KB
MD54cd27f7d356aa127fb277080c9b0b0a4
SHA14b327dbcb57d2e9628160e6b3cd2d3d75cc13db5
SHA25620f0eb0c07ba78bd605405b46d318de4c5910ca1cd709b780ba6d7a6612fdcd7
SHA512d19345087466f10151f54f90a809c6ba1f2099ce0bdae8c15fce7afd3e09d8f69ef1eccc07ca70f51c2e231ab3c1f6827c5d0eeee4677a5b2a38807a578610d9
-
Filesize
184KB
MD5def9ed52077bfe8f1389b2d4dbf246c8
SHA103f1d9b9ad9ae79f5ef0fa5db43b52ea0892e5ed
SHA256f5b68b01dbf22b2e451d7a174e2b03720e7a80a97e956f6fad90fe16f907ad27
SHA5126ba4c222d57b17e85919c0bbde735708287fd34acc135cdfff4e5276ad0bcd713f26574945075982164a781266d4ef7af2d4d5ae764ac57a678752f6f1031df3
-
Filesize
184KB
MD5bc6225221fef63280b94fb9084381b20
SHA1eeb70b114357107e5607da808b7392f8a6483b3e
SHA256015ab921579d4b54eaae8cd4c0ea584666545585e96d5d2c8a244b8e0acb9d56
SHA5123d491210723a1a642d602fe81fd8273a962269e12d8f12c8eaf539402a151fe46facb9315351fb96b7b66eaab940b1080c61828ad964f25281101fd2d4ab6905
-
Filesize
184KB
MD51335a82601e2ee00e6ffade7db426f2e
SHA13eedcc1cf42f6c3f6a6a8254e491226a65237067
SHA25677692898ac851d6c0c681205565ff7f31fd84db9c7babefb34103057bc10a3a0
SHA512612d972856b33d712261fc73d07377a696439ec21cefc6b695b32f559696e999f7b4c58a1e0dded05d7dcd70256352b53603f4ac3caef864b3bcdd660e3f4fbd
-
Filesize
184KB
MD5308ce63aa30cd7cf788d8dc05efa12cf
SHA1e76065ba7d379c08195dcc38806456c6b9f40b24
SHA25601b81f3a08730a11076da5c0b9ca1053e1804cbee507d3d06e70d64f78155aab
SHA512f66b0fd5bf9eccef3e60985aecb87247235939cdfe9ad3f4ac31eade267a23ef34b9f539f91727815ab3601d5cc325607cf21a9b5616853714fdda3d9f5ad965
-
Filesize
184KB
MD548e8c1052ad02df274324f074c04ce13
SHA1e9229f1281dc054c3959e71230a27a5e2f801be5
SHA2563e908b41f2f128e86ec1b29a3413788d9eee9ca84a95a6c895c41d52971936a8
SHA512a7f817c6536a07424071c45255c84ac1b7e013adfafd2d35eed46887731eaaa342185d513b321cedcc937b493dfda54293b0939de5873c86346f49146b2ec5d0