Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29-05-2024 03:23
Static task
static1
Behavioral task
behavioral1
Sample
e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe
Resource
win10v2004-20240508-en
General
-
Target
e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe
-
Size
184KB
-
MD5
1c39fdbfda08968ab5161ad132618695
-
SHA1
e3431f115b75a7259b79543a79530227b348b632
-
SHA256
e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c
-
SHA512
2e33f1f2d038c57d17aa6319002d7df5d1ecb72f76ed7f7be65696da1f5580cee51d56ccec0cbb8a1090967a93cd67507eb22a1b954c52ab58f3d726598c3aa8
-
SSDEEP
3072:sd+3UxoTJ1FNd5t4eL3LRKs0+VnViD7n3:sdzoVb5tPLYs0+VnViD7
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 3032 Unicorn-23035.exe 3060 Unicorn-59677.exe 2604 Unicorn-12936.exe 2620 Unicorn-53549.exe 2396 Unicorn-55988.exe 2372 Unicorn-3450.exe 280 Unicorn-37134.exe 1476 Unicorn-56315.exe 1200 Unicorn-55547.exe 2680 Unicorn-2625.exe 3020 Unicorn-55355.exe 2344 Unicorn-29785.exe 1640 Unicorn-13676.exe 844 Unicorn-65337.exe 2468 Unicorn-45389.exe 2552 Unicorn-61533.exe 2056 Unicorn-16054.exe 1672 Unicorn-50890.exe 1744 Unicorn-63505.exe 1104 Unicorn-2182.exe 1084 Unicorn-47662.exe 2964 Unicorn-17066.exe 1156 Unicorn-14413.exe 620 Unicorn-14413.exe 368 Unicorn-24103.exe 2272 Unicorn-7766.exe 1732 Unicorn-56251.exe 3004 Unicorn-40600.exe 2860 Unicorn-39758.exe 2340 Unicorn-43781.exe 2612 Unicorn-6318.exe 2576 Unicorn-42328.exe 2716 Unicorn-9655.exe 2536 Unicorn-7003.exe 2444 Unicorn-9271.exe 572 Unicorn-28981.exe 1500 Unicorn-8923.exe 1648 Unicorn-45125.exe 1948 Unicorn-8731.exe 2640 Unicorn-62338.exe 1684 Unicorn-32889.exe 1492 Unicorn-12639.exe 2144 Unicorn-16169.exe 1524 Unicorn-45504.exe 2928 Unicorn-34534.exe 2040 Unicorn-18006.exe 928 Unicorn-18041.exe 1868 Unicorn-20995.exe 1828 Unicorn-50138.exe 740 Unicorn-20611.exe 2024 Unicorn-553.exe 2192 Unicorn-6962.exe 1504 Unicorn-57232.exe 1600 Unicorn-3241.exe 2844 Unicorn-56848.exe 2564 Unicorn-40320.exe 2208 Unicorn-39936.exe 2524 Unicorn-39936.exe 2572 Unicorn-36598.exe 2124 Unicorn-56272.exe 2884 Unicorn-56464.exe 2400 Unicorn-3350.exe 1952 Unicorn-50922.exe 1688 Unicorn-47201.exe -
Loads dropped DLL 64 IoCs
pid Process 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 3032 Unicorn-23035.exe 3032 Unicorn-23035.exe 3060 Unicorn-59677.exe 3060 Unicorn-59677.exe 2604 Unicorn-12936.exe 2604 Unicorn-12936.exe 3032 Unicorn-23035.exe 3032 Unicorn-23035.exe 2788 WerFault.exe 2788 WerFault.exe 2788 WerFault.exe 2788 WerFault.exe 2788 WerFault.exe 3060 Unicorn-59677.exe 2620 Unicorn-53549.exe 3060 Unicorn-59677.exe 2620 Unicorn-53549.exe 2396 Unicorn-55988.exe 2396 Unicorn-55988.exe 2604 Unicorn-12936.exe 2604 Unicorn-12936.exe 2372 Unicorn-3450.exe 2372 Unicorn-3450.exe 2300 WerFault.exe 2300 WerFault.exe 2300 WerFault.exe 2300 WerFault.exe 2300 WerFault.exe 1440 WerFault.exe 1440 WerFault.exe 1440 WerFault.exe 1440 WerFault.exe 1440 WerFault.exe 1476 Unicorn-56315.exe 1476 Unicorn-56315.exe 2620 Unicorn-53549.exe 2620 Unicorn-53549.exe 280 Unicorn-37134.exe 280 Unicorn-37134.exe 2396 Unicorn-55988.exe 2396 Unicorn-55988.exe 1200 Unicorn-55547.exe 2372 Unicorn-3450.exe 2372 Unicorn-3450.exe 1200 Unicorn-55547.exe 672 WerFault.exe 672 WerFault.exe 672 WerFault.exe 672 WerFault.exe 672 WerFault.exe 1060 WerFault.exe 1060 WerFault.exe 1060 WerFault.exe 1060 WerFault.exe 1060 WerFault.exe 2968 WerFault.exe 2968 WerFault.exe 2968 WerFault.exe 2968 WerFault.exe 2968 WerFault.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 2596 2876 WerFault.exe 27 2788 3032 WerFault.exe 28 2300 3060 WerFault.exe 29 1440 2604 WerFault.exe 30 672 2056 WerFault.exe 47 1060 2620 WerFault.exe 32 2968 2396 WerFault.exe 33 432 2372 WerFault.exe 34 2724 1476 WerFault.exe 37 2032 280 WerFault.exe 36 1916 3020 WerFault.exe 40 1768 2680 WerFault.exe 39 1652 2344 WerFault.exe 43 1936 844 WerFault.exe 45 1968 1640 WerFault.exe 44 1396 2468 WerFault.exe 46 1408 2552 WerFault.exe 48 1112 1200 WerFault.exe 38 2804 1744 WerFault.exe 54 2284 1672 WerFault.exe 53 1228 1104 WerFault.exe 55 1360 2964 WerFault.exe 57 2240 620 WerFault.exe 58 2264 1156 WerFault.exe 59 2428 368 WerFault.exe 60 936 1084 WerFault.exe 56 2808 2576 WerFault.exe 71 660 2272 WerFault.exe 61 972 1732 WerFault.exe 64 2104 2716 WerFault.exe 72 1208 1648 WerFault.exe 78 1604 572 WerFault.exe 77 2948 1500 WerFault.exe 79 3136 1492 WerFault.exe 86 3144 1524 WerFault.exe 89 3172 2860 WerFault.exe 68 3312 3004 WerFault.exe 66 3372 2536 WerFault.exe 74 3380 2612 WerFault.exe 70 3456 2564 WerFault.exe 102 3600 2524 WerFault.exe 104 3620 2040 WerFault.exe 92 3700 1868 WerFault.exe 94 3728 2844 WerFault.exe 101 3764 2124 WerFault.exe 107 3772 272 WerFault.exe 121 3800 2340 WerFault.exe 69 3812 2776 WerFault.exe 124 3876 2444 WerFault.exe 75 3920 1828 WerFault.exe 95 3952 740 WerFault.exe 96 3984 2640 WerFault.exe 80 3992 1948 WerFault.exe 81 4008 2024 WerFault.exe 97 4048 1952 WerFault.exe 113 4056 2084 WerFault.exe 122 4064 2400 WerFault.exe 108 4076 928 WerFault.exe 93 3116 1600 WerFault.exe 100 3708 2260 WerFault.exe 117 3716 2144 WerFault.exe 87 3820 2920 WerFault.exe 125 3884 2572 WerFault.exe 105 3892 2192 WerFault.exe 98 -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 3032 Unicorn-23035.exe 3060 Unicorn-59677.exe 2604 Unicorn-12936.exe 2620 Unicorn-53549.exe 2396 Unicorn-55988.exe 2372 Unicorn-3450.exe 280 Unicorn-37134.exe 1476 Unicorn-56315.exe 2680 Unicorn-2625.exe 1200 Unicorn-55547.exe 3020 Unicorn-55355.exe 2344 Unicorn-29785.exe 844 Unicorn-65337.exe 1640 Unicorn-13676.exe 2056 Unicorn-16054.exe 2468 Unicorn-45389.exe 2552 Unicorn-61533.exe 1672 Unicorn-50890.exe 1744 Unicorn-63505.exe 1104 Unicorn-2182.exe 1084 Unicorn-47662.exe 620 Unicorn-14413.exe 2964 Unicorn-17066.exe 1156 Unicorn-14413.exe 2272 Unicorn-7766.exe 368 Unicorn-24103.exe 1732 Unicorn-56251.exe 3004 Unicorn-40600.exe 2860 Unicorn-39758.exe 2340 Unicorn-43781.exe 2576 Unicorn-42328.exe 2612 Unicorn-6318.exe 2716 Unicorn-9655.exe 2536 Unicorn-7003.exe 2444 Unicorn-9271.exe 572 Unicorn-28981.exe 1500 Unicorn-8923.exe 1648 Unicorn-45125.exe 1948 Unicorn-8731.exe 2640 Unicorn-62338.exe 1684 Unicorn-32889.exe 2144 Unicorn-16169.exe 1492 Unicorn-12639.exe 1524 Unicorn-45504.exe 2928 Unicorn-34534.exe 2040 Unicorn-18006.exe 928 Unicorn-18041.exe 1868 Unicorn-20995.exe 1828 Unicorn-50138.exe 740 Unicorn-20611.exe 2024 Unicorn-553.exe 2192 Unicorn-6962.exe 2208 Unicorn-39936.exe 2884 Unicorn-56464.exe 2564 Unicorn-40320.exe 2844 Unicorn-56848.exe 1504 Unicorn-57232.exe 1600 Unicorn-3241.exe 2124 Unicorn-56272.exe 2572 Unicorn-36598.exe 2524 Unicorn-39936.exe 2400 Unicorn-3350.exe 1952 Unicorn-50922.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2876 wrote to memory of 3032 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 28 PID 2876 wrote to memory of 3032 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 28 PID 2876 wrote to memory of 3032 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 28 PID 2876 wrote to memory of 3032 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 28 PID 2876 wrote to memory of 3060 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 29 PID 2876 wrote to memory of 3060 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 29 PID 2876 wrote to memory of 3060 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 29 PID 2876 wrote to memory of 3060 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 29 PID 3032 wrote to memory of 2604 3032 Unicorn-23035.exe 30 PID 3032 wrote to memory of 2604 3032 Unicorn-23035.exe 30 PID 3032 wrote to memory of 2604 3032 Unicorn-23035.exe 30 PID 3032 wrote to memory of 2604 3032 Unicorn-23035.exe 30 PID 2876 wrote to memory of 2596 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 31 PID 2876 wrote to memory of 2596 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 31 PID 2876 wrote to memory of 2596 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 31 PID 2876 wrote to memory of 2596 2876 e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe 31 PID 3060 wrote to memory of 2620 3060 Unicorn-59677.exe 32 PID 3060 wrote to memory of 2620 3060 Unicorn-59677.exe 32 PID 3060 wrote to memory of 2620 3060 Unicorn-59677.exe 32 PID 3060 wrote to memory of 2620 3060 Unicorn-59677.exe 32 PID 2604 wrote to memory of 2396 2604 Unicorn-12936.exe 33 PID 2604 wrote to memory of 2396 2604 Unicorn-12936.exe 33 PID 2604 wrote to memory of 2396 2604 Unicorn-12936.exe 33 PID 2604 wrote to memory of 2396 2604 Unicorn-12936.exe 33 PID 3032 wrote to memory of 2372 3032 Unicorn-23035.exe 34 PID 3032 wrote to memory of 2372 3032 Unicorn-23035.exe 34 PID 3032 wrote to memory of 2372 3032 Unicorn-23035.exe 34 PID 3032 wrote to memory of 2372 3032 Unicorn-23035.exe 34 PID 3032 wrote to memory of 2788 3032 Unicorn-23035.exe 35 PID 3032 wrote to memory of 2788 3032 Unicorn-23035.exe 35 PID 3032 wrote to memory of 2788 3032 Unicorn-23035.exe 35 PID 3032 wrote to memory of 2788 3032 Unicorn-23035.exe 35 PID 3060 wrote to memory of 280 3060 Unicorn-59677.exe 36 PID 3060 wrote to memory of 280 3060 Unicorn-59677.exe 36 PID 3060 wrote to memory of 280 3060 Unicorn-59677.exe 36 PID 3060 wrote to memory of 280 3060 Unicorn-59677.exe 36 PID 2620 wrote to memory of 1476 2620 Unicorn-53549.exe 37 PID 2620 wrote to memory of 1476 2620 Unicorn-53549.exe 37 PID 2620 wrote to memory of 1476 2620 Unicorn-53549.exe 37 PID 2620 wrote to memory of 1476 2620 Unicorn-53549.exe 37 PID 2396 wrote to memory of 1200 2396 Unicorn-55988.exe 38 PID 2396 wrote to memory of 1200 2396 Unicorn-55988.exe 38 PID 2396 wrote to memory of 1200 2396 Unicorn-55988.exe 38 PID 2396 wrote to memory of 1200 2396 Unicorn-55988.exe 38 PID 2604 wrote to memory of 2680 2604 Unicorn-12936.exe 39 PID 2604 wrote to memory of 2680 2604 Unicorn-12936.exe 39 PID 2604 wrote to memory of 2680 2604 Unicorn-12936.exe 39 PID 2604 wrote to memory of 2680 2604 Unicorn-12936.exe 39 PID 2372 wrote to memory of 3020 2372 Unicorn-3450.exe 40 PID 2372 wrote to memory of 3020 2372 Unicorn-3450.exe 40 PID 2372 wrote to memory of 3020 2372 Unicorn-3450.exe 40 PID 2372 wrote to memory of 3020 2372 Unicorn-3450.exe 40 PID 3060 wrote to memory of 2300 3060 Unicorn-59677.exe 41 PID 3060 wrote to memory of 2300 3060 Unicorn-59677.exe 41 PID 3060 wrote to memory of 2300 3060 Unicorn-59677.exe 41 PID 3060 wrote to memory of 2300 3060 Unicorn-59677.exe 41 PID 2604 wrote to memory of 1440 2604 Unicorn-12936.exe 42 PID 2604 wrote to memory of 1440 2604 Unicorn-12936.exe 42 PID 2604 wrote to memory of 1440 2604 Unicorn-12936.exe 42 PID 2604 wrote to memory of 1440 2604 Unicorn-12936.exe 42 PID 1476 wrote to memory of 2344 1476 Unicorn-56315.exe 43 PID 1476 wrote to memory of 2344 1476 Unicorn-56315.exe 43 PID 1476 wrote to memory of 2344 1476 Unicorn-56315.exe 43 PID 1476 wrote to memory of 2344 1476 Unicorn-56315.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe"C:\Users\Admin\AppData\Local\Temp\e2727799b4bd50223a9b2aac0c5600acfec6e9314525f97f881932c029bbfc9c.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1200 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 2007⤵
- Loads dropped DLL
- Program crash
PID:672
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 2166⤵
- Program crash
PID:1112
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7766.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7766.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-813.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-813.exe9⤵PID:2768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe10⤵PID:3432
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe11⤵PID:5304
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe12⤵PID:6836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe13⤵PID:8340
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 21613⤵PID:5176
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 21612⤵PID:8048
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 21611⤵PID:5492
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 23610⤵PID:5052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 2369⤵
- Program crash
PID:3764
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe8⤵PID:1944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe9⤵PID:4164
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe10⤵PID:6008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2245.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2245.exe11⤵PID:7580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58001.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58001.exe12⤵PID:9204
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 21612⤵PID:5252
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 21611⤵PID:7892
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 23610⤵PID:6648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 2169⤵PID:4972
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 2408⤵
- Program crash
PID:3984
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe8⤵PID:2652
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe9⤵PID:3724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe10⤵PID:5780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe11⤵PID:7208
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe12⤵PID:2424
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 21612⤵PID:6084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 21611⤵PID:7448
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 21610⤵PID:6356
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 2169⤵PID:4540
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 2168⤵
- Program crash
PID:4064
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 2407⤵
- Program crash
PID:660
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8731.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8731.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe8⤵PID:2972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe9⤵PID:3268
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe10⤵PID:5560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe11⤵PID:6592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe12⤵PID:8988
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 21612⤵PID:9120
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 21611⤵PID:7908
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 21610⤵PID:6156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 2369⤵PID:5008
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 2368⤵
- Program crash
PID:3728
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe7⤵PID:1436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48134.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48134.exe8⤵PID:3676
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe9⤵PID:5312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe10⤵PID:7752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe11⤵PID:5808
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 21611⤵PID:9012
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 21610⤵PID:8120
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 2169⤵PID:6848
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 2368⤵PID:4640
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 2407⤵
- Program crash
PID:3992
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 2406⤵
- Program crash
PID:1396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 2405⤵
- Loads dropped DLL
- Program crash
PID:2968
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:620 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:740 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe8⤵PID:1196
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe9⤵PID:4104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe10⤵PID:5376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe11⤵PID:6484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe12⤵PID:8872
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 21612⤵PID:9000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 21611⤵PID:7852
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 21610⤵PID:5752
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 2369⤵PID:4816
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 2168⤵
- Program crash
PID:3952
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe7⤵PID:2672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe8⤵PID:3664
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19109.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19109.exe9⤵PID:5696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe10⤵PID:6216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe11⤵PID:8928
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 23611⤵PID:9132
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 21610⤵PID:8032
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 2169⤵PID:6228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 2368⤵PID:4148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 2407⤵
- Program crash
PID:3876
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe7⤵PID:1316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe8⤵PID:3652
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe9⤵PID:4800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8513.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8513.exe10⤵PID:6692
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe11⤵PID:9080
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 21611⤵PID:8488
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 21610⤵PID:7916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 2369⤵PID:6068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 2168⤵PID:4724
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 2367⤵
- Program crash
PID:4008
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 2406⤵
- Program crash
PID:2240
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 2365⤵
- Program crash
PID:1768
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1440
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1156 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:572 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe8⤵PID:2332
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36046.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36046.exe9⤵PID:4784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe10⤵PID:5788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe11⤵PID:7264
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-642.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-642.exe12⤵PID:1188
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 21612⤵PID:5292
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 21611⤵PID:7472
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 21610⤵PID:6344
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 2369⤵PID:5460
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 2368⤵PID:3076
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 2367⤵
- Program crash
PID:1604
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 2366⤵
- Program crash
PID:2264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 2165⤵
- Program crash
PID:1916
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:368 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe8⤵PID:1776
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe9⤵PID:3896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe10⤵PID:4680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe11⤵PID:6312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe12⤵PID:8644
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 21612⤵PID:8548
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 21611⤵PID:7824
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 21610⤵PID:6136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 2369⤵PID:4864
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 2368⤵
- Program crash
PID:3600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 2167⤵
- Program crash
PID:1208
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe7⤵PID:1472
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe8⤵PID:4132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe9⤵PID:5604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe10⤵PID:6208
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe11⤵PID:8860
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 21611⤵PID:8812
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 21610⤵PID:8152
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 2169⤵PID:6172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 2168⤵PID:4936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 2367⤵
- Program crash
PID:3884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 2406⤵
- Program crash
PID:2428
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-10603.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10603.exe7⤵PID:1012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe8⤵PID:3688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe9⤵PID:5420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63739.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63739.exe10⤵PID:7020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe11⤵PID:8608
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 21611⤵PID:8528
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 21610⤵PID:8092
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 2169⤵PID:5936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 2168⤵PID:4832
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 2167⤵PID:3916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 2366⤵
- Program crash
PID:2948
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 2405⤵
- Program crash
PID:1408
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 2404⤵
- Program crash
PID:432
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:2788
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56315.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56315.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1476 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29785.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29785.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe10⤵PID:2736
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe11⤵PID:3468
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe12⤵PID:5348
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe13⤵PID:5540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe14⤵PID:7292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe15⤵PID:6032
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 21614⤵PID:8444
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 23613⤵PID:6820
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 21612⤵PID:5912
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 21611⤵PID:4508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 23610⤵
- Program crash
PID:4048
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe9⤵PID:2036
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 22410⤵PID:4196
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 2409⤵PID:2448
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47201.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47201.exe8⤵
- Executes dropped EXE
PID:1688 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22327.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22327.exe9⤵PID:3564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe10⤵PID:4192
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe11⤵PID:6928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe12⤵PID:8320
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 21612⤵PID:9176
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 21611⤵PID:7464
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 23610⤵PID:5624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 2369⤵PID:4576
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 2408⤵
- Program crash
PID:3312
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe8⤵PID:1724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe9⤵PID:924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe10⤵PID:4616
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe11⤵PID:5388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe12⤵PID:5920
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47770.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47770.exe13⤵PID:7364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe14⤵PID:8880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 23613⤵PID:8452
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 23612⤵PID:6984
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 23611⤵PID:5612
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 21610⤵PID:5188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 2369⤵PID:3128
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 2368⤵
- Program crash
PID:3136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 2407⤵
- Program crash
PID:2284
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe8⤵PID:2084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe9⤵PID:2660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe10⤵PID:3592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe11⤵PID:5212
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe12⤵PID:1872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe13⤵PID:8828
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 21613⤵PID:3572
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 21612⤵PID:7972
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 21611⤵PID:5396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 21610⤵PID:4468
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 2169⤵
- Program crash
PID:4056
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35029.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35029.exe8⤵PID:2420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe9⤵PID:4588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe10⤵PID:5940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe11⤵PID:7476
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe12⤵PID:4208
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 21612⤵PID:5824
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 23611⤵PID:7688
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 21610⤵PID:6564
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 2169⤵PID:5180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 2408⤵PID:3420
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe7⤵PID:2224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe8⤵PID:3480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65449.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65449.exe9⤵PID:4336
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe10⤵PID:6572
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe11⤵PID:8232
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 23611⤵PID:9068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 23610⤵PID:6748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 2369⤵PID:5132
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 2368⤵PID:4436
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 2407⤵
- Program crash
PID:3172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 2406⤵
- Program crash
PID:1652
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe8⤵PID:2260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe9⤵PID:2216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54167.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54167.exe10⤵PID:4384
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe11⤵PID:5520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe12⤵PID:6624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe13⤵PID:9108
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 23613⤵PID:8624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 23612⤵PID:8040
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 21611⤵PID:6884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 21610⤵PID:5080
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 2369⤵
- Program crash
PID:3708
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe8⤵PID:1596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe9⤵PID:4488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe10⤵PID:5760
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe11⤵PID:7104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe12⤵PID:8740
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 23612⤵PID:8616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 21611⤵PID:7676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 23610⤵PID:6908
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 2169⤵PID:4804
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 2408⤵
- Program crash
PID:3716
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46625.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46625.exe7⤵PID:1784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe8⤵PID:3252
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe9⤵PID:4644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe10⤵PID:6100
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe11⤵PID:7644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe12⤵PID:8412
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 21612⤵PID:5264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 23611⤵PID:8080
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 23610⤵PID:6700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 2169⤵PID:5196
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 2368⤵PID:4228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 2407⤵
- Program crash
PID:972
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe7⤵PID:272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exe8⤵PID:3088
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe9⤵PID:3084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe10⤵PID:4628
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe11⤵PID:6768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe12⤵PID:8700
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 23612⤵PID:8600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 21611⤵PID:7924
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 21610⤵PID:5148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 2369⤵PID:4944
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 2368⤵
- Program crash
PID:3772
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 2367⤵
- Program crash
PID:3144
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 2406⤵
- Program crash
PID:2804
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 2405⤵
- Program crash
PID:2724
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13676.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13676.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe8⤵PID:2776
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe9⤵PID:2752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe10⤵PID:3488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe11⤵PID:5504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe12⤵PID:6724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe13⤵PID:4356
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 21613⤵PID:4896
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 21612⤵PID:6680
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 21611⤵PID:6148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 23610⤵PID:5068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 2369⤵
- Program crash
PID:3812
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe8⤵PID:1984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe9⤵PID:3232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe10⤵PID:5532
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe11⤵PID:6272
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 18812⤵PID:6488
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 23611⤵PID:6940
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 21610⤵PID:5328
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 2369⤵PID:4996
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 2408⤵
- Program crash
PID:3620
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe7⤵PID:2920
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe8⤵PID:2500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64468.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64468.exe9⤵PID:4524
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 22410⤵PID:5684
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 2369⤵PID:5136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 2368⤵
- Program crash
PID:3820
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 2407⤵
- Program crash
PID:2808
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:928 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe7⤵PID:2644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe8⤵PID:892
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe9⤵PID:4712
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe10⤵PID:5236
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe11⤵PID:6964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe12⤵PID:8532
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 23612⤵PID:8492
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 21611⤵PID:7508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 23610⤵PID:6712
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 2369⤵PID:5336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 2168⤵PID:3248
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe7⤵PID:1100
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe8⤵PID:3656
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe9⤵PID:5904
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe10⤵PID:7352
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58914.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58914.exe11⤵PID:8764
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 21611⤵PID:5680
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 21610⤵PID:1616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 2169⤵PID:6508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 2168⤵PID:4456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 2407⤵
- Program crash
PID:4076
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 2406⤵
- Program crash
PID:1360
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe7⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55767.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55767.exe8⤵PID:3528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12268.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12268.exe9⤵PID:4976
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe10⤵PID:6752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe11⤵PID:8352
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 21611⤵PID:9168
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 21610⤵PID:7296
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 2169⤵PID:5584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 2368⤵PID:4556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 2367⤵
- Program crash
PID:3456
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe6⤵PID:2520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe7⤵PID:3640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe8⤵PID:4772
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe9⤵PID:6824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe10⤵PID:8480
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 21610⤵PID:8316
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 2169⤵PID:7380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 2368⤵PID:5484
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 2167⤵PID:4748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 2406⤵
- Program crash
PID:3372
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 2405⤵
- Program crash
PID:1968
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1060
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37134.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37134.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:280 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-65337.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65337.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe8⤵PID:1628
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe9⤵PID:3260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe10⤵PID:5428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe11⤵PID:6420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe12⤵PID:8784
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 21612⤵PID:5648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 21611⤵PID:8056
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 21610⤵PID:5840
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 2369⤵PID:4988
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 2368⤵
- Program crash
PID:3700
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54194.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54194.exe7⤵PID:240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe8⤵PID:3524
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe9⤵PID:4380
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe10⤵PID:7156
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe11⤵PID:8792
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 21611⤵PID:8712
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 21610⤵PID:7736
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 2369⤵PID:6016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 2168⤵PID:5060
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 2407⤵
- Program crash
PID:3800
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1828 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14928.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14928.exe7⤵PID:1168
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe8⤵PID:1364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe9⤵PID:4884
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe10⤵PID:5948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe11⤵PID:8104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe12⤵PID:8672
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 21612⤵PID:8516
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 23611⤵PID:8260
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 23610⤵PID:7144
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 2169⤵PID:5796
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 2168⤵PID:3612
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe7⤵PID:3208
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe8⤵PID:3972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe9⤵PID:5588
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49386.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49386.exe9⤵PID:6056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe10⤵PID:7388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe11⤵PID:3560
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 21611⤵PID:8248
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 21610⤵PID:916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 2209⤵PID:6684
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 2368⤵PID:3356
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 2407⤵
- Program crash
PID:3920
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 2406⤵
- Program crash
PID:1228
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43224.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43224.exe7⤵PID:2512
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe8⤵PID:3324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe9⤵PID:4964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe10⤵PID:6300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe11⤵PID:7376
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 23611⤵PID:8904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 21610⤵PID:6796
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 2169⤵PID:5952
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 2168⤵PID:4328
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe7⤵PID:3408
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63529.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63529.exe8⤵PID:4220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33513.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33513.exe9⤵PID:6412
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe10⤵PID:7772
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 23610⤵PID:8976
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 2369⤵PID:6560
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 2168⤵PID:6124
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 2207⤵PID:4372
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe6⤵PID:2204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe7⤵PID:3668
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe8⤵PID:4728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe9⤵PID:7068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe10⤵PID:8580
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 23610⤵PID:8504
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 2169⤵PID:7608
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 2368⤵PID:5872
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 2367⤵PID:4764
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 2406⤵
- Program crash
PID:3380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 2405⤵
- Program crash
PID:1936
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe7⤵PID:2504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe8⤵PID:4480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7814.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7814.exe9⤵PID:5636
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe10⤵PID:7872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33731.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33731.exe11⤵PID:9052
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 21611⤵PID:5976
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 21610⤵PID:7496
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 2169⤵PID:7000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 2168⤵PID:4552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 2167⤵
- Program crash
PID:3892
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 2366⤵
- Program crash
PID:2104
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe6⤵PID:1924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe7⤵PID:3388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe8⤵PID:5844
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe9⤵PID:7308
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe10⤵PID:2068
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 21610⤵PID:5740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 2169⤵PID:7412
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 2368⤵PID:6404
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 2167⤵PID:4584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 2366⤵
- Program crash
PID:3116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 2405⤵
- Program crash
PID:936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 2404⤵
- Program crash
PID:2032
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:2300
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 2402⤵
- Program crash
PID:2596
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD5b600788f22f99c087bec71d3cecaae76
SHA19a278f9d8b6cd986f228731fdf5c7c7c98ddd4f1
SHA256010bd1aa6276551a43d8bb9e61aef38b353b9d3a0f7acbf13dda5cee56c4ebaa
SHA5121731863b553cb667920d813a76e631f9013252ce7866e716b39f4239612a2dcac7cc5591af538c1597bd4100c80169fa4770b6219fbe978763809a75ccb79772
-
Filesize
184KB
MD51326d54582efdc9c8ee33777512f44ab
SHA157c8344c5d3ff72b8d0aff691bf83123bfc51ddc
SHA256efab1a263acf069550537aa20125805259b0098473b2bb5d7341fe16d082e4da
SHA5121ea87aac23d429d11cdee4c5e439ca4411016a7661e1f3ce4b168008c2b04881b0af5ef8eeb710d8136a7109bb091ecf30b0d410c49b978e6f5203882460bdf9
-
Filesize
184KB
MD5023f5623fee2d4101ebe96cdc90a8ed0
SHA11268282eecfef5f15cc13e38a2b164a343822c95
SHA25670f90a31ab80976175f4daffe8369d24ecace28b8c5577c9d0007145e9d3239d
SHA5125366b0ef7067da2154e45fe4f1af4040d84fbe6063e91b0adacf109c295599377312ff03e06027bf27ad6310c518525af1d3ed46c3d2f1b93df1c2976a4c33bf
-
Filesize
184KB
MD5eb8fdf625197cda14eb13ef538969cd4
SHA185dae677e534e13a4cd3dda3aad585a0c7fea01e
SHA2564a800357358cb132e54ae90e6934044c5f18cc965a5f706ec44bbad535e26b23
SHA5122e22796c640e4d1157c2a5a6f30df2414404069a2e0b01b55bee9f1073d1d2b9f51988c18cf0d00cfda21e316934374a2960a89a086d531f6d1901b14fdb8092
-
Filesize
184KB
MD554f62108fee5c579d1e394f19fb44f29
SHA1b00d59e6aa6a3387984611558cfb376f8dc02d83
SHA256bf3495d946d0f919d083e07f9ebae50f8b05caff937b22f1614d48c25ebe60da
SHA5121cac9d9ed3475d38489b577a20aab0bb1a78580ac20ad66eff698bcc7d2487d5e7e25587e6dbceb308ba68d4b83553ee0b982a0bc3d5c69e51cc8f2b97b74bd5
-
Filesize
184KB
MD5f87ea398121b2478aa85f8cdbc4f4347
SHA1b0b908a3017c43c623ac3361998cc8d7601f99d5
SHA256cf78ad34816665ae37577b0eaac4b7218baf74ddbbcc13921fdcabf44d5187d0
SHA51224a4ebab1cc012f7d328db41116af0cb5d073ce975546274f623987a524816e0c739263f6919fbd52355a1beffd504b96c374047154b09f6f306e46090a52ee4
-
Filesize
184KB
MD5fe6cf2fa8a0aa61d25fbf9b7c451f29e
SHA116ab5fb2f587ff9c19845e90c6da613ca95c908d
SHA2567fa2026ef388acce1859133e5971b54d6c923004ffaf40303a64bc7879ba2f17
SHA5121d4f3b635da31d8e7e571392b38bcd511f521eb64e571f4ffc64a5a4f4763d182a5cc614f0acf0bbeb399f93a36f74a3c567232ac8c47398742e9444fca6c43f
-
Filesize
184KB
MD56a42b9d1931f4816abcf11b84d35570f
SHA1d487ac3b58ecc19bcec914b2359578adc084a655
SHA256581561afeb96c2ccabbac39438fc777aed2680b917e0970ea29b0eb8393fb28b
SHA51298c216c18fb4691ce25f716402293ceca30ee777215355f66494ecc81ede07ade8a813cb2af2674f503fcfe032b6a2af1f207dc3e01671f5a6a6f57098803cd7
-
Filesize
184KB
MD5f648a712b4c77ece2ac3dc0abe916588
SHA1e7a5a02ec77f8ae34bfbb093df7acd832f8d427f
SHA256e7394c8c6366c981e0f80b8b995f43d6ab16abe05977e9d6c0f9b1de247c6589
SHA5123c6750f2b79bc16ca411c00b5701d23cca53339b6eb24893e384bb78610c355d59854630f149a9a38e8b7857adefdec067ffd99c7652bd14764093b43d31420d
-
Filesize
184KB
MD5e4e2314450c1e56d5436e1b65eb429c9
SHA18a3fcfe84711dd328673d5d78b5db2f079541388
SHA256b25581cace7ff3d82b8239d1d256eb89a63ada58f01f18801ddd0eb74fc7cd3c
SHA5125da11c2a565ded18fd326d7ff4de3db5179ace02ca908d8e07902878716621415f8f6180889d3c0a8c05c9378cb8d10fde80a63b82a1ef62a277d8b1a7b8a187
-
Filesize
184KB
MD53e72a4be54bd4b3dd0d2e6c044502561
SHA1c8c09e55e63514b2ba3b4cf96d8734f3ab69b3b5
SHA25679ff659c184855298a3b0b43ec6a607d06fefff8c4ddd457f398f9389d836ec2
SHA512b19ebc91573b7dab855b095ca79d7a759f0f826854d97d08412ebaac0ce59b5c2b20e697ce145826ad351885a73cef2694ef244f519edcecddde1637c9fbef8f
-
Filesize
184KB
MD59d079de15c872b4a5bd70f71baf49ad4
SHA1057072035875fb82ff4418833df0e9a399c293bd
SHA256329c9dc325969bae256cc9169adc8f0e59bf1c98becf92b26e2299e0e5b5c942
SHA512870e47d5ac5bfabeae2c5c50f850eab713983045e55a6cb83fdaa73dbe90add739cd492469d4445f6f92ac51aaf6c37710b70fb5c56d7b97f3581f894322d0e6
-
Filesize
184KB
MD542ac8f69bbabc97a0ace080d454ed2f8
SHA147e0c7ff9ede77dd8e8142477c22d4ca3abebb4b
SHA256639b30c290ab4b3f959aee43b0896ebe69047e5e0456a91416976bff12c1096d
SHA512fa0615fae8e248dad20770a69ea7afb5a5da59ecdc0ffbf2878a243339007b68437b850bc996a5fa19bea5b331177eb6512e59378501c21beecae6450d9c3569
-
Filesize
184KB
MD5e813ad803e59ec0bc6dee7ff8b4fc7e7
SHA192a3b3174bb6fd10a68cbc4c5327ede29454fe0d
SHA2565712e0a47fe0ce44c02883e85de3e7d1a67bf6dacab89065346f166c0d5b58d3
SHA512a2a882de3ca01d440d8ae0916ba29df9d37866f9d9b82d4d9245da519d7200e19af7a6dd13b2755da47b5834eb5081966432bb550f7596314727971c75a10334
-
Filesize
184KB
MD50d3ad2d0b2baefc48fff617505e7170b
SHA137f1fbaac8d4379a056e444c375f028cad645173
SHA2568029f58d0bea86e51205830c99daa8401a384076d43ce0ca95fb185ed1a55d48
SHA5126d3e9c4f613feafa70017cd4f29d177f420fc5a1c0a37476961b358ca0db8328112ce324ea36e60bf5f024abccb38cc71e2f464aa3713eb5b019119d0cb6c010
-
Filesize
184KB
MD519402297c79ed2a687e3c5fdb6acc65d
SHA1f71ecc8be877ac3c8de1c7d16d500c80672f67f1
SHA2567132fa09cf2129a83d7b2202a5a66f21b3edd4c7cd96346533fc39641c22f48c
SHA5125a8a2e5e18f760b35af0e06991fcf8c1fb16169a052b4a5e2101ed0f5608c72f927aedf86780512261239fab812d7d0233adf4b8d65d5ed0a8a265bdfaa6fa4c
-
Filesize
184KB
MD505182120ffda3cd9d0b4ac8cfd33f4ef
SHA1b07690e5cee962fd0674904342a99321f643ef32
SHA256949c91a8e37581086665f5e283c1b3789a647754a3dce363bea1bf9b9be14bd9
SHA512de2bcbd2af0e7ced1065aac73316deca2439ca911efcad5e4bd0890841944545067fd4b47b2075cf746ce3dbdc5d7ee850bb9f7a81d32b54b65c4649fa91f347
-
Filesize
184KB
MD59e5e08b27e9028465e28d23f40ad61de
SHA1a460440a43d52d9b90b52278ae33894b58b7a712
SHA256ee9dd7f487f8ff1bcf0fca254c2678ac21a79b6148c62283c822ba2213ed2419
SHA512dd327fe22daebb6ff90ba500e4974997cd42356b5d3b2d91960e127419378e4a45521889a3e41064657f52755b41eddecd73112f110a3b171721e146282209f3
-
Filesize
184KB
MD5fc5161971f5c4eae4d013a17b9e49b02
SHA1f65472633256008362fbefddd5ad5fc57f9a5471
SHA25681d09b53648217a3e5a75359db6a56ccd200744ed30659f80270cee184007a07
SHA5124496c9a2552b52128d4a1f81feb8c7d41cb3cce7be3f3ef5460b0edfaefa008384e856372e0172188677f89a34ea9c9d2df0eb7042352ae3b67d0bac8b78c1e3
-
Filesize
184KB
MD5d1404555435ba3101bc06d7676fa9957
SHA1c2e3427c6dea3363a226349066e3e628694d1ff3
SHA2560004e2b9936513f31cfcf56594e4098ef0ea7451323a5896da27d9ca510152f9
SHA512312fc73f419d944f24cb0a4964d12a48704db6686af84f0433476e7f8302cc67afb80cd749cb099cbfd55e55eaa9a1894ec2e063216a42e2fede9914a2d01dc0
-
Filesize
184KB
MD5498d16dbf05e38a8d4a6106cc0954199
SHA1f97a4936a0723e5a47fb62224a8dfb47194073b5
SHA2566a5aa5aebed57940d29505fe246127714d11adf4f7b61702a1b1d07103d4e52d
SHA5126ae3431227701faf74cd0792387491ec25dc303eb7daf3ffeb705c937faa24b64abd99afd1f3d7e18f96330ee6069b80716d1d0d64448ad2b112e49b91b97a1f