Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 14:06
Static task
static1
Behavioral task
behavioral1
Sample
fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe
-
Size
184KB
-
MD5
fd8fb9ec553e04b27a477b4741433580
-
SHA1
6e21ee4aeb95d4fb6ca741d29f10305a8e053c05
-
SHA256
1e71772b74e16e8e1b32f99426a5c100c1adbd06e30782c048c04484dc539786
-
SHA512
1eaafb9e1f386c765019f96f20e45c3005ceaf0b5548bb8bc6a31dd683752ee04a0fcd8b94a07ba2aaf15a22e6ebbb01017e404c55f83873b315ec9cf148fa63
-
SSDEEP
1536:M7SG6gZAuByxoVx1vJLAlgwMyLIy6ZclQmd80cLRvVzJtVhl5hj5VizpvX:ieOByxob5JLJdyELeXcLRxfVhlnniFf
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2020 Unicorn-44546.exe 3004 Unicorn-62117.exe 2584 Unicorn-24846.exe 2420 Unicorn-42211.exe 2620 Unicorn-54463.exe 2556 Unicorn-34597.exe 2756 Unicorn-63866.exe 2772 Unicorn-44001.exe 760 Unicorn-8204.exe 1976 Unicorn-28070.exe 1520 Unicorn-62169.exe 3048 Unicorn-58640.exe 2216 Unicorn-3923.exe 1840 Unicorn-29497.exe 868 Unicorn-17799.exe 1180 Unicorn-48464.exe 2344 Unicorn-4930.exe 2096 Unicorn-846.exe 500 Unicorn-46518.exe 1632 Unicorn-21075.exe 1480 Unicorn-5293.exe 1792 Unicorn-45579.exe 1696 Unicorn-33881.exe 2104 Unicorn-49663.exe 692 Unicorn-57831.exe 2296 Unicorn-50218.exe 1440 Unicorn-43306.exe 2124 Unicorn-19356.exe 1732 Unicorn-47390.exe 1536 Unicorn-47390.exe 2668 Unicorn-39776.exe 3032 Unicorn-26394.exe 2536 Unicorn-10612.exe 2572 Unicorn-59066.exe 2412 Unicorn-14888.exe 2432 Unicorn-34754.exe 2904 Unicorn-11209.exe 2132 Unicorn-60965.exe 1984 Unicorn-15293.exe 2732 Unicorn-23462.exe 2768 Unicorn-11764.exe 2064 Unicorn-27593.exe 2332 Unicorn-44868.exe 2976 Unicorn-25407.exe 2088 Unicorn-7447.exe 780 Unicorn-57203.exe 1412 Unicorn-19700.exe 1408 Unicorn-19700.exe 2340 Unicorn-15786.exe 304 Unicorn-56072.exe 2812 Unicorn-64240.exe 1264 Unicorn-60156.exe 1292 Unicorn-52543.exe 1872 Unicorn-15039.exe 2992 Unicorn-64795.exe 2868 Unicorn-19124.exe 1952 Unicorn-35844.exe 2024 Unicorn-35844.exe 2180 Unicorn-36398.exe 2320 Unicorn-32314.exe 2328 Unicorn-64432.exe 2604 Unicorn-52735.exe 2532 Unicorn-7063.exe 2744 Unicorn-24059.exe -
Loads dropped DLL 64 IoCs
pid Process 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 2020 Unicorn-44546.exe 2020 Unicorn-44546.exe 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 2584 Unicorn-24846.exe 2584 Unicorn-24846.exe 3004 Unicorn-62117.exe 3004 Unicorn-62117.exe 2020 Unicorn-44546.exe 2020 Unicorn-44546.exe 848 WerFault.exe 848 WerFault.exe 848 WerFault.exe 848 WerFault.exe 848 WerFault.exe 2420 Unicorn-42211.exe 2584 Unicorn-24846.exe 2420 Unicorn-42211.exe 2584 Unicorn-24846.exe 3004 Unicorn-62117.exe 3004 Unicorn-62117.exe 2620 Unicorn-54463.exe 2620 Unicorn-54463.exe 1796 WerFault.exe 1796 WerFault.exe 1796 WerFault.exe 1796 WerFault.exe 1796 WerFault.exe 1796 WerFault.exe 1796 WerFault.exe 2884 WerFault.exe 2884 WerFault.exe 2884 WerFault.exe 2884 WerFault.exe 2884 WerFault.exe 2916 WerFault.exe 2916 WerFault.exe 2916 WerFault.exe 2916 WerFault.exe 2916 WerFault.exe 2756 Unicorn-63866.exe 2756 Unicorn-63866.exe 2420 Unicorn-42211.exe 2420 Unicorn-42211.exe 1976 Unicorn-28070.exe 1976 Unicorn-28070.exe 760 Unicorn-8204.exe 760 Unicorn-8204.exe 2620 Unicorn-54463.exe 2620 Unicorn-54463.exe 2772 Unicorn-44001.exe 2772 Unicorn-44001.exe 2364 WerFault.exe 2364 WerFault.exe 2364 WerFault.exe 2364 WerFault.exe 2364 WerFault.exe 2944 WerFault.exe 2944 WerFault.exe 2944 WerFault.exe 2944 WerFault.exe 2944 WerFault.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 2392 112 WerFault.exe 27 848 2020 WerFault.exe 28 1796 2556 WerFault.exe 34 2884 2584 WerFault.exe 30 2916 3004 WerFault.exe 29 2364 2420 WerFault.exe 32 2944 2620 WerFault.exe 33 1184 2756 WerFault.exe 36 3024 1976 WerFault.exe 39 352 760 WerFault.exe 38 2188 2772 WerFault.exe 37 1928 1520 WerFault.exe 43 1568 3048 WerFault.exe 44 332 1840 WerFault.exe 46 812 2216 WerFault.exe 45 2704 868 WerFault.exe 47 1584 1180 WerFault.exe 48 2428 2344 WerFault.exe 51 2448 2096 WerFault.exe 52 2404 500 WerFault.exe 53 2716 1632 WerFault.exe 54 2736 1480 WerFault.exe 55 2100 692 WerFault.exe 59 2228 2296 WerFault.exe 60 1324 1696 WerFault.exe 57 2144 2104 WerFault.exe 58 1904 1440 WerFault.exe 64 2476 1732 WerFault.exe 67 2888 1536 WerFault.exe 66 2980 2124 WerFault.exe 65 2824 2412 WerFault.exe 73 1844 2732 WerFault.exe 78 2092 2904 WerFault.exe 75 1592 2432 WerFault.exe 74 2220 2768 WerFault.exe 79 2348 2132 WerFault.exe 76 3136 2064 WerFault.exe 86 3592 3032 WerFault.exe 70 3652 2024 WerFault.exe 101 3660 780 WerFault.exe 90 3676 1984 WerFault.exe 77 3704 304 WerFault.exe 94 3720 2868 WerFault.exe 100 3728 1872 WerFault.exe 98 3804 2180 WerFault.exe 103 3816 2604 WerFault.exe 106 3848 1952 WerFault.exe 102 3908 2536 WerFault.exe 71 3320 2332 WerFault.exe 87 3412 2088 WerFault.exe 89 3416 540 WerFault.exe 120 3420 2696 WerFault.exe 115 3448 2196 WerFault.exe 135 3456 2928 WerFault.exe 114 3476 1560 WerFault.exe 125 3584 1508 WerFault.exe 123 3736 2976 WerFault.exe 88 4024 912 WerFault.exe 121 3176 1884 WerFault.exe 124 3208 1104 WerFault.exe 122 3272 1472 WerFault.exe 126 3308 2340 WerFault.exe 93 3508 1412 WerFault.exe 92 3540 2808 WerFault.exe 127 -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 2020 Unicorn-44546.exe 2584 Unicorn-24846.exe 3004 Unicorn-62117.exe 2420 Unicorn-42211.exe 2620 Unicorn-54463.exe 2556 Unicorn-34597.exe 2756 Unicorn-63866.exe 760 Unicorn-8204.exe 1976 Unicorn-28070.exe 2772 Unicorn-44001.exe 1520 Unicorn-62169.exe 3048 Unicorn-58640.exe 1840 Unicorn-29497.exe 2216 Unicorn-3923.exe 868 Unicorn-17799.exe 1180 Unicorn-48464.exe 2344 Unicorn-4930.exe 2096 Unicorn-846.exe 500 Unicorn-46518.exe 1632 Unicorn-21075.exe 1480 Unicorn-5293.exe 1792 Unicorn-45579.exe 692 Unicorn-57831.exe 1696 Unicorn-33881.exe 2104 Unicorn-49663.exe 2296 Unicorn-50218.exe 1440 Unicorn-43306.exe 2124 Unicorn-19356.exe 1732 Unicorn-47390.exe 1536 Unicorn-47390.exe 2668 Unicorn-39776.exe 3032 Unicorn-26394.exe 2536 Unicorn-10612.exe 2572 Unicorn-59066.exe 2432 Unicorn-34754.exe 2412 Unicorn-14888.exe 2904 Unicorn-11209.exe 2132 Unicorn-60965.exe 1984 Unicorn-15293.exe 2732 Unicorn-23462.exe 2768 Unicorn-11764.exe 2064 Unicorn-27593.exe 2332 Unicorn-44868.exe 2976 Unicorn-25407.exe 2088 Unicorn-7447.exe 780 Unicorn-57203.exe 1412 Unicorn-19700.exe 2340 Unicorn-15786.exe 304 Unicorn-56072.exe 2812 Unicorn-64240.exe 1264 Unicorn-60156.exe 1292 Unicorn-52543.exe 1872 Unicorn-15039.exe 1952 Unicorn-35844.exe 2868 Unicorn-19124.exe 2992 Unicorn-64795.exe 2024 Unicorn-35844.exe 2180 Unicorn-36398.exe 2320 Unicorn-32314.exe 2604 Unicorn-52735.exe 2328 Unicorn-64432.exe 2532 Unicorn-7063.exe 2744 Unicorn-24059.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 112 wrote to memory of 2020 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 28 PID 112 wrote to memory of 2020 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 28 PID 112 wrote to memory of 2020 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 28 PID 112 wrote to memory of 2020 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 28 PID 2020 wrote to memory of 3004 2020 Unicorn-44546.exe 29 PID 2020 wrote to memory of 3004 2020 Unicorn-44546.exe 29 PID 2020 wrote to memory of 3004 2020 Unicorn-44546.exe 29 PID 2020 wrote to memory of 3004 2020 Unicorn-44546.exe 29 PID 112 wrote to memory of 2584 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 30 PID 112 wrote to memory of 2584 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 30 PID 112 wrote to memory of 2584 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 30 PID 112 wrote to memory of 2584 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 30 PID 112 wrote to memory of 2392 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 31 PID 112 wrote to memory of 2392 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 31 PID 112 wrote to memory of 2392 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 31 PID 112 wrote to memory of 2392 112 fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe 31 PID 2584 wrote to memory of 2420 2584 Unicorn-24846.exe 32 PID 2584 wrote to memory of 2420 2584 Unicorn-24846.exe 32 PID 2584 wrote to memory of 2420 2584 Unicorn-24846.exe 32 PID 2584 wrote to memory of 2420 2584 Unicorn-24846.exe 32 PID 3004 wrote to memory of 2620 3004 Unicorn-62117.exe 33 PID 3004 wrote to memory of 2620 3004 Unicorn-62117.exe 33 PID 3004 wrote to memory of 2620 3004 Unicorn-62117.exe 33 PID 3004 wrote to memory of 2620 3004 Unicorn-62117.exe 33 PID 2020 wrote to memory of 2556 2020 Unicorn-44546.exe 34 PID 2020 wrote to memory of 2556 2020 Unicorn-44546.exe 34 PID 2020 wrote to memory of 2556 2020 Unicorn-44546.exe 34 PID 2020 wrote to memory of 2556 2020 Unicorn-44546.exe 34 PID 2020 wrote to memory of 848 2020 Unicorn-44546.exe 35 PID 2020 wrote to memory of 848 2020 Unicorn-44546.exe 35 PID 2020 wrote to memory of 848 2020 Unicorn-44546.exe 35 PID 2020 wrote to memory of 848 2020 Unicorn-44546.exe 35 PID 2420 wrote to memory of 2756 2420 Unicorn-42211.exe 36 PID 2420 wrote to memory of 2756 2420 Unicorn-42211.exe 36 PID 2420 wrote to memory of 2756 2420 Unicorn-42211.exe 36 PID 2420 wrote to memory of 2756 2420 Unicorn-42211.exe 36 PID 2584 wrote to memory of 2772 2584 Unicorn-24846.exe 37 PID 2584 wrote to memory of 2772 2584 Unicorn-24846.exe 37 PID 2584 wrote to memory of 2772 2584 Unicorn-24846.exe 37 PID 2584 wrote to memory of 2772 2584 Unicorn-24846.exe 37 PID 3004 wrote to memory of 760 3004 Unicorn-62117.exe 38 PID 3004 wrote to memory of 760 3004 Unicorn-62117.exe 38 PID 3004 wrote to memory of 760 3004 Unicorn-62117.exe 38 PID 3004 wrote to memory of 760 3004 Unicorn-62117.exe 38 PID 2620 wrote to memory of 1976 2620 Unicorn-54463.exe 39 PID 2620 wrote to memory of 1976 2620 Unicorn-54463.exe 39 PID 2620 wrote to memory of 1976 2620 Unicorn-54463.exe 39 PID 2620 wrote to memory of 1976 2620 Unicorn-54463.exe 39 PID 2556 wrote to memory of 1796 2556 Unicorn-34597.exe 40 PID 2556 wrote to memory of 1796 2556 Unicorn-34597.exe 40 PID 2556 wrote to memory of 1796 2556 Unicorn-34597.exe 40 PID 2556 wrote to memory of 1796 2556 Unicorn-34597.exe 40 PID 2584 wrote to memory of 2884 2584 Unicorn-24846.exe 41 PID 2584 wrote to memory of 2884 2584 Unicorn-24846.exe 41 PID 2584 wrote to memory of 2884 2584 Unicorn-24846.exe 41 PID 2584 wrote to memory of 2884 2584 Unicorn-24846.exe 41 PID 3004 wrote to memory of 2916 3004 Unicorn-62117.exe 42 PID 3004 wrote to memory of 2916 3004 Unicorn-62117.exe 42 PID 3004 wrote to memory of 2916 3004 Unicorn-62117.exe 42 PID 3004 wrote to memory of 2916 3004 Unicorn-62117.exe 42 PID 2756 wrote to memory of 1520 2756 Unicorn-63866.exe 43 PID 2756 wrote to memory of 1520 2756 Unicorn-63866.exe 43 PID 2756 wrote to memory of 1520 2756 Unicorn-63866.exe 43 PID 2756 wrote to memory of 1520 2756 Unicorn-63866.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\fd8fb9ec553e04b27a477b4741433580_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:112 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1976 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35844.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35844.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe10⤵PID:2804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe11⤵PID:3380
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe12⤵PID:3936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe13⤵PID:6856
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe14⤵PID:9044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe15⤵PID:6384
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 21615⤵PID:7324
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 23614⤵PID:10172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 23613⤵PID:7244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 21612⤵PID:6412
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 23611⤵PID:5116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 23610⤵
- Program crash
PID:3652
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9621.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9621.exe9⤵PID:2380
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe10⤵PID:4012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56067.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56067.exe11⤵PID:4228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe12⤵PID:6544
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe13⤵PID:8924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27919.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27919.exe14⤵PID:11252
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 23614⤵PID:5280
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 23613⤵PID:9668
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 21612⤵PID:7784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 21611⤵PID:5956
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 21610⤵PID:4176
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe9⤵PID:488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe10⤵PID:3980
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 24411⤵PID:5444
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 23610⤵PID:4704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 2169⤵
- Program crash
PID:3804
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe9⤵PID:1980
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe10⤵PID:3164
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe11⤵PID:4140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe12⤵PID:5720
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe13⤵PID:8216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe14⤵PID:10560
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 21614⤵PID:10700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 21613⤵PID:8580
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 21612⤵PID:6932
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 21611⤵PID:5640
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 21610⤵PID:4620
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exe9⤵PID:3232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe10⤵PID:4212
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64635.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64635.exe11⤵PID:5896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe12⤵PID:8456
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe13⤵PID:10852
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 22013⤵PID:10960
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 21612⤵PID:9228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 21611⤵PID:7284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 21610⤵PID:5788
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 2409⤵PID:4628
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe8⤵PID:2172
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7224.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7224.exe9⤵PID:3468
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe10⤵PID:5008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe11⤵PID:6096
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe12⤵PID:8128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe13⤵PID:10272
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 21613⤵PID:10312
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 21612⤵PID:9100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 23611⤵PID:6236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 21610⤵PID:5156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 2169⤵PID:4508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 2208⤵
- Program crash
PID:2824
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 2407⤵
- Program crash
PID:812
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-15293.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35844.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35844.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe9⤵PID:2816
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe10⤵PID:3924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe11⤵PID:5104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe12⤵PID:6524
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31800.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31800.exe13⤵PID:9056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe14⤵PID:4440
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 21614⤵PID:11248
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 21613⤵PID:9720
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 21612⤵PID:7792
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 21611⤵PID:6088
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 23610⤵PID:4992
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 2369⤵
- Program crash
PID:3848
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe8⤵PID:2388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe9⤵PID:3636
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe10⤵PID:5124
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe11⤵PID:7088
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe12⤵PID:9048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe13⤵PID:5268
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 21613⤵PID:8020
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 21612⤵PID:9872
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 23611⤵PID:7632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 23610⤵PID:6480
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 2369⤵PID:4160
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 2208⤵
- Program crash
PID:3676
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe8⤵PID:2668
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe9⤵PID:4568
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe10⤵PID:5580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe11⤵PID:7872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe12⤵PID:9752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe13⤵PID:6808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 21612⤵PID:10636
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 21611⤵PID:8508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 21610⤵PID:6628
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 2169⤵PID:5604
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 2368⤵PID:3784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 2407⤵
- Program crash
PID:1324
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 2406⤵
- Program crash
PID:3024
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:868 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe8⤵PID:1560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe9⤵PID:2936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe10⤵PID:3812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe11⤵PID:5316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe12⤵PID:6200
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe13⤵PID:9348
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33345.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33345.exe14⤵PID:6788
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 21614⤵PID:7800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 21613⤵PID:9576
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 21612⤵PID:7912
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 21611⤵PID:6664
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 23610⤵PID:4464
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 2369⤵
- Program crash
PID:3476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 2368⤵
- Program crash
PID:1844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 2367⤵
- Program crash
PID:2144
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe8⤵PID:2316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe9⤵PID:3156
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe10⤵PID:4352
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe11⤵PID:5924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe12⤵PID:8748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe13⤵PID:11128
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 23613⤵PID:10292
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 21612⤵PID:9504
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 23611⤵PID:6876
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 23610⤵PID:5744
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 2169⤵PID:4672
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exe8⤵PID:3240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14868.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14868.exe9⤵PID:4864
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe10⤵PID:5532
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe11⤵PID:7620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe12⤵PID:10520
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 21612⤵PID:10668
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 21611⤵PID:8244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 21610⤵PID:6888
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 2169⤵PID:5352
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 2208⤵PID:4344
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe7⤵PID:1576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe8⤵PID:3740
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe9⤵PID:4980
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe10⤵PID:6692
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe11⤵PID:9088
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe12⤵PID:10644
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 23612⤵PID:10328
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 23611⤵PID:9788
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 21610⤵PID:8044
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 2169⤵PID:6248
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 2368⤵PID:4752
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2407⤵
- Program crash
PID:2220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 2406⤵
- Program crash
PID:2704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 2405⤵
- Loads dropped DLL
- Program crash
PID:2944
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:760 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1840 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe9⤵PID:2780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe10⤵PID:3616
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe11⤵PID:4172
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe12⤵PID:6456
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe13⤵PID:8856
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe14⤵PID:11184
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 21614⤵PID:6076
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 21613⤵PID:9620
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 21612⤵PID:7672
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 21610⤵PID:5048
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 2369⤵
- Program crash
PID:3704
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe8⤵PID:2196
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 2409⤵
- Program crash
PID:3448
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 2408⤵
- Program crash
PID:3592
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52543.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52543.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe8⤵PID:944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe9⤵PID:3084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe10⤵PID:5064
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe11⤵PID:5848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe12⤵PID:8356
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe13⤵PID:10648
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 21613⤵PID:10860
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 21612⤵PID:8800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 21611⤵PID:7248
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 21610⤵PID:5820
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 2369⤵PID:4540
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe8⤵PID:3112
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe9⤵PID:4956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe10⤵PID:5360
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe11⤵PID:1068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe12⤵PID:10348
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 23611⤵PID:9108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 23610⤵PID:1124
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 2169⤵PID:5336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 2208⤵PID:4484
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 2407⤵
- Program crash
PID:2716
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe8⤵PID:2480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe9⤵PID:3220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65351.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65351.exe10⤵PID:5044
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 24011⤵PID:7480
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 21610⤵PID:6364
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 2369⤵PID:5036
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 2368⤵
- Program crash
PID:3720
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe7⤵PID:2160
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe8⤵PID:4068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe9⤵PID:5272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe10⤵PID:6852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe11⤵PID:9320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe12⤵PID:10592
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 21612⤵PID:7744
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 21611⤵PID:9556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 21610⤵PID:7892
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 2169⤵PID:6612
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 2368⤵PID:4392
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 2407⤵
- Program crash
PID:3908
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 2406⤵
- Program crash
PID:332
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60156.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60156.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe8⤵PID:2148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe9⤵PID:3292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe10⤵PID:4224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe11⤵PID:6744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe12⤵PID:8364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe13⤵PID:6912
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 21613⤵PID:6656
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 21612⤵PID:10084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 23611⤵PID:8132
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 21610⤵PID:6388
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 2369⤵PID:5084
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe8⤵PID:3480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe9⤵PID:4896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe10⤵PID:5944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe11⤵PID:7968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe12⤵PID:10440
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 23612⤵PID:10456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 21611⤵PID:9208
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 21610⤵PID:7172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 2169⤵PID:5684
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 2408⤵PID:4428
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe7⤵PID:1356
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe8⤵PID:3560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe9⤵PID:4860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe10⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe11⤵PID:8392
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe12⤵PID:10760
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 21612⤵PID:10932
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 21611⤵PID:8344
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 23610⤵PID:7336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 2369⤵PID:6008
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 2368⤵PID:4808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 2407⤵
- Program crash
PID:1592
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe7⤵PID:2028
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe8⤵PID:3296
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe9⤵PID:4436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe10⤵PID:5324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe11⤵PID:8320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe12⤵PID:10676
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 21612⤵PID:5024
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 21611⤵PID:8556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 21610⤵PID:7236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 2169⤵PID:5876
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 2368⤵PID:4744
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe7⤵PID:3396
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe8⤵PID:4968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe9⤵PID:6332
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe10⤵PID:8564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe11⤵PID:11040
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 23611⤵PID:11196
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 23610⤵PID:9424
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 2169⤵PID:7516
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 2368⤵PID:6060
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 2207⤵PID:4824
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 2406⤵
- Program crash
PID:2736
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 2405⤵
- Program crash
PID:352
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:2916
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1796
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:848
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-27593.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27593.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-24059.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24059.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe10⤵PID:2852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe11⤵PID:3860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe12⤵PID:5112
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe13⤵PID:6836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe14⤵PID:8340
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe15⤵PID:10436
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 21615⤵PID:6424
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 21614⤵PID:10028
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 21613⤵PID:6476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 21612⤵PID:6240
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 21611⤵PID:4732
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe10⤵PID:3956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe11⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe12⤵PID:6632
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe13⤵PID:9000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe14⤵PID:4276
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 21614⤵PID:5644
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 21613⤵PID:9676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 21612⤵PID:8008
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 21611⤵PID:5404
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 24010⤵PID:4112
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe9⤵PID:2140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe10⤵PID:3132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe11⤵PID:4884
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe12⤵PID:6868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe13⤵PID:8400
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62890.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62890.exe14⤵PID:10728
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 21614⤵PID:6376
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 23613⤵PID:10148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 21612⤵PID:6648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 21611⤵PID:6220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 23610⤵PID:4692
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 2409⤵
- Program crash
PID:3136
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe8⤵PID:2928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe9⤵PID:2588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe10⤵PID:3104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe11⤵PID:5728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe12⤵PID:7724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe13⤵PID:9944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe14⤵PID:7952
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 21613⤵PID:9932
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 21612⤵PID:8656
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 21611⤵PID:6988
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 23610⤵PID:5148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 2169⤵
- Program crash
PID:3456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 2408⤵
- Program crash
PID:1904
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44868.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44868.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe8⤵PID:2696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe9⤵PID:1792
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe10⤵PID:3128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe11⤵PID:5832
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe12⤵PID:7752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe13⤵PID:9912
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe14⤵PID:7988
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 21613⤵PID:10252
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 21612⤵PID:8672
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 21611⤵PID:7048
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 21610⤵PID:5240
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 2369⤵
- Program crash
PID:3420
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe8⤵PID:2128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe9⤵PID:3628
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe10⤵PID:5624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe11⤵PID:7544
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe12⤵PID:9560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33345.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33345.exe13⤵PID:6760
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 21613⤵PID:7360
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 23612⤵PID:10000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 21611⤵PID:8488
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 21610⤵PID:6924
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 2169⤵PID:4644
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 2408⤵
- Program crash
PID:3320
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 2407⤵
- Program crash
PID:2428
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exe7⤵
- Executes dropped EXE
PID:1408
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe7⤵PID:1104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe8⤵PID:2784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe9⤵PID:4248
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe10⤵PID:5984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe11⤵PID:8116
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 22012⤵PID:10164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 21611⤵PID:8896
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 21610⤵PID:7136
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 2368⤵
- Program crash
PID:3208
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 2207⤵
- Program crash
PID:2980
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 2406⤵
- Program crash
PID:1928
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:500 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47390.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47390.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe8⤵PID:912
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe9⤵PID:1968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe10⤵PID:4116
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe11⤵PID:5736
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe12⤵PID:7896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe13⤵PID:10112
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe14⤵PID:8092
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 21613⤵PID:10400
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 21612⤵PID:8724
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 21611⤵PID:6980
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 21610⤵PID:4396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2369⤵
- Program crash
PID:4024
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe8⤵PID:2644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20458.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20458.exe9⤵PID:4036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe10⤵PID:5804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe11⤵PID:7944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe12⤵PID:9940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60859.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60859.exe13⤵PID:7768
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 21612⤵PID:10884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 21611⤵PID:8708
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 21610⤵PID:7016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 2169⤵PID:5208
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 2408⤵
- Program crash
PID:3412
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe7⤵PID:1508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe8⤵PID:3060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe9⤵PID:3312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe10⤵PID:5888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe11⤵PID:7648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe12⤵PID:9852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe13⤵PID:7636
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 21612⤵PID:4084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 21611⤵PID:8620
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 21610⤵PID:7080
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 2169⤵PID:5296
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 2368⤵
- Program crash
PID:3584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 2407⤵
- Program crash
PID:2476
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe7⤵PID:1540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe8⤵PID:4164
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe9⤵PID:5676
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe10⤵PID:7604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe11⤵PID:9756
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe12⤵PID:6500
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 23611⤵PID:10136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 21610⤵PID:8544
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 2369⤵PID:6948
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 2168⤵PID:4188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 2367⤵
- Program crash
PID:3660
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 500 -s 2406⤵
- Program crash
PID:2404
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 2405⤵
- Program crash
PID:1184
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-846.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-846.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47390.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47390.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe8⤵PID:2808
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe9⤵PID:2648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe10⤵PID:4404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe11⤵PID:5284
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe12⤵PID:7708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe13⤵PID:9484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe14⤵PID:8040
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 21613⤵PID:10628
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 21612⤵PID:9212
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 23611⤵PID:6464
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 23610⤵PID:5572
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 2369⤵
- Program crash
PID:3540
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe8⤵PID:1964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe9⤵PID:4376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe10⤵PID:5216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe11⤵PID:7596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48702.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48702.exe12⤵PID:9252
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe13⤵PID:5304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 21612⤵PID:10532
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 23611⤵PID:9172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 23610⤵PID:6404
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 2169⤵PID:5556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 2408⤵
- Program crash
PID:3508
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38785.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38785.exe7⤵PID:308
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe8⤵PID:3328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe9⤵PID:4924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe10⤵PID:5932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe11⤵PID:7916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe12⤵PID:10012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe13⤵PID:8016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 23612⤵PID:10900
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 22011⤵PID:8628
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 21610⤵PID:6916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 2169⤵PID:6100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 2168⤵PID:4476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 2407⤵
- Program crash
PID:2888
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe7⤵PID:1472
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe8⤵PID:2912
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe9⤵PID:4292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe10⤵PID:6012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe11⤵PID:8076
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe12⤵PID:9464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe13⤵PID:7416
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 21612⤵PID:9892
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 21611⤵PID:8880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 23610⤵PID:7156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 2169⤵PID:5524
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 2368⤵
- Program crash
PID:3272
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe7⤵PID:1784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe8⤵PID:4320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe9⤵PID:5748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe10⤵PID:7852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe11⤵PID:10004
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe12⤵PID:7780
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 21611⤵PID:10260
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 21610⤵PID:8716
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 2169⤵PID:7000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 2168⤵PID:5184
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 2407⤵
- Program crash
PID:3308
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 2406⤵
- Program crash
PID:2448
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe6⤵PID:1884
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe7⤵PID:3044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe8⤵PID:4204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe9⤵PID:5916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe10⤵PID:7684
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe11⤵PID:9880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe12⤵PID:6128
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 21611⤵PID:920
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 21610⤵PID:8644
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 2369⤵PID:7096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 2168⤵PID:5372
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 2367⤵
- Program crash
PID:3176
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 2405⤵
- Program crash
PID:1568
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:2364
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2772 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1180 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe7⤵PID:540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe8⤵PID:628
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe9⤵PID:3148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe10⤵PID:5776
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe11⤵PID:7812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe12⤵PID:9960
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe13⤵PID:7344
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 21612⤵PID:10244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 21611⤵PID:8700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 21610⤵PID:7008
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 2169⤵PID:5164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 2368⤵
- Program crash
PID:3416
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe7⤵PID:1888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe8⤵PID:3688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25829.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25829.exe9⤵PID:5860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe10⤵PID:7928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe11⤵PID:10048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe12⤵PID:7208
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 21611⤵PID:10304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 21610⤵PID:8776
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 2169⤵PID:7024
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 2368⤵PID:5260
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 2407⤵
- Program crash
PID:3736
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 2366⤵
- Program crash
PID:2100
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe7⤵PID:1416
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe8⤵PID:4060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe9⤵PID:4304
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe10⤵PID:6492
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe11⤵PID:9016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe12⤵PID:10364
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 21612⤵PID:11144
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 21611⤵PID:9696
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 21610⤵PID:7696
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 2169⤵PID:6068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 2168⤵PID:4152
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 2367⤵
- Program crash
PID:3728
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13897.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13897.exe6⤵PID:1052
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe7⤵PID:3092
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe8⤵PID:4596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe9⤵PID:6792
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe10⤵PID:8236
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe11⤵PID:10660
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 21611⤵PID:6764
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 23610⤵PID:10036
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 2169⤵PID:8184
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 2168⤵PID:6176
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 2367⤵PID:4576
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 2406⤵
- Program crash
PID:2348
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 2405⤵
- Program crash
PID:1584
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe7⤵PID:1436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe8⤵PID:3356
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe9⤵PID:4284
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe10⤵PID:3620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe11⤵PID:8464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe12⤵PID:10788
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 21612⤵PID:10880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 21611⤵PID:9236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 21610⤵PID:7316
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 2169⤵PID:5800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 2368⤵PID:4664
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44728.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44728.exe7⤵PID:3432
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe8⤵PID:4684
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46716.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46716.exe9⤵PID:5492
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe10⤵PID:7840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe11⤵PID:9828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe12⤵PID:6516
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 21611⤵PID:10688
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 21610⤵PID:8516
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 2169⤵PID:6576
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 2368⤵PID:5596
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 2407⤵PID:3952
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe6⤵PID:2488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe7⤵PID:3180
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe8⤵PID:5096
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe9⤵PID:3616
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe10⤵PID:8420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe11⤵PID:10732
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 21611⤵PID:10724
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 21610⤵PID:9084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 2169⤵PID:7264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 2168⤵PID:5784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 2367⤵PID:4548
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 2406⤵
- Program crash
PID:2092
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe6⤵PID:2036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe7⤵PID:3552
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe8⤵PID:5220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe9⤵PID:7072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe10⤵PID:9380
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe11⤵PID:928
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 23611⤵PID:7640
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 23610⤵PID:9780
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 2369⤵PID:7924
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 2168⤵PID:6592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 2367⤵PID:4300
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 2366⤵
- Program crash
PID:3816
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 2405⤵
- Program crash
PID:2228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 2404⤵
- Program crash
PID:2188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:2884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 2402⤵
- Program crash
PID:2392
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD50f70d7adacdc8e4bf098d402d9c8d7a5
SHA10fd07a012852b7f3d50ac431e8e092b273b8bafc
SHA2568007e807a86d44dc5479c00ff6578d8ebbf7d6cf9f556a235f2f47588d8ee1d7
SHA51269d7be6ff0f141566d38896dcc62ca1990bcfc3f5e99cb05917b62d832d980f7868f7d441c90628e19b3ee65e0fe37aca60cdeee935b63acbccde7d8fbd8b9e9
-
Filesize
184KB
MD587f1ce586441e46291ab631153c4855e
SHA1eb191020afe381dbd872783889600a52ce37634e
SHA256547a7202cd305f77df6e4060a010d6c3d38a9bf0562db4726e6ded4ab53df772
SHA5129b3420fba371fa2e410c7220bb79df1303d53742cf3b54781deba7dc250bae0a2fee8bc94f69da171aa014cd85f1283134632f0135ef107e09563bcad63f5e85
-
Filesize
184KB
MD5492efcf614e67c2b188ea7b50fd79ebd
SHA181326459de674fcd10dc0cdf49537f2b6976c3eb
SHA256b22df112657d45c0be31e174b3c06227c5ac67897a6275abb436ef7a726f3c01
SHA512ce58b5e7bca15e5cf92bf4550fc9fbb9b16b1b5124cf6067dca619141ab6dbe5f4307d41472496ee7029cbda4bb5e5239e066d3560df1311197ae9d37134a24a
-
Filesize
184KB
MD50c58cb2f9370bbac85627e467d359b60
SHA1d2e7721c799ae8f121791d52f1dcf475febea304
SHA256710ac40fc68d796f05326de456707127b2cd68fd753646f8b4080e6057e0415e
SHA51221d32f1d8f9ec3289094ae12c48601c21bebcd73a9dfea111048dc7492ef7c27873b40b36f44a8c26759546c6730beccb14e2c683d611365ee104c6619e39e1b
-
Filesize
184KB
MD57d46d65ddd9f59700e73b7b097c1f9ab
SHA1b8f7ddf76bfdb6a22904912000f97881a6965e04
SHA25618f253948e0a241df6c71313acac4874acd0a68372cfb58a1e6f3e2899fb5cf6
SHA5120f43f03a4b42b45897b1f36d3096d99c4ae8d3d4c9afa4e1d9d8d1b3294d9eec7f9a66cfef5708ccd8d197650a2796090d628168974731491b4f375ee346e081
-
Filesize
184KB
MD5e259c85692cf82a764d3c3358aa53b30
SHA1be143066a72326aa752629f02799b1648465f6e9
SHA256727dde02bd655ea6abd39687330163e39e64d7efb9c5ab538b42b6493ebaff80
SHA512bbc0b86ed4748ea194f9872460efd035566453b20dc61ca87056327dfee5fb01efb5ed0a153e78f996b112d73505abce4f3f9ac57d7a4892589dac5a8e64c00f
-
Filesize
184KB
MD59b0c062b0b9e2ab14e30b0461426c456
SHA173ca2f2c3e57986cf086735072cc03f13f1c7057
SHA2568e286d3ca93bc50303e4791b18c911b7746d24d20321e914aad6a360c597881a
SHA51254fe75d58c7113d531381db6c99bd9c5eb4624b1280428c29e87afd319caae66cc2216a988cc9989a428be87dc3f42a1c7282f3afdaff77937e0675fa76697a7
-
Filesize
184KB
MD52a606678131aae5204b121d59dcc7fd6
SHA17a309b217f8f32b225b10701474d6ccae54c02ca
SHA2560aca3d4678cdda4207098f768cb313890aa50274c6b7504a567cc805777908f4
SHA51272d388800f8e8ffc381f8d39f2fb8968bd3bc18527e4d22217f5cce25770d2d1dd833a54a69df58bce3d37c0157b3dbabcc18d9411643182f6eed00315af0afb
-
Filesize
184KB
MD5347aa9ccc5518570fe8e3cc28a08af71
SHA1ac1bd5a88bf69bc1ff8ff0e6ef5b78d9d5da0381
SHA25626540919ede968d69cf9471603504f4d21e7c8956f19b2011bc82d4739781b19
SHA5120002fa670637a6b31b6613fecaed229dbe31490e581ffd7ae63e827e2310d9d2c5a8239eedea0442cc2e5ec8e22eb6961a11a36306ac6c25501844377640b18f
-
Filesize
184KB
MD5f4850babc97448040268f7fbd139480c
SHA1906af761263a01810faacb1095777ff93ef17778
SHA2565ccefc53a1db8235fb2cc68d4fdc0311cb213d813255d4a0d2562826d30abb41
SHA512effd951750b81209e115c2929077f7e0d0e4657ec824030466a301fe8f59c1cfc5ddeef5cff5903c85b13a9b7e5ae8272a77dcc40b3777e7daa924188194d589
-
Filesize
184KB
MD59e5ff1b687e46018b4abcbf1ae37c731
SHA11680ef8b35578716ddfd112f74032fbb16e4660b
SHA2562c1097eab976fd488fc3debeb36064e56ad82a68993663806b90990b8511b50d
SHA512fe0fb9a49af9e2a27d69ffbd38949368258d020597f5a967282077e6f531391d1f573fd8354afbcda90ed883d8e6c2c7f81595ca93f8e342f240b6027bda8bb6
-
Filesize
184KB
MD54a1f6ab92b331e31cb18cd5168d7a472
SHA1647425e789ac57ae01e231457f2cac81d4d0211c
SHA2562f7de3418a4d689fec56bc2535b7f6dd415302767f1a19e5487211c9bce5034e
SHA512fb7319c01b008b9da6083115c88cb70e530208159ee4cb993f5a85f64a6bae5951764f811bf32e62d056d5f0500a62d972a9fd8205eb520106a34d0941cac743
-
Filesize
184KB
MD58b5a71c514a53a6ed00efda4c5ae5c13
SHA1dc85b4a306633d691e946b57edbb4d90d21d53eb
SHA2561dadf72348ad0d85dff29618be103d9b80cc3650f304c580d7b5725b2189088d
SHA51256e7f321104b3533175497cea5a7882bbf95cd399121dd2dc8f717df0fcee32353865cc26649fb042175a54a73d709b23e4a34369e9228940a7945277dd7ba9d
-
Filesize
184KB
MD5f66396074d93af58582ab447e7828c0b
SHA1a4ce4aa0ce4b198aa1a663e18e736bf472636d7e
SHA256662bef1639a13cd1ad2707bb2d0fc149bc19eb34452793d7660b6dedf6c37bea
SHA512d79506574c546998831ed9c0b30cbdca08e4add842a782043463632e0cd6b4c1314cc2636214daa8062380605873b9546e651e76a1c218fbe9476920670947df
-
Filesize
184KB
MD5554a4d5fd62ec489b1d30ca81a846d1e
SHA1e4ae62e5ad4b3509b8299783d54fc6b4594545ec
SHA256df0bfd80ec453c87b48b988ba61bef854261391f72e45953ca1d6adb0a920cb4
SHA512f1accecde7278aaf696f3184116a5767350cee420cdf0ea104e409faa480086968bd525f8fde099d376b56666abaec25311302d0fa8ce156aa6605b1a2f09a77
-
Filesize
184KB
MD563be9f8e5169f9404095463596e92ab6
SHA10a32c0bad9a755c190a4f5b36364d720f0332403
SHA256e86faac92e87bfeb04cbf02812400d738e684a600aa7dc61338335663db9b9e8
SHA512317ca1265e9f61608e37f83bc8089697c62ebb4a8682956d6bc6e2b83a92f7372a3309ad56bc68e661d538e6ad541983d37100fad7831f3b74f9aaadb9e12b7e
-
Filesize
184KB
MD5605820050a97e9dbe1a29eb891c16f32
SHA10fe1bbaa53f0a02489baa3a488a875a82dc6c1bd
SHA256100faf94fb2c75ec3170708296f5537fcc93282e5126a66422b72984fa328ae5
SHA51285ef2b7adbe97ee3ab5becaf1bdb178a945d08ab286c8b686ce468e3471d45f06a308144e5de4b471974c47e18f31f8029d657e701930d0fa3f89cfaa6ae6bb0