Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 22:25
Static task
static1
Behavioral task
behavioral1
Sample
6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe
Resource
win10v2004-20240508-en
General
-
Target
6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe
-
Size
184KB
-
MD5
9dffde42efeb8eacd93aa9dc94e2067f
-
SHA1
fff527ed83164c8648c44021ef11e94baf0d2b33
-
SHA256
6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8
-
SHA512
2c24ecda385ac2c75345f6e01678c6f603da8dd69fe323c086bc8dc304d0b0b547283a28cdbb3d58b59c4d70cde54b5fa094321f6ecf2bf2f2d9df4cbd5ce433
-
SSDEEP
3072:Pg63S+ouqzvEdUiWeNlVRWRnhloIiFQn3:PgWoxAUiFVURnhloIiFQ
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2692 Unicorn-6321.exe 3048 Unicorn-14572.exe 2452 Unicorn-56160.exe 2368 Unicorn-61936.exe 2492 Unicorn-51075.exe 2376 Unicorn-19040.exe 2408 Unicorn-1957.exe 2336 Unicorn-4650.exe 1012 Unicorn-59326.exe 2100 Unicorn-20515.exe 1980 Unicorn-25175.exe 2312 Unicorn-62678.exe 1736 Unicorn-25175.exe 2884 Unicorn-12922.exe 2000 Unicorn-54510.exe 476 Unicorn-58423.exe 2540 Unicorn-3747.exe 952 Unicorn-46747.exe 1564 Unicorn-46747.exe 1812 Unicorn-26881.exe 1536 Unicorn-30219.exe 1792 Unicorn-60945.exe 1864 Unicorn-63638.exe 1356 Unicorn-44609.exe 652 Unicorn-59554.exe 708 Unicorn-48968.exe 1504 Unicorn-14157.exe 1948 Unicorn-25018.exe 2876 Unicorn-36524.exe 756 Unicorn-12574.exe 2784 Unicorn-322.exe 2980 Unicorn-20188.exe 2872 Unicorn-54998.exe 2604 Unicorn-57499.exe 2556 Unicorn-43286.exe 1744 Unicorn-34926.exe 2392 Unicorn-37618.exe 2192 Unicorn-57484.exe 2792 Unicorn-53400.exe 1884 Unicorn-64261.exe 2684 Unicorn-33233.exe 324 Unicorn-26649.exe 2040 Unicorn-63960.exe 932 Unicorn-18289.exe 2004 Unicorn-50961.exe 636 Unicorn-6591.exe 2904 Unicorn-52907.exe 2032 Unicorn-63768.exe 2932 Unicorn-4474.exe 900 Unicorn-27033.exe 844 Unicorn-31117.exe 2304 Unicorn-33617.exe 2324 Unicorn-18673.exe 832 Unicorn-60260.exe 1716 Unicorn-20619.exe 3064 Unicorn-49207.exe 2844 Unicorn-60068.exe 2488 Unicorn-2144.exe 2464 Unicorn-2144.exe 2960 Unicorn-2144.exe 2880 Unicorn-1329.exe 2580 Unicorn-1329.exe 2616 Unicorn-56005.exe 2388 Unicorn-58698.exe -
Loads dropped DLL 64 IoCs
pid Process 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 2692 Unicorn-6321.exe 2692 Unicorn-6321.exe 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 2692 Unicorn-6321.exe 3048 Unicorn-14572.exe 2692 Unicorn-6321.exe 3048 Unicorn-14572.exe 2524 WerFault.exe 2524 WerFault.exe 2524 WerFault.exe 2524 WerFault.exe 2524 WerFault.exe 2452 Unicorn-56160.exe 2452 Unicorn-56160.exe 2492 Unicorn-51075.exe 2492 Unicorn-51075.exe 3048 Unicorn-14572.exe 3048 Unicorn-14572.exe 2368 Unicorn-61936.exe 2368 Unicorn-61936.exe 2680 WerFault.exe 2536 WerFault.exe 2680 WerFault.exe 2536 WerFault.exe 2680 WerFault.exe 2680 WerFault.exe 2536 WerFault.exe 2536 WerFault.exe 2680 WerFault.exe 2536 WerFault.exe 2376 Unicorn-19040.exe 2376 Unicorn-19040.exe 1012 Unicorn-59326.exe 1012 Unicorn-59326.exe 2336 Unicorn-4650.exe 2336 Unicorn-4650.exe 2368 Unicorn-61936.exe 2368 Unicorn-61936.exe 2408 Unicorn-1957.exe 2408 Unicorn-1957.exe 2492 Unicorn-51075.exe 2492 Unicorn-51075.exe 1484 WerFault.exe 1484 WerFault.exe 1484 WerFault.exe 1484 WerFault.exe 1484 WerFault.exe 1916 WerFault.exe 1916 WerFault.exe 1916 WerFault.exe 1916 WerFault.exe 1916 WerFault.exe 2100 Unicorn-20515.exe 2100 Unicorn-20515.exe 2376 Unicorn-19040.exe 2376 Unicorn-19040.exe 2312 Unicorn-62678.exe 1980 Unicorn-25175.exe 2312 Unicorn-62678.exe 1980 Unicorn-25175.exe 1012 Unicorn-59326.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 2576 2764 WerFault.exe 27 2524 2692 WerFault.exe 28 2680 2452 WerFault.exe 30 2536 3048 WerFault.exe 29 1484 2492 WerFault.exe 32 1916 2368 WerFault.exe 33 1396 2376 WerFault.exe 35 804 2336 WerFault.exe 37 3000 1012 WerFault.exe 38 2816 2408 WerFault.exe 36 2348 2100 WerFault.exe 41 1312 1980 WerFault.exe 42 948 2312 WerFault.exe 44 1580 1736 WerFault.exe 43 1320 2884 WerFault.exe 45 1780 2000 WerFault.exe 46 1704 2540 WerFault.exe 52 2760 1168 WerFault.exe 112 312 476 WerFault.exe 51 2652 1564 WerFault.exe 54 2116 652 WerFault.exe 59 2712 1536 WerFault.exe 56 1676 1812 WerFault.exe 55 1200 1864 WerFault.exe 58 1052 1356 WerFault.exe 60 2204 952 WerFault.exe 53 1612 1792 WerFault.exe 57 2356 1504 WerFault.exe 65 1680 1948 WerFault.exe 66 912 2876 WerFault.exe 68 2648 2784 WerFault.exe 70 2852 2980 WerFault.exe 71 2796 756 WerFault.exe 69 3068 2556 WerFault.exe 74 2248 2872 WerFault.exe 72 3052 932 WerFault.exe 84 3096 2192 WerFault.exe 77 3112 708 WerFault.exe 64 3156 1744 WerFault.exe 75 3168 2040 WerFault.exe 83 3216 2464 WerFault.exe 103 3232 2304 WerFault.exe 97 3248 2032 WerFault.exe 93 3280 2604 WerFault.exe 73 3292 844 WerFault.exe 96 3420 636 WerFault.exe 91 3444 2960 WerFault.exe 105 3452 2580 WerFault.exe 106 3460 2880 WerFault.exe 107 3468 2684 WerFault.exe 81 3476 1716 WerFault.exe 100 3504 1884 WerFault.exe 79 3624 3064 WerFault.exe 101 3632 2388 WerFault.exe 109 3664 1248 WerFault.exe 115 3784 832 WerFault.exe 99 3176 324 WerFault.exe 82 3352 2844 WerFault.exe 102 3376 2616 WerFault.exe 108 3432 2792 WerFault.exe 78 3616 2488 WerFault.exe 104 3704 1460 WerFault.exe 114 3872 2904 WerFault.exe 92 4004 2324 WerFault.exe 98 -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 2692 Unicorn-6321.exe 3048 Unicorn-14572.exe 2452 Unicorn-56160.exe 2492 Unicorn-51075.exe 2368 Unicorn-61936.exe 2376 Unicorn-19040.exe 2408 Unicorn-1957.exe 2336 Unicorn-4650.exe 1012 Unicorn-59326.exe 2100 Unicorn-20515.exe 1980 Unicorn-25175.exe 2312 Unicorn-62678.exe 1736 Unicorn-25175.exe 2884 Unicorn-12922.exe 2000 Unicorn-54510.exe 476 Unicorn-58423.exe 2540 Unicorn-3747.exe 1564 Unicorn-46747.exe 1812 Unicorn-26881.exe 952 Unicorn-46747.exe 1536 Unicorn-30219.exe 1356 Unicorn-44609.exe 1864 Unicorn-63638.exe 652 Unicorn-59554.exe 1792 Unicorn-60945.exe 708 Unicorn-48968.exe 1504 Unicorn-14157.exe 1948 Unicorn-25018.exe 2876 Unicorn-36524.exe 756 Unicorn-12574.exe 2784 Unicorn-322.exe 2604 Unicorn-57499.exe 2872 Unicorn-54998.exe 2980 Unicorn-20188.exe 2556 Unicorn-43286.exe 1744 Unicorn-34926.exe 2792 Unicorn-53400.exe 2392 Unicorn-37618.exe 2192 Unicorn-57484.exe 1884 Unicorn-64261.exe 2684 Unicorn-33233.exe 324 Unicorn-26649.exe 932 Unicorn-18289.exe 2040 Unicorn-63960.exe 2004 Unicorn-50961.exe 2904 Unicorn-52907.exe 636 Unicorn-6591.exe 2032 Unicorn-63768.exe 2932 Unicorn-4474.exe 900 Unicorn-27033.exe 844 Unicorn-31117.exe 2304 Unicorn-33617.exe 2324 Unicorn-18673.exe 832 Unicorn-60260.exe 1716 Unicorn-20619.exe 2844 Unicorn-60068.exe 3064 Unicorn-49207.exe 2488 Unicorn-2144.exe 2464 Unicorn-2144.exe 2960 Unicorn-2144.exe 2880 Unicorn-1329.exe 2580 Unicorn-1329.exe 2616 Unicorn-56005.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2764 wrote to memory of 2692 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 28 PID 2764 wrote to memory of 2692 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 28 PID 2764 wrote to memory of 2692 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 28 PID 2764 wrote to memory of 2692 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 28 PID 2692 wrote to memory of 3048 2692 Unicorn-6321.exe 29 PID 2692 wrote to memory of 3048 2692 Unicorn-6321.exe 29 PID 2692 wrote to memory of 3048 2692 Unicorn-6321.exe 29 PID 2692 wrote to memory of 3048 2692 Unicorn-6321.exe 29 PID 2764 wrote to memory of 2452 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 30 PID 2764 wrote to memory of 2452 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 30 PID 2764 wrote to memory of 2452 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 30 PID 2764 wrote to memory of 2452 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 30 PID 2764 wrote to memory of 2576 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 31 PID 2764 wrote to memory of 2576 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 31 PID 2764 wrote to memory of 2576 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 31 PID 2764 wrote to memory of 2576 2764 6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe 31 PID 2692 wrote to memory of 2368 2692 Unicorn-6321.exe 33 PID 2692 wrote to memory of 2368 2692 Unicorn-6321.exe 33 PID 2692 wrote to memory of 2368 2692 Unicorn-6321.exe 33 PID 2692 wrote to memory of 2368 2692 Unicorn-6321.exe 33 PID 3048 wrote to memory of 2492 3048 Unicorn-14572.exe 32 PID 3048 wrote to memory of 2492 3048 Unicorn-14572.exe 32 PID 3048 wrote to memory of 2492 3048 Unicorn-14572.exe 32 PID 3048 wrote to memory of 2492 3048 Unicorn-14572.exe 32 PID 2692 wrote to memory of 2524 2692 Unicorn-6321.exe 34 PID 2692 wrote to memory of 2524 2692 Unicorn-6321.exe 34 PID 2692 wrote to memory of 2524 2692 Unicorn-6321.exe 34 PID 2692 wrote to memory of 2524 2692 Unicorn-6321.exe 34 PID 2452 wrote to memory of 2376 2452 Unicorn-56160.exe 35 PID 2452 wrote to memory of 2376 2452 Unicorn-56160.exe 35 PID 2452 wrote to memory of 2376 2452 Unicorn-56160.exe 35 PID 2452 wrote to memory of 2376 2452 Unicorn-56160.exe 35 PID 2492 wrote to memory of 2408 2492 Unicorn-51075.exe 36 PID 2492 wrote to memory of 2408 2492 Unicorn-51075.exe 36 PID 2492 wrote to memory of 2408 2492 Unicorn-51075.exe 36 PID 2492 wrote to memory of 2408 2492 Unicorn-51075.exe 36 PID 3048 wrote to memory of 2336 3048 Unicorn-14572.exe 37 PID 3048 wrote to memory of 2336 3048 Unicorn-14572.exe 37 PID 3048 wrote to memory of 2336 3048 Unicorn-14572.exe 37 PID 3048 wrote to memory of 2336 3048 Unicorn-14572.exe 37 PID 2368 wrote to memory of 1012 2368 Unicorn-61936.exe 38 PID 2368 wrote to memory of 1012 2368 Unicorn-61936.exe 38 PID 2368 wrote to memory of 1012 2368 Unicorn-61936.exe 38 PID 2368 wrote to memory of 1012 2368 Unicorn-61936.exe 38 PID 2452 wrote to memory of 2680 2452 Unicorn-56160.exe 39 PID 2452 wrote to memory of 2680 2452 Unicorn-56160.exe 39 PID 2452 wrote to memory of 2680 2452 Unicorn-56160.exe 39 PID 2452 wrote to memory of 2680 2452 Unicorn-56160.exe 39 PID 3048 wrote to memory of 2536 3048 Unicorn-14572.exe 40 PID 3048 wrote to memory of 2536 3048 Unicorn-14572.exe 40 PID 3048 wrote to memory of 2536 3048 Unicorn-14572.exe 40 PID 3048 wrote to memory of 2536 3048 Unicorn-14572.exe 40 PID 2376 wrote to memory of 2100 2376 Unicorn-19040.exe 41 PID 2376 wrote to memory of 2100 2376 Unicorn-19040.exe 41 PID 2376 wrote to memory of 2100 2376 Unicorn-19040.exe 41 PID 2376 wrote to memory of 2100 2376 Unicorn-19040.exe 41 PID 1012 wrote to memory of 1980 1012 Unicorn-59326.exe 42 PID 1012 wrote to memory of 1980 1012 Unicorn-59326.exe 42 PID 1012 wrote to memory of 1980 1012 Unicorn-59326.exe 42 PID 1012 wrote to memory of 1980 1012 Unicorn-59326.exe 42 PID 2336 wrote to memory of 1736 2336 Unicorn-4650.exe 43 PID 2336 wrote to memory of 1736 2336 Unicorn-4650.exe 43 PID 2336 wrote to memory of 1736 2336 Unicorn-4650.exe 43 PID 2336 wrote to memory of 1736 2336 Unicorn-4650.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe"C:\Users\Admin\AppData\Local\Temp\6166c23de979c08bd858aa4d7da4f0f2b92e7292f31757570d8c597175ce07c8.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-51075.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51075.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2408 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56005.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56005.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe10⤵PID:2888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe11⤵PID:3968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe12⤵PID:5840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe13⤵PID:6580
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 18814⤵PID:6900
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 23613⤵PID:7748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 21612⤵PID:6304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 21611⤵PID:4240
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 23610⤵
- Program crash
PID:3376
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23778.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23778.exe9⤵PID:1376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe10⤵PID:3640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe11⤵PID:5512
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe12⤵PID:7056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe13⤵PID:8180
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe14⤵PID:9084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 21613⤵PID:8536
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 21612⤵PID:7396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 21611⤵PID:5956
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 21610⤵PID:4556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 2409⤵
- Program crash
PID:3432
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe8⤵
- Executes dropped EXE
PID:2388 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe9⤵PID:2560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe10⤵PID:3676
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe11⤵PID:5128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe12⤵PID:6916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe13⤵PID:8080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe14⤵PID:4132
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 21613⤵PID:8524
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 21612⤵PID:7232
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 21611⤵PID:2108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 21610⤵PID:4340
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 2369⤵
- Program crash
PID:3632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 2408⤵
- Program crash
PID:1612
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1884 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47837.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47837.exe8⤵PID:2424
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe9⤵PID:2436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe10⤵PID:3864
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12702.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12702.exe11⤵PID:5028
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe12⤵PID:6484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30347.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30347.exe13⤵PID:7304
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe14⤵PID:8896
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 23614⤵PID:8592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 23613⤵PID:7640
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 21612⤵PID:6728
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 21611⤵PID:6108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 21610⤵PID:5060
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 2369⤵PID:4060
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12870.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12870.exe8⤵PID:1204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe9⤵PID:3256
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe10⤵PID:5468
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe11⤵PID:6388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe12⤵PID:3596
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe12⤵PID:8280
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe13⤵PID:9204
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 22012⤵PID:8808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 21611⤵PID:7688
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 21610⤵PID:5880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 2369⤵PID:4808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 2408⤵
- Program crash
PID:3504
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 2407⤵
- Program crash
PID:1320
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:652 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe9⤵PID:1016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe10⤵PID:3080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe11⤵PID:5436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe12⤵PID:5948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe13⤵PID:7596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe14⤵PID:9120
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 21614⤵PID:4532
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 23613⤵PID:7264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 23612⤵PID:7104
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 21611⤵PID:5388
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 21610⤵PID:4784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 2369⤵
- Program crash
PID:3624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 2368⤵
- Program crash
PID:3068
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37422.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37422.exe8⤵PID:1936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe9⤵PID:3848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe10⤵PID:5940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe11⤵PID:7064
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe12⤵PID:8212
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe13⤵PID:4460
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 23612⤵PID:8740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 23611⤵PID:7896
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 23610⤵PID:6372
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 2169⤵PID:4536
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 2368⤵
- Program crash
PID:3352
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 2407⤵
- Program crash
PID:2116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 2406⤵
- Program crash
PID:2816
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe9⤵PID:2060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe10⤵PID:3916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe11⤵PID:5732
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43647.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43647.exe12⤵PID:6696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe13⤵PID:3972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe14⤵PID:5992
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 21613⤵PID:8732
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 21612⤵PID:7772
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 21611⤵PID:6212
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 21610⤵PID:4688
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 2369⤵
- Program crash
PID:3616
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe8⤵PID:2160
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe9⤵PID:3708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe10⤵PID:4660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe11⤵PID:5900
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe12⤵PID:7856
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe13⤵PID:9172
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 21613⤵PID:4652
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 21612⤵PID:7876
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 21611⤵PID:2288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 23610⤵PID:5220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 2369⤵PID:4220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 2408⤵
- Program crash
PID:3156
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe8⤵PID:2520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe9⤵PID:3344
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe10⤵PID:5912
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe11⤵PID:2264
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe12⤵PID:1372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe13⤵PID:5284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 23612⤵PID:8696
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 23611⤵PID:7764
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 21610⤵PID:6380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 2369⤵PID:4564
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 2368⤵
- Program crash
PID:3460
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 2407⤵
- Program crash
PID:1052
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe8⤵PID:1700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17298.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17298.exe9⤵PID:4072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe10⤵PID:4680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe11⤵PID:6720
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe12⤵PID:7788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe13⤵PID:9052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 21612⤵PID:8488
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 23611⤵PID:6460
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 21610⤵PID:5580
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 2369⤵PID:4672
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 2368⤵
- Program crash
PID:3444
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe7⤵PID:760
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32539.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32539.exe8⤵PID:3920
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23852.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23852.exe9⤵PID:5000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe10⤵PID:6148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe11⤵PID:7312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe12⤵PID:8832
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 23612⤵PID:5904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 23611⤵PID:288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 21610⤵PID:6824
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 2369⤵PID:5552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 2368⤵PID:4696
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 2407⤵PID:4052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 2406⤵
- Program crash
PID:1780
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 2405⤵
- Loads dropped DLL
- Program crash
PID:1484
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-30219.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30219.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48771.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48771.exe9⤵PID:1800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe10⤵PID:4292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe11⤵PID:5728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21001.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21001.exe12⤵PID:7560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe13⤵PID:9100
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 21613⤵PID:4316
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 21612⤵PID:8016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 21611⤵PID:6992
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 23610⤵PID:4772
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 2369⤵PID:3776
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 2368⤵
- Program crash
PID:2248
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe8⤵PID:2396
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe9⤵PID:3760
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe10⤵PID:4488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe11⤵PID:5648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe12⤵PID:7824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43798.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43798.exe13⤵PID:8248
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 21613⤵PID:5216
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 21612⤵PID:7836
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 23611⤵PID:6172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 23610⤵PID:4508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 2369⤵PID:4140
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 2168⤵
- Program crash
PID:3232
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 2407⤵
- Program crash
PID:2712
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe8⤵PID:2800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe9⤵PID:3984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe10⤵PID:5092
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe11⤵PID:5800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe12⤵PID:8128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48951.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48951.exe13⤵PID:8668
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 23613⤵PID:5712
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 21612⤵PID:7740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 23611⤵PID:6680
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 23610⤵PID:5608
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 2169⤵PID:4584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 2168⤵
- Program crash
PID:3292
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23778.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23778.exe7⤵PID:2848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe8⤵PID:3952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe9⤵PID:5356
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe10⤵PID:6888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe11⤵PID:7844
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe12⤵PID:5256
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 21611⤵PID:8480
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 21610⤵PID:7208
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 2169⤵PID:5424
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 2168⤵PID:4576
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 2407⤵
- Program crash
PID:3280
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 2406⤵
- Program crash
PID:1580
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63638.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63638.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe8⤵PID:2672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe9⤵PID:3828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe10⤵PID:5056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe11⤵PID:6564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe12⤵PID:7676
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16108.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16108.exe13⤵PID:9152
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 21612⤵PID:8456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 23611⤵PID:6860
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 21610⤵PID:5536
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 2169⤵PID:4380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 2368⤵
- Program crash
PID:3216
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57219.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57219.exe7⤵PID:2372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe8⤵PID:3328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe9⤵PID:5064
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe10⤵PID:6324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe11⤵PID:7244
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe12⤵PID:8968
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 21612⤵PID:4476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 23611⤵PID:7612
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 23610⤵PID:6164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 2169⤵PID:5592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 2368⤵PID:4172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 2207⤵
- Program crash
PID:3096
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe7⤵PID:1056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe8⤵PID:3924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exe9⤵PID:4940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe10⤵PID:6272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe11⤵PID:8160
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe12⤵PID:8816
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 21612⤵PID:8276
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 21611⤵PID:7256
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 21610⤵PID:7000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 2369⤵PID:5380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 2168⤵PID:4320
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 2167⤵
- Program crash
PID:3452
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 2406⤵
- Program crash
PID:1200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 2205⤵
- Program crash
PID:804
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:2536
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1012 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1980 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe9⤵PID:2892
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe10⤵PID:3672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe11⤵PID:6020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe12⤵PID:5868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe13⤵PID:7240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe14⤵PID:4440
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 21614⤵PID:9200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 21613⤵PID:7956
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 21612⤵PID:6872
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 23611⤵PID:6016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 21610⤵PID:4740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 2369⤵
- Program crash
PID:3872
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 2368⤵
- Program crash
PID:912
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe8⤵PID:2476
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe8⤵PID:1824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe9⤵PID:3880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe10⤵PID:5320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe11⤵PID:6812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe12⤵PID:8136
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe13⤵PID:8224
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 23612⤵PID:8516
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 23611⤵PID:7184
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 21610⤵PID:5368
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 2369⤵PID:4424
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 2408⤵
- Program crash
PID:3248
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 2407⤵
- Program crash
PID:2652
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe8⤵PID:1428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe9⤵PID:3820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe10⤵PID:4300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe11⤵PID:2256
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe12⤵PID:7944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe13⤵PID:8452
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 21613⤵PID:9056
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 21612⤵PID:8092
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 23611⤵PID:6500
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 23610⤵PID:5676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 2369⤵PID:4372
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 2168⤵
- Program crash
PID:3476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 2367⤵
- Program crash
PID:2796
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 2206⤵
- Program crash
PID:1312
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:636 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe7⤵PID:2180
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe8⤵PID:4044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe9⤵PID:5408
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65437.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65437.exe10⤵PID:7116
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 21610⤵PID:7460
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 2169⤵PID:5616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 2368⤵PID:4632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 2367⤵
- Program crash
PID:3420
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 2166⤵
- Program crash
PID:1676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 2405⤵
- Program crash
PID:3000
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2312 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe8⤵PID:2096
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe9⤵PID:3152
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exe10⤵PID:4972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe11⤵PID:5832
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39558.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39558.exe12⤵PID:8036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe13⤵PID:8508
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 21613⤵PID:9088
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 23612⤵PID:8176
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 21611⤵PID:6360
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 21610⤵PID:5496
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 2369⤵PID:4432
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 2368⤵
- Program crash
PID:4004
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 2367⤵
- Program crash
PID:2852
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:832 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe7⤵PID:812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe8⤵PID:3812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe9⤵PID:4656
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe10⤵PID:5848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe11⤵PID:7604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe12⤵PID:9160
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 23612⤵PID:6044
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 21611⤵PID:7292
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 23610⤵PID:7016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 2369⤵PID:5352
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 2368⤵PID:4032
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 2367⤵
- Program crash
PID:3784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 2406⤵
- Program crash
PID:2204
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4474.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4474.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe7⤵PID:596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe8⤵PID:3856
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe9⤵PID:5696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe10⤵PID:6672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe11⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe12⤵PID:8976
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 23612⤵PID:4612
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 21611⤵PID:8304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 21610⤵PID:7052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 2169⤵PID:6200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 2168⤵PID:4816
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 2367⤵PID:4036
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 2366⤵
- Program crash
PID:2648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 2405⤵
- Program crash
PID:948
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:2524
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2100 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:476 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1542.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1542.exe8⤵PID:1596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe9⤵PID:1528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe10⤵PID:3320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe11⤵PID:5872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exe12⤵PID:6956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe13⤵PID:7324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe14⤵PID:8312
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 23613⤵PID:8544
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 21612⤵PID:7268
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 21611⤵PID:6284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 23610⤵PID:4952
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 2369⤵PID:3368
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 2368⤵
- Program crash
PID:3052
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10265.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10265.exe7⤵PID:1656
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21143.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21143.exe8⤵PID:3360
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe9⤵PID:4616
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe10⤵PID:5632
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe11⤵PID:7472
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe12⤵PID:9064
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 23612⤵PID:4164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 21611⤵PID:7892
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 21610⤵PID:6880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 2169⤵PID:6052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 2368⤵PID:4188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 2407⤵
- Program crash
PID:3112
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe7⤵PID:1720
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe8⤵PID:3600
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe9⤵PID:4524
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe10⤵PID:6116
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe11⤵PID:8000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe12⤵PID:8344
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 21612⤵PID:5264
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 21611⤵PID:8172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 21610⤵PID:6480
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 2369⤵PID:5160
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 2368⤵PID:4156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 2367⤵
- Program crash
PID:3168
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 2406⤵
- Program crash
PID:312
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe7⤵PID:2384
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe8⤵PID:3980
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe9⤵PID:4444
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe10⤵PID:6032
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe11⤵PID:7660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe12⤵PID:9000
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 23612⤵PID:5804
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 23611⤵PID:7452
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 21610⤵PID:7144
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 2369⤵PID:4084
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe8⤵PID:4540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe9⤵PID:5764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe10⤵PID:7884
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe11⤵PID:3964
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 21611⤵PID:6136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 21610⤵PID:7936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 2369⤵PID:6208
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 2208⤵PID:5176
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 2167⤵PID:4068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 2366⤵
- Program crash
PID:1680
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 2405⤵
- Program crash
PID:2348
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe7⤵PID:1460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe8⤵PID:1136
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe9⤵PID:2644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe10⤵PID:3436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31447.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31447.exe11⤵PID:5476
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe12⤵PID:7708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe13⤵PID:9108
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 21613⤵PID:1748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 23612⤵PID:7716
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 23611⤵PID:6332
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 23610⤵PID:5624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 2169⤵PID:4776
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 2368⤵
- Program crash
PID:3704
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe7⤵PID:1788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe8⤵PID:3936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe9⤵PID:5032
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe10⤵PID:5444
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe11⤵PID:7436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe12⤵PID:9032
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 21612⤵PID:4112
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 23611⤵PID:7760
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 21610⤵PID:6800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 2169⤵PID:5568
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2168⤵PID:4396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 2407⤵
- Program crash
PID:3176
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36331.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36331.exe6⤵PID:1248
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe7⤵PID:1032
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe8⤵PID:3768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe9⤵PID:4744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe10⤵PID:6176
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe11⤵PID:7500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe12⤵PID:8932
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 21612⤵PID:8608
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 23611⤵PID:7912
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 23610⤵PID:6912
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 2369⤵PID:5240
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 2168⤵PID:4252
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 2367⤵
- Program crash
PID:3664
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 2406⤵
- Program crash
PID:2356
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe6⤵PID:1168
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 1807⤵
- Program crash
PID:2760
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 2366⤵
- Program crash
PID:3468
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 2405⤵
- Program crash
PID:1704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 2404⤵
- Program crash
PID:1396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 2163⤵
- Loads dropped DLL
- Program crash
PID:2680
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 2402⤵
- Program crash
PID:2576
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD547f706ebbf39d8c07fc807198618de34
SHA12fb66fd7acbef0ce1461bdc95c7082943441bedf
SHA256519acfce1fa302ba7145dae332098cee898f2471c02a1a93c4ee21e13b09db37
SHA512760d72a613791639350fc1f2936a879967d817c50ec27aa8fb9f9a1604e1905e312deddfb42aa50646fef8b32f09a31c827392c0588cf5550f96c88ea10280c3
-
Filesize
184KB
MD5621a63eaa536618dd5726a40dbb5f2a5
SHA1efc1bcd2cd9bb3fdc547a7398c1181dacf0d1bc2
SHA256cb8ebc473b33231352e674c0649f2b66cb062ab0f8e67a902a89465faded41c5
SHA51281a4e5a01dfb758e8c761b354ff5a956b03352079eb84850ba93ab60191d037a22dbe1e5f40f2a21801cc6d2d0647ac149f6790d0ddfe1bca499ecf661671101
-
Filesize
184KB
MD550dc5770ec48bbc6d3206940323aa087
SHA1e666797bcd751fc3ed99fbda6242a4b7cbf1ed99
SHA256a4e746158652a66165a1dac69a149edeb57c377bc477c060f4e93e851c58f698
SHA5122a4b92684f115d872db7c4f1f5858a2881a92e3c3a528952b942e2c5a59757c358651804e21f1d91ff566e0c2b6aa5c88edabe3de450753c293aecd2de18f931
-
Filesize
184KB
MD554761718e11ccf5dd0c248a28f23494c
SHA16a73b2de0583d52574c7df95c37ec66cac25d8ad
SHA256bf8ac7d0ce439f626e12dc5b39db5bf59aae0cb0e607d886773a973ef2736e8c
SHA512256b661f31e28e32ffbb2771ce3a399b744f48069c2b3e1c76436ef8f358f79444f91ee1e307709c62f9b77bf2a08f7640251da4c63ec6a18e63e47dc664635f
-
Filesize
184KB
MD503c905822d08dd48ee7c64e3de6cf87a
SHA18516ba7b7890284389840dafd70978429d21ebcd
SHA256749aac46ea95adb2b33948f40add494479de598b5de6d1738ec3e9c71e8a71f4
SHA5122ec51f7464dc05e3cf63420904005210394615761c57ce490db36adafa819cba3aeef4bec5ffe1ab3cc6d1e4738b8a4f1bc35a22ae59c3cea063b7d17050f543
-
Filesize
184KB
MD5efa9fbfaf4b998bf909dbcd3563b8412
SHA1de451b988c905d1aa50dd08bb4e44ecce7788a1d
SHA256c2f49fb9cc603f352830e05a98759042450a77e0e0fa6557adacd159115f7160
SHA512d1a7f917f78f12ac46d660f36479c295d7f3e4f676a2b80f5e4eb94b28001aab82d0d93ee1f44d713197d6c9df093d4e8abd9518730cfdd4a8b67906356edb59
-
Filesize
184KB
MD51327e29775eef0e06d6d5c849e55a4b7
SHA195733037c0530dc45c7d1555a9aca266ec75b593
SHA256aae207d224213b224fb2dbe0ca831bf808a7554b390b271ceb98514915487092
SHA512f7dc50518721f3353a9295e1c8069681ef458edc3782c7898e27661d0480e02911c43c01b00524aba7ae8ef83363964e1a43df4e440656891a02b251ab8278c2
-
Filesize
184KB
MD52af0985fb8c6aeccf3162a460e1343ed
SHA1dcb055c45d7630a8900a1b3505d220a7c3db8bcf
SHA25664fee5d3688538f9779a583672ccb31997f9f45b236f53069e0730d3f24f9603
SHA512745de220ffb06530d7a49e37a316bf53405442b5e372058580f592998c0e126ae153a99880084f36bd74675807eadf5c20a431e209b8480ab4874d922ab2e696
-
Filesize
184KB
MD50897f14105ad0aba53accf3f49734390
SHA1adb3d95c38f7f78a38278b2c4bf187453edb81b1
SHA2561c61369987156e61479bce2c3713415614dbcf7f6e159a316b7f46d77a6a3800
SHA512b5c7844d9489c862404e90d977d867fe7dd8be547fd5bc8daf19188ae1fe554ffec594143becc7839e37b016eb89f526cd8580bb546565933f910a81a0b5ccc4
-
Filesize
184KB
MD51257a30ba9dc1c4105dd9afeb041cfb8
SHA16a7528e0a9af0dec44a4ae23039eab4d7b2a4a15
SHA25609c7b481a361c38628fc864ea4dd65f027bb4943c4806891f9d6776a07900b03
SHA512064f9529ce4c29f3c40f64bd2c5c57a80ebb9746b2c5c500020e9cb081d97afbbcd2a2967e94f1c7ae8baac76f5b855b429a3a9fe4b8a4f2912f009f0134a203
-
Filesize
184KB
MD5a03f1a72fbcb399750b584a6325ae0f6
SHA1444bf44b112749c1c104f35484be88c321075221
SHA2563ba547c5d54e10d58b05dcc6820d9033a3112ff8ae2a0ee0ac37f5c457868cc5
SHA512824d7caf0d3fd464aa7d5227a801c4315b463ddc0c8471fcec7a6ce8c88cd307dbbf3dc2fdb33883731b6a12192b7289d5849f95d1b5892e0caf90cb33ee1e4c
-
Filesize
184KB
MD5719057658cf71906f700da9c65d3e102
SHA1de069b5cb7382847480a21270a90a386ffd0b809
SHA256948a72c132cea7da2398d7a13646c01e4988b9bc4f43eef4436741b5b6b9a7a9
SHA512376b13614b0000b2eea2b34394c0f428744a9902f3583f2cd87c649fb4175c710957846f69884859eb1187c96d62fc0ad170b5d3e370d8a846aa622fe62112c3
-
Filesize
184KB
MD5d365907b5ceb26fb84da33254541a4f3
SHA10914b5472a2daf5253b4cc3a6d9245a28a4d4dca
SHA2565c3546a97b3a52c7ced61ec76235d243268333f2417acc8a5d1592031004c331
SHA51210911279caf3ce825bf8fc39b756ae83b9c4daa9afd5787f8abf25d4fd420a3cfac80b7039d41453279026f300ebd8a784cc72dc3d6e8fe866d4b23ae2f7be01
-
Filesize
184KB
MD582919a567b528ea6105f1daba31dd7b6
SHA119371274f5cc877656cb3e001269e6218b7dc938
SHA2560406919eb94d5db1de1440e6ecb02dfa06c181eef6d2e57903d463292535b2bc
SHA51241e017eb200ba02dfa6302e78019fe988c694d9001ab3810153c7c7da41b7264725f2908032229b78374cf62d858bc6e97792d735a2373733e06b295eb08cadd
-
Filesize
184KB
MD5943c18d55dc6ae82a4016974b2542a81
SHA11fb5b98eacab2fea1c917f281ac37e2bad7d6de5
SHA25674586499248c99c79e157473164b958efffdb47dd8a111c4b5c5d68b65dad8ab
SHA5127308244ef922521d84ba50269716a89215a1cf041755a1fb809e13125ca0ad75a5e098c21f7d36823287231d48900a1f26ab2a866d87fe45831af37d829343fb