Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/06/2024, 07:11
Static task
static1
Behavioral task
behavioral1
Sample
97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe
-
Size
184KB
-
MD5
97683b1b076a64ec26b3f05267349650
-
SHA1
a16cb9456a44a4a1472a6093b25d4b3e06dca7c1
-
SHA256
8635c8294f795986094ca61ab296352dd35c73181eb162023a4ff67a54172646
-
SHA512
f17bd69a0d90d8a8908c7aead324b173716ef8fb6e3e4544f5afc18bad6b2eb11ed4dfcd3624100bad185787b55fc4ef59bc4276788e23aacad2b69aedb361ce
-
SSDEEP
1536:HBZJ6jZ5u358otxYN4hAlawMV+9yvZc8mmddjILR2VW9tNhl5hj5nizpvW:hCe358oTq4hTdVwWeYILRHjNhlnViF+
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2684 Unicorn-9294.exe 2944 Unicorn-18806.exe 2620 Unicorn-21952.exe 2404 Unicorn-24962.exe 2640 Unicorn-15184.exe 2872 Unicorn-9476.exe 392 Unicorn-55335.exe 1304 Unicorn-57774.exe 1588 Unicorn-20655.exe 2384 Unicorn-4510.exe 2008 Unicorn-25485.exe 2320 Unicorn-18849.exe 1088 Unicorn-13695.exe 2704 Unicorn-40207.exe 2240 Unicorn-37816.exe 2436 Unicorn-54152.exe 2924 Unicorn-50623.exe 2580 Unicorn-26118.exe 1060 Unicorn-21288.exe 1804 Unicorn-33042.exe 1792 Unicorn-29512.exe 1824 Unicorn-15553.exe 2068 Unicorn-23722.exe 1668 Unicorn-45081.exe 972 Unicorn-64069.exe 2100 Unicorn-14868.exe 2808 Unicorn-53441.exe 2948 Unicorn-55169.exe 1508 Unicorn-58013.exe 2888 Unicorn-25149.exe 1584 Unicorn-38339.exe 2480 Unicorn-41869.exe 2540 Unicorn-25279.exe 2588 Unicorn-5605.exe 2756 Unicorn-33639.exe 2460 Unicorn-27391.exe 1960 Unicorn-32029.exe 1012 Unicorn-11438.exe 2348 Unicorn-3462.exe 1016 Unicorn-47790.exe 2456 Unicorn-51127.exe 1072 Unicorn-22046.exe 2696 Unicorn-22046.exe 1896 Unicorn-3908.exe 1916 Unicorn-10348.exe 2312 Unicorn-15798.exe 1644 Unicorn-40302.exe 2256 Unicorn-7821.exe 2780 Unicorn-61661.exe 596 Unicorn-20628.exe 380 Unicorn-57214.exe 2968 Unicorn-53685.exe 896 Unicorn-22041.exe 1364 Unicorn-18703.exe 2304 Unicorn-16312.exe 2476 Unicorn-4614.exe 2744 Unicorn-32840.exe 2624 Unicorn-34568.exe 2668 Unicorn-14702.exe 2508 Unicorn-23062.exe 2400 Unicorn-26784.exe 3012 Unicorn-35144.exe 2376 Unicorn-12865.exe 1688 Unicorn-5081.exe -
Loads dropped DLL 64 IoCs
pid Process 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 2684 Unicorn-9294.exe 2684 Unicorn-9294.exe 2944 Unicorn-18806.exe 2944 Unicorn-18806.exe 2684 Unicorn-9294.exe 2620 Unicorn-21952.exe 2684 Unicorn-9294.exe 2620 Unicorn-21952.exe 2836 WerFault.exe 2836 WerFault.exe 2836 WerFault.exe 2836 WerFault.exe 2836 WerFault.exe 2404 Unicorn-24962.exe 2404 Unicorn-24962.exe 2944 Unicorn-18806.exe 2944 Unicorn-18806.exe 2640 Unicorn-15184.exe 2640 Unicorn-15184.exe 2872 Unicorn-9476.exe 2872 Unicorn-9476.exe 2620 Unicorn-21952.exe 2620 Unicorn-21952.exe 1936 WerFault.exe 1936 WerFault.exe 1936 WerFault.exe 1936 WerFault.exe 1936 WerFault.exe 2716 WerFault.exe 2716 WerFault.exe 2716 WerFault.exe 2716 WerFault.exe 1304 Unicorn-57774.exe 1304 Unicorn-57774.exe 2716 WerFault.exe 392 Unicorn-55335.exe 2404 Unicorn-24962.exe 392 Unicorn-55335.exe 2404 Unicorn-24962.exe 2384 Unicorn-4510.exe 1588 Unicorn-20655.exe 2384 Unicorn-4510.exe 1588 Unicorn-20655.exe 2872 Unicorn-9476.exe 2872 Unicorn-9476.exe 2640 Unicorn-15184.exe 2640 Unicorn-15184.exe 2008 Unicorn-25485.exe 2008 Unicorn-25485.exe 436 WerFault.exe 436 WerFault.exe 436 WerFault.exe 436 WerFault.exe 436 WerFault.exe 1376 WerFault.exe 1376 WerFault.exe 1376 WerFault.exe 1376 WerFault.exe 1376 WerFault.exe 2020 WerFault.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 2652 1500 WerFault.exe 27 2836 2684 WerFault.exe 28 1936 2944 WerFault.exe 29 2716 2620 WerFault.exe 30 436 2404 WerFault.exe 32 1376 2640 WerFault.exe 33 2020 2872 WerFault.exe 34 2852 1304 WerFault.exe 37 1096 392 WerFault.exe 36 2608 2384 WerFault.exe 39 2660 1588 WerFault.exe 38 2452 2008 WerFault.exe 40 2136 2320 WerFault.exe 43 2344 2704 WerFault.exe 45 568 2436 WerFault.exe 47 1224 1060 WerFault.exe 50 1388 1088 WerFault.exe 44 1412 2580 WerFault.exe 48 2796 2240 WerFault.exe 46 1204 2924 WerFault.exe 49 2700 972 WerFault.exe 59 2720 2888 WerFault.exe 65 400 1668 WerFault.exe 58 2328 1508 WerFault.exe 63 808 2948 WerFault.exe 62 1820 1792 WerFault.exe 55 1988 2100 WerFault.exe 61 1716 2588 WerFault.exe 73 1768 2348 WerFault.exe 78 2712 2756 WerFault.exe 72 2648 1824 WerFault.exe 56 2512 1012 WerFault.exe 77 1660 2540 WerFault.exe 69 2572 380 WerFault.exe 92 1704 2696 WerFault.exe 81 1116 1016 WerFault.exe 79 240 2456 WerFault.exe 80 1272 1584 WerFault.exe 66 912 1916 WerFault.exe 84 3112 596 WerFault.exe 91 3156 2808 WerFault.exe 60 3212 1804 WerFault.exe 54 3700 2256 WerFault.exe 89 3864 2480 WerFault.exe 64 3888 2068 WerFault.exe 57 3896 2460 WerFault.exe 75 3932 1960 WerFault.exe 76 3988 2312 WerFault.exe 87 4008 1644 WerFault.exe 88 3120 2744 WerFault.exe 105 3180 3044 WerFault.exe 135 3192 2508 WerFault.exe 108 3232 2164 WerFault.exe 127 3348 2304 WerFault.exe 103 3396 2904 WerFault.exe 130 3400 1816 WerFault.exe 120 3556 2400 WerFault.exe 109 3616 636 WerFault.exe 132 3624 1812 WerFault.exe 121 3652 1888 WerFault.exe 131 3668 1896 WerFault.exe 85 3876 2104 WerFault.exe 124 3752 2780 WerFault.exe 90 3920 1904 WerFault.exe 115 -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 2684 Unicorn-9294.exe 2944 Unicorn-18806.exe 2620 Unicorn-21952.exe 2404 Unicorn-24962.exe 2640 Unicorn-15184.exe 2872 Unicorn-9476.exe 392 Unicorn-55335.exe 1304 Unicorn-57774.exe 1588 Unicorn-20655.exe 2384 Unicorn-4510.exe 2008 Unicorn-25485.exe 2320 Unicorn-18849.exe 1088 Unicorn-13695.exe 2704 Unicorn-40207.exe 2240 Unicorn-37816.exe 2436 Unicorn-54152.exe 2924 Unicorn-50623.exe 1060 Unicorn-21288.exe 2580 Unicorn-26118.exe 1792 Unicorn-29512.exe 1804 Unicorn-33042.exe 2068 Unicorn-23722.exe 1824 Unicorn-15553.exe 1668 Unicorn-45081.exe 2100 Unicorn-14868.exe 2808 Unicorn-53441.exe 972 Unicorn-64069.exe 2948 Unicorn-55169.exe 2888 Unicorn-25149.exe 1508 Unicorn-58013.exe 1584 Unicorn-38339.exe 2480 Unicorn-41869.exe 2540 Unicorn-25279.exe 2756 Unicorn-33639.exe 2588 Unicorn-5605.exe 2460 Unicorn-27391.exe 1960 Unicorn-32029.exe 1012 Unicorn-11438.exe 2348 Unicorn-3462.exe 1016 Unicorn-47790.exe 2456 Unicorn-51127.exe 1072 Unicorn-22046.exe 2696 Unicorn-22046.exe 1896 Unicorn-3908.exe 1916 Unicorn-10348.exe 2312 Unicorn-15798.exe 1644 Unicorn-40302.exe 2256 Unicorn-7821.exe 2780 Unicorn-61661.exe 596 Unicorn-20628.exe 2968 Unicorn-53685.exe 380 Unicorn-57214.exe 896 Unicorn-22041.exe 1364 Unicorn-18703.exe 2304 Unicorn-16312.exe 2476 Unicorn-4614.exe 2744 Unicorn-32840.exe 2624 Unicorn-34568.exe 2668 Unicorn-14702.exe 2508 Unicorn-23062.exe 2400 Unicorn-26784.exe 3012 Unicorn-35144.exe 2376 Unicorn-12865.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1500 wrote to memory of 2684 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 28 PID 1500 wrote to memory of 2684 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 28 PID 1500 wrote to memory of 2684 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 28 PID 1500 wrote to memory of 2684 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 28 PID 1500 wrote to memory of 2944 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 29 PID 1500 wrote to memory of 2944 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 29 PID 1500 wrote to memory of 2944 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 29 PID 1500 wrote to memory of 2944 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 29 PID 2684 wrote to memory of 2620 2684 Unicorn-9294.exe 30 PID 2684 wrote to memory of 2620 2684 Unicorn-9294.exe 30 PID 2684 wrote to memory of 2620 2684 Unicorn-9294.exe 30 PID 2684 wrote to memory of 2620 2684 Unicorn-9294.exe 30 PID 1500 wrote to memory of 2652 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 31 PID 1500 wrote to memory of 2652 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 31 PID 1500 wrote to memory of 2652 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 31 PID 1500 wrote to memory of 2652 1500 97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe 31 PID 2944 wrote to memory of 2404 2944 Unicorn-18806.exe 32 PID 2944 wrote to memory of 2404 2944 Unicorn-18806.exe 32 PID 2944 wrote to memory of 2404 2944 Unicorn-18806.exe 32 PID 2944 wrote to memory of 2404 2944 Unicorn-18806.exe 32 PID 2684 wrote to memory of 2640 2684 Unicorn-9294.exe 33 PID 2684 wrote to memory of 2640 2684 Unicorn-9294.exe 33 PID 2684 wrote to memory of 2640 2684 Unicorn-9294.exe 33 PID 2684 wrote to memory of 2640 2684 Unicorn-9294.exe 33 PID 2620 wrote to memory of 2872 2620 Unicorn-21952.exe 34 PID 2620 wrote to memory of 2872 2620 Unicorn-21952.exe 34 PID 2620 wrote to memory of 2872 2620 Unicorn-21952.exe 34 PID 2620 wrote to memory of 2872 2620 Unicorn-21952.exe 34 PID 2684 wrote to memory of 2836 2684 Unicorn-9294.exe 35 PID 2684 wrote to memory of 2836 2684 Unicorn-9294.exe 35 PID 2684 wrote to memory of 2836 2684 Unicorn-9294.exe 35 PID 2684 wrote to memory of 2836 2684 Unicorn-9294.exe 35 PID 2404 wrote to memory of 392 2404 Unicorn-24962.exe 36 PID 2404 wrote to memory of 392 2404 Unicorn-24962.exe 36 PID 2404 wrote to memory of 392 2404 Unicorn-24962.exe 36 PID 2404 wrote to memory of 392 2404 Unicorn-24962.exe 36 PID 2944 wrote to memory of 1304 2944 Unicorn-18806.exe 37 PID 2944 wrote to memory of 1304 2944 Unicorn-18806.exe 37 PID 2944 wrote to memory of 1304 2944 Unicorn-18806.exe 37 PID 2944 wrote to memory of 1304 2944 Unicorn-18806.exe 37 PID 2640 wrote to memory of 1588 2640 Unicorn-15184.exe 38 PID 2640 wrote to memory of 1588 2640 Unicorn-15184.exe 38 PID 2640 wrote to memory of 1588 2640 Unicorn-15184.exe 38 PID 2640 wrote to memory of 1588 2640 Unicorn-15184.exe 38 PID 2872 wrote to memory of 2384 2872 Unicorn-9476.exe 39 PID 2872 wrote to memory of 2384 2872 Unicorn-9476.exe 39 PID 2872 wrote to memory of 2384 2872 Unicorn-9476.exe 39 PID 2872 wrote to memory of 2384 2872 Unicorn-9476.exe 39 PID 2620 wrote to memory of 2008 2620 Unicorn-21952.exe 40 PID 2620 wrote to memory of 2008 2620 Unicorn-21952.exe 40 PID 2620 wrote to memory of 2008 2620 Unicorn-21952.exe 40 PID 2620 wrote to memory of 2008 2620 Unicorn-21952.exe 40 PID 2944 wrote to memory of 1936 2944 Unicorn-18806.exe 41 PID 2944 wrote to memory of 1936 2944 Unicorn-18806.exe 41 PID 2944 wrote to memory of 1936 2944 Unicorn-18806.exe 41 PID 2944 wrote to memory of 1936 2944 Unicorn-18806.exe 41 PID 2620 wrote to memory of 2716 2620 Unicorn-21952.exe 42 PID 2620 wrote to memory of 2716 2620 Unicorn-21952.exe 42 PID 2620 wrote to memory of 2716 2620 Unicorn-21952.exe 42 PID 2620 wrote to memory of 2716 2620 Unicorn-21952.exe 42 PID 1304 wrote to memory of 2320 1304 Unicorn-57774.exe 43 PID 1304 wrote to memory of 2320 1304 Unicorn-57774.exe 43 PID 1304 wrote to memory of 2320 1304 Unicorn-57774.exe 43 PID 1304 wrote to memory of 2320 1304 Unicorn-57774.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\97683b1b076a64ec26b3f05267349650_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2384 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:972 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22046.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22046.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1072 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe9⤵PID:2432
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe10⤵PID:2976
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe11⤵PID:4904
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe12⤵PID:5660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe13⤵PID:8104
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 21613⤵PID:8208
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 23612⤵PID:7036
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 21611⤵PID:5380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 23610⤵PID:3760
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe9⤵PID:2472
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe10⤵PID:4612
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe11⤵PID:5516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57497.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57497.exe12⤵PID:7684
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe13⤵PID:9208
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 21613⤵PID:8888
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 21612⤵PID:8120
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 21611⤵PID:6684
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 21610⤵PID:4940
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 2409⤵PID:3800
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe8⤵PID:1888
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe9⤵PID:1672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe10⤵PID:4444
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe11⤵PID:6052
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe12⤵PID:7364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42443.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42443.exe13⤵PID:4564
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 23613⤵PID:5908
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 21612⤵PID:7812
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 23611⤵PID:6508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 23610⤵PID:4924
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 2369⤵
- Program crash
PID:3652
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 2208⤵
- Program crash
PID:2700
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe8⤵PID:636
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe9⤵PID:2380
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43139.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43139.exe10⤵PID:4304
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe11⤵PID:6000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe12⤵PID:5708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe13⤵PID:9088
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 21613⤵PID:4108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 21612⤵PID:7460
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 21611⤵PID:6428
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 21610⤵PID:4220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 2369⤵
- Program crash
PID:3616
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe8⤵PID:1712
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe9⤵PID:4584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe10⤵PID:5788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32801.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32801.exe11⤵PID:7712
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe12⤵PID:8676
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 21612⤵PID:4400
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 23611⤵PID:8124
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 21610⤵PID:6768
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 2169⤵PID:4928
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 2408⤵
- Program crash
PID:3668
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 2407⤵
- Program crash
PID:2796
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22046.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22046.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe8⤵PID:2736
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe9⤵PID:2748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19071.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19071.exe10⤵PID:4972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe11⤵PID:5280
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe12⤵PID:8176
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 23612⤵PID:8236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 21611⤵PID:7028
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 21610⤵PID:5428
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 2369⤵PID:3828
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 2368⤵
- Program crash
PID:1704
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe7⤵PID:792
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe8⤵PID:3724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe9⤵PID:4704
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe10⤵PID:4468
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe11⤵PID:7080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe12⤵PID:8892
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 21612⤵PID:6076
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 23611⤵PID:7648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 23610⤵PID:5124
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 2169⤵PID:5016
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 2368⤵PID:4384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 2407⤵
- Program crash
PID:3156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 2406⤵
- Program crash
PID:2608
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe8⤵PID:2520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe9⤵PID:3580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe10⤵PID:4776
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe11⤵PID:6948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe12⤵PID:8732
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 21612⤵PID:5808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 21611⤵PID:7504
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 23610⤵PID:6020
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 2369⤵PID:4352
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 2368⤵
- Program crash
PID:4008
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe7⤵PID:2904
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe8⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe9⤵PID:3592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57553.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57553.exe10⤵PID:5588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61555.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61555.exe11⤵PID:6780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exe12⤵PID:8672
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 21612⤵PID:5740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 21611⤵PID:8012
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 21610⤵PID:5976
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 2369⤵PID:4576
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 2368⤵
- Program crash
PID:3396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 2207⤵
- Program crash
PID:2720
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe7⤵PID:2164
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe8⤵PID:3424
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe9⤵PID:4000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe10⤵PID:5636
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe11⤵PID:7008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe12⤵PID:3344
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 23612⤵PID:5388
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 23611⤵PID:8092
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 21610⤵PID:368
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 2369⤵PID:4560
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 2368⤵
- Program crash
PID:3232
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 2167⤵
- Program crash
PID:3112
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 2406⤵
- Program crash
PID:1412
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 2405⤵
- Loads dropped DLL
- Program crash
PID:2020
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2008 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1060 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe8⤵PID:608
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe9⤵PID:3492
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe10⤵PID:4980
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe11⤵PID:6280
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19731.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19731.exe12⤵PID:8728
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 23612⤵PID:8748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 23611⤵PID:7836
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 23610⤵PID:6012
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 2369⤵PID:4320
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 2168⤵
- Program crash
PID:3988
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe7⤵PID:2160
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe8⤵PID:4024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27369.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27369.exe9⤵PID:4228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe10⤵PID:5812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe11⤵PID:7124
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe12⤵PID:8736
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 23612⤵PID:8720
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 21611⤵PID:7416
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 21610⤵PID:6272
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 2169⤵PID:5336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 2368⤵PID:4676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 2407⤵
- Program crash
PID:3864
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe7⤵PID:2104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe8⤵PID:1624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59636.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59636.exe9⤵PID:4764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe10⤵PID:5684
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe11⤵PID:6648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe12⤵PID:5704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 21611⤵PID:7396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 21610⤵PID:6740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 2169⤵PID:5256
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 2368⤵
- Program crash
PID:3876
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe7⤵PID:1708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe8⤵PID:4360
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58150.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58150.exe9⤵PID:5840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe10⤵PID:6860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28539.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28539.exe11⤵PID:8588
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 21611⤵PID:3088
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 21610⤵PID:7220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 2369⤵PID:6288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 2168⤵PID:4440
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 2207⤵
- Program crash
PID:3752
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 2406⤵
- Program crash
PID:1224
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe7⤵PID:2768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe8⤵PID:3840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59143.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59143.exe9⤵PID:5044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe10⤵PID:952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe11⤵PID:7064
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe12⤵PID:5228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 21611⤵PID:7484
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 21610⤵PID:6936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 2169⤵PID:5508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2368⤵PID:4416
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 2367⤵
- Program crash
PID:3700
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe6⤵PID:1812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe7⤵PID:3660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe8⤵PID:4080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe9⤵PID:5520
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 2169⤵PID:5884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 2368⤵PID:4992
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 2167⤵
- Program crash
PID:3624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 2406⤵
- Program crash
PID:1272
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 2405⤵
- Program crash
PID:2452
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:2716
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15184.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15184.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20655.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20655.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1588 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14868.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14868.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe8⤵PID:1904
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exe9⤵PID:3632
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe10⤵PID:4204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe11⤵PID:5940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe12⤵PID:7228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe13⤵PID:8452
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 21613⤵PID:9072
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 23612⤵PID:7600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 21611⤵PID:6396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 23610⤵PID:5116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 2169⤵
- Program crash
PID:3920
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 2168⤵
- Program crash
PID:240
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe7⤵PID:1816
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe8⤵PID:3336
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe9⤵PID:3548
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe10⤵PID:5608
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe11⤵PID:1488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51891.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51891.exe12⤵PID:8620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe13⤵PID:5188
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 21613⤵PID:6300
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 23612⤵PID:8492
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 23611⤵PID:7864
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 21610⤵PID:6140
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 2169⤵PID:4668
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 2368⤵
- Program crash
PID:3400
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 2407⤵
- Program crash
PID:1988
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10348.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10348.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe7⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe8⤵PID:3412
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe9⤵PID:5084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe10⤵PID:5604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe11⤵PID:7420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe12⤵PID:8504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe13⤵PID:9168
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 21613⤵PID:4632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 23612⤵PID:8992
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 21611⤵PID:7872
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 21610⤵PID:6716
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 2169⤵PID:5564
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 2168⤵PID:3504
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 2367⤵
- Program crash
PID:912
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 2406⤵
- Program crash
PID:568
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe7⤵PID:3124
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe8⤵PID:3836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57553.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57553.exe9⤵PID:5580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe10⤵PID:6516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe11⤵PID:5224
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 21610⤵PID:7204
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 2169⤵PID:6064
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 2168⤵PID:4496
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 2367⤵
- Program crash
PID:3192
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 2366⤵
- Program crash
PID:808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 2405⤵
- Program crash
PID:2660
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:380 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe7⤵PID:476
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe8⤵PID:3224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe9⤵PID:5008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe10⤵PID:5532
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe11⤵PID:7900
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51407.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51407.exe12⤵PID:6468
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 23611⤵PID:7356
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 21610⤵PID:6676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 2169⤵PID:5444
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 2368⤵PID:3872
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 2367⤵
- Program crash
PID:2572
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe6⤵PID:1524
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe7⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe8⤵PID:4640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exe9⤵PID:5212
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe10⤵PID:7592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe11⤵PID:8560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe12⤵PID:9200
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 23612⤵PID:5364
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 23611⤵PID:8928
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 21610⤵PID:8056
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 2369⤵PID:6652
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 2168⤵PID:4916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 2167⤵PID:3832
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 2406⤵
- Program crash
PID:2328
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe6⤵PID:3044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe7⤵PID:848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe8⤵PID:3804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe9⤵PID:5644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe10⤵PID:7020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe11⤵PID:8872
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 21611⤵PID:8964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 21610⤵PID:8128
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 2169⤵PID:6148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 2168⤵PID:4484
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 2367⤵
- Program crash
PID:3180
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe6⤵PID:2600
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe7⤵PID:4260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe8⤵PID:5968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44695.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44695.exe9⤵PID:7276
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe10⤵PID:5896
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 2169⤵PID:7680
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 2168⤵PID:6420
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 2367⤵PID:4120
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 2206⤵PID:3996
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 2405⤵
- Program crash
PID:1204
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1376
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:2836
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18806.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18806.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:392 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23722.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23722.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52983.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52983.exe9⤵PID:3296
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe10⤵PID:5028
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe11⤵PID:6820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe12⤵PID:8444
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exe13⤵PID:8700
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 21613⤵PID:5752
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 23612⤵PID:9032
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 21611⤵PID:7332
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 21610⤵PID:5768
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 2369⤵PID:4224
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 2368⤵
- Program crash
PID:3896
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe7⤵
- Executes dropped EXE
PID:1688 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe8⤵PID:4060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe9⤵PID:4748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe10⤵PID:6564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe11⤵PID:7316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe12⤵PID:8532
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 21612⤵PID:2708
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 23611⤵PID:8352
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 21610⤵PID:6836
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 2369⤵PID:6124
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 2168⤵PID:4788
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 2407⤵
- Program crash
PID:3888
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe7⤵PID:1932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe8⤵PID:2688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe9⤵PID:4896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe10⤵PID:6600
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22784.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22784.exe11⤵PID:8680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe12⤵PID:9148
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 21612⤵PID:5112
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 21611⤵PID:8660
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 21610⤵PID:6620
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 2369⤵PID:5136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 2368⤵PID:4808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 2167⤵
- Program crash
PID:3932
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 2406⤵
- Program crash
PID:1388
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe8⤵PID:2932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35272.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35272.exe9⤵PID:3248
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe10⤵PID:6084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe11⤵PID:7292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1237.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1237.exe12⤵PID:8468
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe13⤵PID:9048
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 23613⤵PID:5076
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 23612⤵PID:8880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 21611⤵PID:7700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 21610⤵PID:6528
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 2369⤵PID:4884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 2368⤵
- Program crash
PID:3556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 2367⤵
- Program crash
PID:2512
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12865.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12865.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe7⤵PID:340
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe8⤵PID:4332
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe9⤵PID:5876
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe10⤵PID:7060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe11⤵PID:9028
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 21610⤵PID:956
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 2169⤵PID:6336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 2168⤵PID:4408
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 2367⤵PID:3600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 2406⤵
- Program crash
PID:400
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 2405⤵
- Program crash
PID:1096
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe8⤵PID:672
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe9⤵PID:4876
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe10⤵PID:5952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe11⤵PID:7540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24874.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24874.exe12⤵PID:9100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 21611⤵PID:7976
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 21610⤵PID:6884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 2169⤵PID:5312
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 2368⤵PID:4092
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 2367⤵
- Program crash
PID:1768
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe7⤵PID:3376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe8⤵PID:4836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe9⤵PID:6048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe10⤵PID:8048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18756.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18756.exe11⤵PID:6092
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 23610⤵PID:2900
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 2169⤵PID:6928
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 2168⤵PID:5296
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 2167⤵PID:3372
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 2406⤵
- Program crash
PID:2648
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1016 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe6⤵PID:1080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe7⤵PID:3604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe8⤵PID:4144
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe9⤵PID:5872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe10⤵PID:7960
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe11⤵PID:8776
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe12⤵PID:8704
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 21612⤵PID:4124
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 21611⤵PID:8712
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 23610⤵PID:7732
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 2169⤵PID:6800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 2168⤵PID:5652
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 2167⤵PID:4240
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 2366⤵
- Program crash
PID:1116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2405⤵
- Program crash
PID:2344
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:436
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1304 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25279.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25279.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe8⤵PID:3452
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe9⤵PID:4868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe10⤵PID:5836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe11⤵PID:7240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1237.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1237.exe12⤵PID:8476
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 23612⤵PID:9116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 23611⤵PID:8296
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 21610⤵PID:7128
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 2169⤵PID:5304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 2368⤵PID:4148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 2367⤵
- Program crash
PID:1660
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1364 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe7⤵PID:3688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe8⤵PID:4508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe9⤵PID:4968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe10⤵PID:7072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39686.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39686.exe11⤵PID:8968
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 21611⤵PID:4200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 21610⤵PID:7668
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 2369⤵PID:6132
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 2368⤵PID:4984
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 2167⤵PID:4136
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 2206⤵
- Program crash
PID:3212
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe7⤵PID:3480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe8⤵PID:3740
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60202.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60202.exe9⤵PID:4300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe10⤵PID:6848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe11⤵PID:8616
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 21611⤵PID:9060
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 21610⤵PID:7404
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 2369⤵PID:5828
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 2368⤵PID:4472
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 2167⤵
- Program crash
PID:3120
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 2366⤵
- Program crash
PID:1716
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 2405⤵
- Program crash
PID:2136
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe7⤵PID:3404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe8⤵PID:3420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe9⤵PID:5216
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe10⤵PID:6856
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe11⤵PID:8648
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 23611⤵PID:8576
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 23610⤵PID:8004
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 2169⤵PID:5148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 2168⤵PID:4648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 2167⤵
- Program crash
PID:3348
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 2366⤵
- Program crash
PID:2712
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe6⤵PID:3172
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe7⤵PID:4732
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe8⤵PID:5848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14627.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14627.exe9⤵PID:7468
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe10⤵PID:8808
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 21610⤵PID:4900
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 2169⤵PID:7940
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 2168⤵PID:6788
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 2167⤵PID:5196
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 2366⤵PID:616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 2405⤵
- Program crash
PID:1820
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 2404⤵
- Program crash
PID:2852
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:1936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 2402⤵
- Program crash
PID:2652
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD56153fe379ec59e4af438fc762a9c8ba8
SHA19b42251e8294d02a7324a05ac495fa1c9630a667
SHA2569a02c66dfba5bd4639f43dfa9fb88e5e3d161e771b7ae1794f3dd1fe2e83243c
SHA51278c4897282cfe9f0234004c86286fab9d87a1d4318641ac863d5c6e3af088ac2853707e69ed858cad791d27fd03339899e5fd4add4e87dc128fb90ad48713ce7
-
Filesize
184KB
MD54915b4c74d9cf86db731058d7c1852a2
SHA183e58a6c3957c1a368789ad5b6f2684e617c2c6f
SHA2565559abe7654f97df1fed80dd614140fa8d9e8f0dc6868aa1a87e8abc8d2cd165
SHA5126529208b5d1fe351005519a6755c2f6d77548106436c7d980db24c81ee421472ddf660c2b925876b799cce110f34c477ce5436b533d1fddd1a561e2f06821d4d
-
Filesize
184KB
MD5f4881d5501e9033414ef09e1fb81ec0c
SHA186242cb65b6ad2a5e9d831643e1d85b51734fb5b
SHA25636f967b5644bcaf3bcf9464be1c49347de25944bee248db35c261f0284174a24
SHA51268c2bfc810db20f9f5885db4af75e4c9e688b8c8e3d618070b72cc5263eb5a4d9d2dbe29dcb870206559c04d8afb6c861491242d54265a8366a7c3bd7a0de083
-
Filesize
184KB
MD58a0d07829ff4271a7087fcc953b36a1c
SHA12e6794f011fc8c9d1d0c8b6c331d09ca9a3c58ac
SHA256e57e8fb05de1d1a604d32ee515bea395bdff6a4a107617143622de895cb9b2b0
SHA51221b0d3ba4af8ef624f0156bc19a8dcfceb19951b0e805616a534df25ee73863ecf156aaabc3527e34f51fa04cd50c8236dfdc4e1223b682cea3f6e6262666fc7
-
Filesize
184KB
MD5743b95fe679277188984eb5a6a69d570
SHA1fa7f225b96b8446a64a05108e684e2dae0a3215e
SHA256cd420d42d56dd9f44980a92a9dddea3661800c4a0625fca6ab3360c2519e82db
SHA512f3fab1a433cd590b37f6ff2312093f10de1f6b5f91bd923ad104ed8a37451b2ca70ecc890683b3a5d2e0495048475fe93d167241b60cd8a9c0251d788d2490b9
-
Filesize
184KB
MD597ae96a13c0303d8960a2334273d9dee
SHA10c9ecafe07e1946c6b7a82d6c0f286afa54c03fa
SHA256dfb4755818fa89b54d18f2076f832b8d7e42db32e4beee9e2ab30fbe0d0ea352
SHA51275a7c0d07ba312d4b8b731faa2ef3e8d4d2b9d5bb5d338dac05c5946df06d55b1b149e8995af163c9d8d1c5391263eb5c8a787dfdcdfd1be1fd0df7686223a1a
-
Filesize
184KB
MD594f2dc05021e1659c365d85f233b78ef
SHA1f7958cf4d54673815477b9ad86e23777023ede25
SHA2560a0346250cf8845377d8294d9d706435ae935e2d7dbbf089057c731f73ccf2b4
SHA512f5968029534c38715e7b2daa8d3407ec6bcbe060ee994745ae9909aa41153cf5a6dc2b612dab350f4152dfde2cc1124b1c92c5566f0a651b75a12316e76b3834
-
Filesize
184KB
MD54e99e68dfb70f8dc9c7f95f85331b30e
SHA121c5d2dfa05cc5c8283ded85a39e78edff6f672e
SHA25621097c62ed39c78e79b609985de2d648f4f3b7b38447945a3609b58b538b6e04
SHA5126c5503fd1a27701ecf3205ed727df8cff78c581391542d912d5985e7226df34471ee2de398baed0432b5de69d4dd0f03b81482b599038f704299be40452e2d8b
-
Filesize
184KB
MD5f54cb45fe5e7ebe25f8b1f95df1bd05d
SHA126008eb310190d86c2b1888d13636cc5180fdc93
SHA256caa75e368a28f5a2111fc68538e4ef4510ce751a65d1790c69cbe91962aa9698
SHA51249c768d0e2053e8e128f98fb24a3f59b932c1f0e168f516893a5978941f8a1fcf773eb9e5243bd6fbdfddd8d6a9b7d756d58108387aa608fb8397cc2eb696ff4
-
Filesize
184KB
MD52d82426de46b78962700765e2d97ef11
SHA18063c3d5e6ae96307bee5f957338cebfe38ebfd2
SHA256a89dbec31d13de9892089597bd7f056877d29d5ed4bc306986006df35260af22
SHA51249841ca607ea9a44a6804facbad6a3ba0d6d90ed791087cf5a3bc19ba0811802e6d7c89efb21360ddcb5d33082a8f3b597b7fe80511f5a081a2f6c5bf2ec5b50
-
Filesize
184KB
MD50064fe9a18a0e61bcb66846e13675ab7
SHA1538e0f5fe10b1e380cd95206611c8f16729d956c
SHA2569aa2b936116f7aa3f26398da93442d3838bd5e4deac8e127b2dd2c95e4f4963f
SHA51223bec0bc81261b6cf878395fb5e93494eee636c50ac1a377b883ca8fdc7cb83153b69d941b8fa20e9252dc55009f8271fc56d6bcb70693d8231145952203bfdd
-
Filesize
184KB
MD5decf133e389bdb70293903a7dd95784e
SHA11799392bfbb034edfa6041769c70581c294ed2ac
SHA256cfe6a1cac8404049f47d0b92160a21232a1fbb872e79d105da87f11ced54674a
SHA512ca239a6244ca121e4bd6aeced93011f0b8988f8309b5216deca29521e4fe61d9cc031fa1f6064b3df3d02dd8963612c7cc35f5163cb678df5df6ec1a6f0acbab
-
Filesize
184KB
MD5d63a932f86ed0e3ea5e1256554c8f509
SHA1979ae372bb69a38731b30202ccfdfa7d106e63b0
SHA256023ea547cfed656e05014d03db14c4a6f83c3868fe21608deb76413a160029f5
SHA512c562698b8026d393a1d14803fd12d8dd4fa22ef983e7f8e526dc4d076008f5f3b9da87ca7c67a84c41d05fb125a5945a10ad254e5b312ce65bdf132e16e235d8
-
Filesize
184KB
MD57a9a7a627fb7c4eabf8bb150ea7fe087
SHA1a9b3b456c9945371bb9a60001aa02b05d238aeb2
SHA25656d1287af511439cbb2b938eca87511c3b79b6ec5f07294e5428bc16d9b3069a
SHA512ce7d9b9e234ad62d5750846c5291e57ef06db41273fbe4be81a28ec118a8687a8a1c0e0698088b92d63b7cf3488416a3d7524f62ef0307c6d464a51b5ce9024a
-
Filesize
184KB
MD5fbce9bd3a7cae862d6fe8341d22c78e1
SHA1014419ae0a6c72c16e1c8fc0fd66965f40ebef79
SHA256c44022b787693e389464d683869c6e6e70c1d46ab27ca3fde47c854ccfb22ab9
SHA5124b1fff640fa33e9c700099fdd5d27dc3390caf1d4194f54d6d57fcfc7a53f6b4c72ecba8db1e0430eb5be0e7c09d89a1e057caf0679db70c33842b4131c81b96
-
Filesize
184KB
MD5ad51089f7430ba9a131845d845d4b192
SHA17d528e42719a43869b4273fbe8064cf0a9decf01
SHA2560b6df2783c11b27f4d409534198acbf0ca5b51e36951307f2afbedb39aac386a
SHA512ddaf098a37cfe7bad193fb5eced32b64b3ab62a71ff858ae3f87ff038bd56c802e944e8eea1e3dbfdcc868e452736f5b9d5fa7b367792ea68330754958316913
-
Filesize
184KB
MD5dc4c1d61f021224279831ea9b1948fd6
SHA162a63fdb367962c3f43478056a1c3a4b46a90c75
SHA256e318b032b78f02ac0e70b600570143d17ebad53b8d12107220e11af8c92ecb50
SHA512dd33861f5206d01413652cbc4a4d8c4cec70b501c5597316cbe7583b7ed69bd4484202dae9f04e7e0b415d6ad666e857f463f1aa2b3ebf20d61ba3c6c2ddd62f
-
Filesize
184KB
MD591a80d5623964ee771f9ab2566c45bff
SHA1ea85a4bb63f5650b37f8102b37a770c048e0b82a
SHA256bafb9737bb923fdfb3df6990970c83d167752bc2b6a4ee4ef2bb9dba6d7681ba
SHA512f04e23949112fe53a94b97c6c27556cbe1413f63033f2b697606ae8aa3f101490ac0499a464fe0e968b11b2f8206f656c35e5feff263368e481a2c9acaff066a