Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 03:18
Static task
static1
Behavioral task
behavioral1
Sample
5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe
-
Size
184KB
-
MD5
5a3e2e6cf40c830378fb0b0a36773960
-
SHA1
fa1c33858a94627a668ea0f2ab712734e42b696a
-
SHA256
f44c0495fff322e711f677b007ba71a37dc3e988ebefbcff186c429df30290f0
-
SHA512
11926c911956defe0d34999cfc55a2cf600bf2f8e4b5107fd6245d94dab1b47d3178a6f0abafa383a53135886673d853f29ddab2f9d626ea03efb71badd28a12
-
SSDEEP
3072:Ivxg5moOkPiAdwmtW4SDZhbrcvnlnviFZ:Iv9o28wmYD3brcPlnviF
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2888 Unicorn-54141.exe 2608 Unicorn-12631.exe 2668 Unicorn-25630.exe 1292 Unicorn-39767.exe 2640 Unicorn-55781.exe 2544 Unicorn-26062.exe 1148 Unicorn-54173.exe 1492 Unicorn-53981.exe 2860 Unicorn-53789.exe 1780 Unicorn-33923.exe 996 Unicorn-47987.exe 2768 Unicorn-46955.exe 1360 Unicorn-28158.exe 1744 Unicorn-29659.exe 2176 Unicorn-28817.exe 1276 Unicorn-32155.exe 2916 Unicorn-12289.exe 2000 Unicorn-48299.exe 1348 Unicorn-64827.exe 960 Unicorn-6070.exe 1008 Unicorn-6070.exe 1324 Unicorn-22084.exe 1636 Unicorn-60590.exe 1668 Unicorn-24388.exe 596 Unicorn-59521.exe 1028 Unicorn-39655.exe 3016 Unicorn-33009.exe 2436 Unicorn-144.exe 1000 Unicorn-45624.exe 2292 Unicorn-65489.exe 2080 Unicorn-7798.exe 2184 Unicorn-49153.exe 2912 Unicorn-56797.exe 2720 Unicorn-53076.exe 2604 Unicorn-56221.exe 2512 Unicorn-14674.exe 2388 Unicorn-34540.exe 2452 Unicorn-49267.exe 300 Unicorn-3595.exe 2380 Unicorn-20316.exe 1612 Unicorn-34165.exe 2824 Unicorn-21359.exe 752 Unicorn-33589.exe 2992 Unicorn-4446.exe 1672 Unicorn-49926.exe 2528 Unicorn-52879.exe 2756 Unicorn-56086.exe 2792 Unicorn-36351.exe 1428 Unicorn-36351.exe 2004 Unicorn-56278.exe 1956 Unicorn-43087.exe 1304 Unicorn-42764.exe 956 Unicorn-40382.exe 884 Unicorn-10362.exe 1724 Unicorn-15947.exe 1596 Unicorn-65147.exe 2404 Unicorn-48105.exe 2684 Unicorn-37218.exe 2896 Unicorn-55090.exe 2488 Unicorn-53253.exe 2416 Unicorn-36267.exe 1116 Unicorn-6740.exe 436 Unicorn-35883.exe 2820 Unicorn-55749.exe -
Loads dropped DLL 64 IoCs
pid Process 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 2888 Unicorn-54141.exe 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 2888 Unicorn-54141.exe 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 2608 Unicorn-12631.exe 2608 Unicorn-12631.exe 2888 Unicorn-54141.exe 2888 Unicorn-54141.exe 2668 Unicorn-25630.exe 2668 Unicorn-25630.exe 376 WerFault.exe 376 WerFault.exe 376 WerFault.exe 376 WerFault.exe 376 WerFault.exe 2640 Unicorn-55781.exe 2640 Unicorn-55781.exe 1292 Unicorn-39767.exe 1292 Unicorn-39767.exe 2608 Unicorn-12631.exe 2608 Unicorn-12631.exe 2544 Unicorn-26062.exe 2668 Unicorn-25630.exe 2668 Unicorn-25630.exe 2544 Unicorn-26062.exe 1600 WerFault.exe 1600 WerFault.exe 1600 WerFault.exe 1600 WerFault.exe 1600 WerFault.exe 916 WerFault.exe 916 WerFault.exe 916 WerFault.exe 916 WerFault.exe 916 WerFault.exe 1492 Unicorn-53981.exe 1292 Unicorn-39767.exe 1492 Unicorn-53981.exe 1292 Unicorn-39767.exe 1148 Unicorn-54173.exe 1148 Unicorn-54173.exe 2640 Unicorn-55781.exe 2640 Unicorn-55781.exe 2544 Unicorn-26062.exe 2544 Unicorn-26062.exe 2860 Unicorn-53789.exe 2860 Unicorn-53789.exe 996 Unicorn-47987.exe 996 Unicorn-47987.exe 1780 Unicorn-33923.exe 1780 Unicorn-33923.exe 1680 WerFault.exe 1680 WerFault.exe 1680 WerFault.exe 1680 WerFault.exe 1680 WerFault.exe 1080 WerFault.exe 1080 WerFault.exe 1080 WerFault.exe 1080 WerFault.exe 1080 WerFault.exe 1760 WerFault.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 2700 840 WerFault.exe 27 376 2888 WerFault.exe 28 1600 2608 WerFault.exe 29 916 2668 WerFault.exe 30 1680 2640 WerFault.exe 33 1080 1292 WerFault.exe 32 1760 2544 WerFault.exe 34 3040 1492 WerFault.exe 37 1968 1148 WerFault.exe 36 804 2860 WerFault.exe 39 2616 996 WerFault.exe 40 2592 1780 WerFault.exe 38 928 2292 WerFault.exe 64 1084 2436 WerFault.exe 62 2284 1360 WerFault.exe 44 2236 2768 WerFault.exe 43 1044 1744 WerFault.exe 45 1528 1276 WerFault.exe 48 1736 2916 WerFault.exe 47 3012 2000 WerFault.exe 49 2932 2176 WerFault.exe 46 2400 1348 WerFault.exe 50 2520 960 WerFault.exe 55 1236 1008 WerFault.exe 54 1504 1636 WerFault.exe 57 600 2500 WerFault.exe 146 2212 2184 WerFault.exe 66 2216 1000 WerFault.exe 63 2088 2992 WerFault.exe 83 2524 596 WerFault.exe 59 2584 2912 WerFault.exe 71 1552 1668 WerFault.exe 58 2784 2452 WerFault.exe 77 1500 1028 WerFault.exe 60 1480 1324 WerFault.exe 56 1252 2512 WerFault.exe 75 1268 2080 WerFault.exe 65 2868 300 WerFault.exe 78 2232 3016 WerFault.exe 61 744 2528 WerFault.exe 85 3096 2380 WerFault.exe 79 3104 2388 WerFault.exe 76 3148 2824 WerFault.exe 81 3172 752 WerFault.exe 82 3204 2792 WerFault.exe 87 3232 2720 WerFault.exe 73 3280 1956 WerFault.exe 91 3368 2756 WerFault.exe 86 3384 1612 WerFault.exe 80 3376 2004 WerFault.exe 90 3460 1428 WerFault.exe 88 3920 884 WerFault.exe 98 3220 1596 WerFault.exe 105 3760 2604 WerFault.exe 74 3788 2404 WerFault.exe 106 3836 1304 WerFault.exe 92 3356 1672 WerFault.exe 84 3560 2896 WerFault.exe 108 3600 3476 WerFault.exe 182 3784 1768 WerFault.exe 126 3812 1536 WerFault.exe 149 3884 436 WerFault.exe 112 3892 2728 WerFault.exe 148 3844 2684 WerFault.exe 107 -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 2888 Unicorn-54141.exe 2608 Unicorn-12631.exe 2668 Unicorn-25630.exe 2640 Unicorn-55781.exe 1292 Unicorn-39767.exe 2544 Unicorn-26062.exe 1148 Unicorn-54173.exe 1492 Unicorn-53981.exe 2860 Unicorn-53789.exe 1780 Unicorn-33923.exe 996 Unicorn-47987.exe 1360 Unicorn-28158.exe 2768 Unicorn-46955.exe 1744 Unicorn-29659.exe 2176 Unicorn-28817.exe 1276 Unicorn-32155.exe 2000 Unicorn-48299.exe 2916 Unicorn-12289.exe 1348 Unicorn-64827.exe 960 Unicorn-6070.exe 1008 Unicorn-6070.exe 1324 Unicorn-22084.exe 1636 Unicorn-60590.exe 1668 Unicorn-24388.exe 596 Unicorn-59521.exe 1028 Unicorn-39655.exe 3016 Unicorn-33009.exe 2436 Unicorn-144.exe 1000 Unicorn-45624.exe 2080 Unicorn-7798.exe 2292 Unicorn-65489.exe 2184 Unicorn-49153.exe 2912 Unicorn-56797.exe 2720 Unicorn-53076.exe 2604 Unicorn-56221.exe 2512 Unicorn-14674.exe 2388 Unicorn-34540.exe 2452 Unicorn-49267.exe 2380 Unicorn-20316.exe 300 Unicorn-3595.exe 1612 Unicorn-34165.exe 2824 Unicorn-21359.exe 2992 Unicorn-4446.exe 2528 Unicorn-52879.exe 1672 Unicorn-49926.exe 2792 Unicorn-36351.exe 1428 Unicorn-36351.exe 752 Unicorn-33589.exe 1956 Unicorn-43087.exe 2756 Unicorn-56086.exe 2004 Unicorn-56278.exe 1304 Unicorn-42764.exe 956 Unicorn-40382.exe 884 Unicorn-10362.exe 1596 Unicorn-65147.exe 1724 Unicorn-15947.exe 2404 Unicorn-48105.exe 2684 Unicorn-37218.exe 2896 Unicorn-55090.exe 2488 Unicorn-53253.exe 2416 Unicorn-36267.exe 436 Unicorn-35883.exe 2856 Unicorn-17540.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 840 wrote to memory of 2888 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 28 PID 840 wrote to memory of 2888 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 28 PID 840 wrote to memory of 2888 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 28 PID 840 wrote to memory of 2888 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 28 PID 2888 wrote to memory of 2608 2888 Unicorn-54141.exe 29 PID 2888 wrote to memory of 2608 2888 Unicorn-54141.exe 29 PID 2888 wrote to memory of 2608 2888 Unicorn-54141.exe 29 PID 2888 wrote to memory of 2608 2888 Unicorn-54141.exe 29 PID 840 wrote to memory of 2668 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 30 PID 840 wrote to memory of 2668 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 30 PID 840 wrote to memory of 2668 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 30 PID 840 wrote to memory of 2668 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 30 PID 840 wrote to memory of 2700 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 31 PID 840 wrote to memory of 2700 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 31 PID 840 wrote to memory of 2700 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 31 PID 840 wrote to memory of 2700 840 5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe 31 PID 2608 wrote to memory of 1292 2608 Unicorn-12631.exe 32 PID 2608 wrote to memory of 1292 2608 Unicorn-12631.exe 32 PID 2608 wrote to memory of 1292 2608 Unicorn-12631.exe 32 PID 2608 wrote to memory of 1292 2608 Unicorn-12631.exe 32 PID 2888 wrote to memory of 2640 2888 Unicorn-54141.exe 33 PID 2888 wrote to memory of 2640 2888 Unicorn-54141.exe 33 PID 2888 wrote to memory of 2640 2888 Unicorn-54141.exe 33 PID 2888 wrote to memory of 2640 2888 Unicorn-54141.exe 33 PID 2668 wrote to memory of 2544 2668 Unicorn-25630.exe 34 PID 2668 wrote to memory of 2544 2668 Unicorn-25630.exe 34 PID 2668 wrote to memory of 2544 2668 Unicorn-25630.exe 34 PID 2668 wrote to memory of 2544 2668 Unicorn-25630.exe 34 PID 2888 wrote to memory of 376 2888 Unicorn-54141.exe 35 PID 2888 wrote to memory of 376 2888 Unicorn-54141.exe 35 PID 2888 wrote to memory of 376 2888 Unicorn-54141.exe 35 PID 2888 wrote to memory of 376 2888 Unicorn-54141.exe 35 PID 2640 wrote to memory of 1148 2640 Unicorn-55781.exe 36 PID 2640 wrote to memory of 1148 2640 Unicorn-55781.exe 36 PID 2640 wrote to memory of 1148 2640 Unicorn-55781.exe 36 PID 2640 wrote to memory of 1148 2640 Unicorn-55781.exe 36 PID 1292 wrote to memory of 1492 1292 Unicorn-39767.exe 37 PID 1292 wrote to memory of 1492 1292 Unicorn-39767.exe 37 PID 1292 wrote to memory of 1492 1292 Unicorn-39767.exe 37 PID 1292 wrote to memory of 1492 1292 Unicorn-39767.exe 37 PID 2608 wrote to memory of 1780 2608 Unicorn-12631.exe 38 PID 2608 wrote to memory of 1780 2608 Unicorn-12631.exe 38 PID 2608 wrote to memory of 1780 2608 Unicorn-12631.exe 38 PID 2608 wrote to memory of 1780 2608 Unicorn-12631.exe 38 PID 2668 wrote to memory of 996 2668 Unicorn-25630.exe 40 PID 2668 wrote to memory of 996 2668 Unicorn-25630.exe 40 PID 2668 wrote to memory of 996 2668 Unicorn-25630.exe 40 PID 2668 wrote to memory of 996 2668 Unicorn-25630.exe 40 PID 2544 wrote to memory of 2860 2544 Unicorn-26062.exe 39 PID 2544 wrote to memory of 2860 2544 Unicorn-26062.exe 39 PID 2544 wrote to memory of 2860 2544 Unicorn-26062.exe 39 PID 2544 wrote to memory of 2860 2544 Unicorn-26062.exe 39 PID 2608 wrote to memory of 1600 2608 Unicorn-12631.exe 41 PID 2608 wrote to memory of 1600 2608 Unicorn-12631.exe 41 PID 2608 wrote to memory of 1600 2608 Unicorn-12631.exe 41 PID 2608 wrote to memory of 1600 2608 Unicorn-12631.exe 41 PID 2668 wrote to memory of 916 2668 Unicorn-25630.exe 42 PID 2668 wrote to memory of 916 2668 Unicorn-25630.exe 42 PID 2668 wrote to memory of 916 2668 Unicorn-25630.exe 42 PID 2668 wrote to memory of 916 2668 Unicorn-25630.exe 42 PID 1492 wrote to memory of 2768 1492 Unicorn-53981.exe 43 PID 1492 wrote to memory of 2768 1492 Unicorn-53981.exe 43 PID 1492 wrote to memory of 2768 1492 Unicorn-53981.exe 43 PID 1492 wrote to memory of 2768 1492 Unicorn-53981.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5a3e2e6cf40c830378fb0b0a36773960_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:840 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54141.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54141.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2888 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1292 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1492 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1008 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe10⤵PID:3020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe11⤵PID:3820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe12⤵PID:4716
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe13⤵PID:5320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39933.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39933.exe14⤵PID:7160
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe15⤵PID:8820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20252.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20252.exe16⤵PID:11132
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 21616⤵PID:2156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 21615⤵PID:9816
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 21614⤵PID:2268
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 23613⤵PID:7064
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 21612⤵PID:5628
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 23611⤵PID:3200
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe10⤵PID:3872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe11⤵PID:5000
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe12⤵PID:7104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe13⤵PID:8944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe14⤵PID:10892
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 23614⤵PID:10784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 21613⤵PID:9656
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 21612⤵PID:7384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 21611⤵PID:5860
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 24010⤵PID:4316
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe9⤵PID:1188
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24466.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24466.exe10⤵PID:4036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe11⤵PID:4428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe12⤵PID:5756
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe13⤵PID:7968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe14⤵PID:9980
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 21614⤵PID:4220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 21613⤵PID:9180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 21612⤵PID:7112
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 23611⤵PID:5360
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe10⤵PID:4488
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe11⤵PID:5520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe12⤵PID:7780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe13⤵PID:9932
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 23613⤵PID:4508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 23612⤵PID:9032
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 21611⤵PID:6532
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 22010⤵PID:5380
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 2209⤵
- Program crash
PID:3760
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe9⤵PID:1336
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe10⤵PID:4064
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe11⤵PID:3516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe12⤵PID:5548
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe13⤵PID:7884
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe14⤵PID:9584
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 21614⤵PID:10092
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 23613⤵PID:9116
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 21612⤵PID:1988
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 23611⤵PID:5208
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe10⤵PID:3780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exe11⤵PID:5308
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40701.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40701.exe12⤵PID:6880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe13⤵PID:8684
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe14⤵PID:10928
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 21614⤵PID:10676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 23613⤵PID:9792
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 23612⤵PID:7260
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 21611⤵PID:6508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 24010⤵PID:5028
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 2369⤵
- Program crash
PID:3788
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 2408⤵
- Program crash
PID:1236
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe9⤵PID:2728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63609.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63609.exe10⤵PID:3316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe11⤵PID:4748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe12⤵PID:5732
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe13⤵PID:7520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe14⤵PID:9868
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 21614⤵PID:10212
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 21613⤵PID:8992
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 23612⤵PID:6644
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 23611⤵PID:5644
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 23610⤵
- Program crash
PID:3892
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe9⤵PID:3408
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe10⤵PID:4200
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe11⤵PID:5456
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe12⤵PID:7368
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe13⤵PID:9044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe14⤵PID:10936
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 21614⤵PID:10760
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 21613⤵PID:9712
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 23612⤵PID:8052
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 21611⤵PID:6716
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 23610⤵PID:5268
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 2409⤵
- Program crash
PID:3560
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe8⤵PID:1536
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe9⤵PID:3592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe10⤵PID:4724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53302.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53302.exe11⤵PID:5768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe12⤵PID:7836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe13⤵PID:9284
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 21613⤵PID:9808
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 21612⤵PID:8432
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 23611⤵PID:6780
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 23610⤵PID:5636
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 2169⤵
- Program crash
PID:3812
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 2408⤵
- Program crash
PID:1252
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2407⤵
- Program crash
PID:2236
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34540.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34540.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe8⤵PID:2880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe9⤵PID:3180
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe10⤵PID:4976
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 24011⤵PID:6164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 23610⤵PID:5864
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 2169⤵PID:4472
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 2368⤵
- Program crash
PID:3104
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe7⤵PID:1632
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe8⤵PID:3500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe9⤵PID:4308
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe10⤵PID:5324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe11⤵PID:7680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe12⤵PID:9220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe13⤵PID:6416
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 21612⤵PID:9652
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 21611⤵PID:8288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 23610⤵PID:6544
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 2169⤵PID:5080
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 2168⤵PID:4000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 2407⤵
- Program crash
PID:1480
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 2406⤵
- Program crash
PID:3040
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe9⤵PID:1568
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe10⤵PID:3744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe11⤵PID:4652
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe12⤵PID:6564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe13⤵PID:8532
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe14⤵PID:10500
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 21614⤵PID:11236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 21613⤵PID:9068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 23612⤵PID:8032
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 21611⤵PID:6120
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 21610⤵PID:4672
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 2369⤵
- Program crash
PID:3920
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe8⤵PID:920
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe9⤵PID:3168
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe10⤵PID:4660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe11⤵PID:5568
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe12⤵PID:7232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe13⤵PID:8764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe14⤵PID:10712
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 21614⤵PID:10512
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 21613⤵PID:9448
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 21612⤵PID:7700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 21611⤵PID:6620
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 21610⤵PID:4836
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 2369⤵PID:3908
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 2408⤵
- Program crash
PID:2584
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe8⤵PID:2464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe9⤵PID:3492
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe10⤵PID:4964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe11⤵PID:4884
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe12⤵PID:6864
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe13⤵PID:8476
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe14⤵PID:10420
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 23614⤵PID:11164
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 23613⤵PID:8784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 21612⤵PID:8128
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 23611⤵PID:5964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 21610⤵PID:4936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 2369⤵PID:3536
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe8⤵PID:3552
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe9⤵PID:4956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe10⤵PID:5264
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe11⤵PID:7704
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe12⤵PID:10224
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 21612⤵PID:10472
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 21611⤵PID:9000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 23610⤵PID:6580
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 2169⤵PID:5832
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 2408⤵PID:3684
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 2407⤵
- Program crash
PID:2520
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe8⤵PID:328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe9⤵PID:3332
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54404.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54404.exe10⤵PID:4780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54112.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54112.exe11⤵PID:5540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4334.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4334.exe12⤵PID:8172
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe13⤵PID:9292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe14⤵PID:10952
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 21613⤵PID:10572
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 23612⤵PID:9148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 21611⤵PID:6572
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 21610⤵PID:5436
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 2369⤵PID:4148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 2368⤵
- Program crash
PID:3220
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe7⤵PID:2044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55410.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55410.exe8⤵PID:3852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe9⤵PID:4868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe10⤵PID:6020
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe11⤵PID:7484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60996.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60996.exe12⤵PID:8812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe13⤵PID:10868
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 21613⤵PID:7100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 23612⤵PID:9324
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 23611⤵PID:7856
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 21610⤵PID:6788
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 2169⤵PID:5700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 2168⤵PID:4460
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 2407⤵
- Program crash
PID:3232
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 2406⤵
- Program crash
PID:2284
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 2405⤵
- Loads dropped DLL
- Program crash
PID:1080
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1780 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 2407⤵
- Program crash
PID:928
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe7⤵PID:2656
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe8⤵PID:3620
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe9⤵PID:4952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe10⤵PID:6496
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45204.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45204.exe11⤵PID:8592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe12⤵PID:10560
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 21612⤵PID:10508
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 21611⤵PID:904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 21610⤵PID:7940
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 2169⤵PID:5800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 2368⤵PID:4168
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 2367⤵
- Program crash
PID:3376
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 2406⤵
- Program crash
PID:2400
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21925.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21925.exe7⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe8⤵PID:3932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe9⤵PID:4784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe10⤵PID:5492
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64619.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64619.exe11⤵PID:7636
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe12⤵PID:2016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe13⤵PID:11224
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 21612⤵PID:9432
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 21611⤵PID:8268
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 21610⤵PID:6596
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 2369⤵PID:4712
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 2368⤵PID:3336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 2367⤵
- Program crash
PID:3204
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe6⤵PID:2228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe7⤵PID:3504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe8⤵PID:4744
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe9⤵PID:5472
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exe10⤵PID:7516
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe11⤵PID:9828
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 21611⤵PID:2548
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 23610⤵PID:8892
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 2369⤵PID:6344
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 2168⤵PID:6072
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 2367⤵PID:4616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 2206⤵
- Program crash
PID:1268
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 2405⤵
- Program crash
PID:2592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1600
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1148 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe9⤵PID:3476
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 20010⤵
- Program crash
PID:3600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 2369⤵PID:4108
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 2368⤵
- Program crash
PID:2868
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe8⤵PID:2312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe9⤵PID:3728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe10⤵PID:4256
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe11⤵PID:5500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe12⤵PID:7412
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe13⤵PID:8956
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe14⤵PID:6348
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 21613⤵PID:9332
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 21612⤵PID:7028
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 21611⤵PID:6768
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 23610⤵PID:5280
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 2369⤵PID:3980
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe8⤵PID:3764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe9⤵PID:4864
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exe10⤵PID:5300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe11⤵PID:2144
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe12⤵PID:9040
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe13⤵PID:11260
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 21613⤵PID:6160
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 21612⤵PID:9968
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 23611⤵PID:7620
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 21610⤵PID:6516
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe9⤵PID:5392
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe10⤵PID:7800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe11⤵PID:8800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe12⤵PID:10852
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 23612⤵PID:10580
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 23611⤵PID:9480
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 21610⤵PID:8396
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 2209⤵PID:6588
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 2408⤵PID:4216
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 2407⤵
- Program crash
PID:1504
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 2207⤵
- Program crash
PID:3384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 2406⤵
- Program crash
PID:1044
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1428 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe7⤵PID:2596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe8⤵PID:3644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe9⤵PID:4676
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe10⤵PID:5368
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe11⤵PID:7304
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe12⤵PID:9368
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 21612⤵PID:10624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 23611⤵PID:9188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 21610⤵PID:6804
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 2169⤵PID:5504
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 2368⤵PID:4320
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 2367⤵
- Program crash
PID:3460
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe6⤵PID:2496
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe7⤵PID:3132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe8⤵PID:4440
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43235.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43235.exe9⤵PID:5676
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe10⤵PID:7860
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe11⤵PID:10232
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 21611⤵PID:10464
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 21610⤵PID:9140
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 2169⤵PID:6700
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 2368⤵PID:6088
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 2367⤵PID:4912
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 2406⤵
- Program crash
PID:1552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 2405⤵
- Program crash
PID:1968
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-43087.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43087.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe7⤵PID:2128
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe8⤵PID:3416
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe9⤵PID:4828
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe10⤵PID:5576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39933.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39933.exe11⤵PID:7156
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe12⤵PID:8932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe13⤵PID:11176
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 21613⤵PID:11040
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 21612⤵PID:9904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 21611⤵PID:7388
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 21610⤵PID:7084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2169⤵PID:6140
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 2368⤵PID:4236
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 2367⤵
- Program crash
PID:3280
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe6⤵PID:1768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe7⤵PID:3636
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe8⤵PID:4556
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe9⤵PID:5528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe10⤵PID:7772
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe11⤵PID:9300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe12⤵PID:10588
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 21611⤵PID:9840
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 21610⤵PID:8372
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 2169⤵PID:6612
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 2368⤵PID:4792
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 2367⤵
- Program crash
PID:3784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 2406⤵
- Program crash
PID:2212
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe6⤵PID:1984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe7⤵PID:3992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe8⤵PID:1376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe9⤵PID:6108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe10⤵PID:8156
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe11⤵PID:9632
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 21611⤵PID:10156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 21610⤵PID:8692
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 2369⤵PID:7032
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 2368⤵PID:5224
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe7⤵PID:4048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22970.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22970.exe8⤵PID:4856
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-597.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-597.exe9⤵PID:7532
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe10⤵PID:9088
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe11⤵PID:10312
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 21611⤵PID:11192
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 23610⤵PID:9912
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 2169⤵PID:8200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 2368⤵PID:6180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 2207⤵PID:4628
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 2366⤵
- Program crash
PID:3836
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 2405⤵
- Program crash
PID:2932
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1680
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:376
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53789.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53789.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2860 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1276 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe8⤵
- Suspicious use of SetWindowsHookEx
PID:2856 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe9⤵PID:3288
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe10⤵PID:4708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exe11⤵PID:5244
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe12⤵PID:7560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe13⤵PID:8988
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe14⤵PID:10304
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 21613⤵PID:9608
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 21612⤵PID:8216
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 23611⤵PID:6452
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 23610⤵PID:5200
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 2369⤵PID:5100
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 2368⤵
- Program crash
PID:3148
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe7⤵PID:1572
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe8⤵PID:4016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37450.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37450.exe9⤵PID:4160
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exe10⤵PID:5288
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe11⤵PID:6820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe12⤵PID:8652
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe13⤵PID:10600
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 23613⤵PID:10384
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 21612⤵PID:8736
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 23611⤵PID:8096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 21610⤵PID:6292
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 2369⤵PID:5048
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 2368⤵PID:3488
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 2407⤵
- Program crash
PID:2524
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe7⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe8⤵PID:3804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe9⤵PID:5032
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe10⤵PID:7140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe11⤵PID:9072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54210.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54210.exe12⤵PID:9964
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 21612⤵PID:11024
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 21611⤵PID:9720
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 21610⤵PID:7420
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 2169⤵PID:5880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 2368⤵PID:4300
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 2367⤵
- Program crash
PID:3172
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 2406⤵
- Program crash
PID:1528
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe7⤵PID:1648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe8⤵PID:4024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe9⤵PID:3748
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe10⤵PID:5332
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe11⤵PID:7600
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe12⤵PID:8856
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe13⤵PID:10520
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 21612⤵PID:9628
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 21611⤵PID:8252
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 21610⤵PID:6552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 2169⤵PID:5088
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 2368⤵PID:3568
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 2367⤵
- Program crash
PID:3368
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe6⤵PID:2936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe7⤵PID:3240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe8⤵PID:4816
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe9⤵PID:5604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4292.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4292.exe10⤵PID:7868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe11⤵PID:8880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9814.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9814.exe12⤵PID:6288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 21611⤵PID:9600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 23610⤵PID:8452
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 2369⤵PID:6628
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 2368⤵PID:4844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 2367⤵PID:3964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 2406⤵
- Program crash
PID:1500
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 2405⤵
- Program crash
PID:804
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe7⤵
- Executes dropped EXE
PID:2820 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe8⤵PID:3344
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe9⤵PID:4576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe10⤵PID:5904
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe11⤵PID:7932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe12⤵PID:10008
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 22012⤵PID:10148
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 21611⤵PID:9168
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 21610⤵PID:7192
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 2369⤵PID:5232
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 2368⤵PID:5068
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 2167⤵
- Program crash
PID:3096
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe6⤵PID:2796
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe7⤵PID:3708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35037.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35037.exe8⤵PID:3192
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exe9⤵PID:5252
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe10⤵PID:6692
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45204.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45204.exe11⤵PID:8584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe12⤵PID:10288
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 21612⤵PID:11096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 21611⤵PID:9084
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 23610⤵PID:8044
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 2369⤵PID:6244
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 2368⤵PID:4996
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe7⤵PID:2316
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe8⤵PID:5820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11635.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11635.exe9⤵PID:7252
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe10⤵PID:9352
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 21610⤵PID:9836
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 2169⤵PID:8720
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 2168⤵PID:7288
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 2407⤵PID:5216
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 2406⤵
- Program crash
PID:2232
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe7⤵PID:2500
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 1488⤵
- Program crash
PID:600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 2367⤵
- Program crash
PID:3844
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe6⤵PID:2484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe7⤵PID:3420
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9816.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9816.exe8⤵PID:4928
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe9⤵PID:5512
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe10⤵PID:7440
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe11⤵PID:10068
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 21611⤵PID:4196
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 21610⤵PID:8884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 2369⤵PID:7220
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 2368⤵PID:5780
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 2367⤵PID:3520
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 2406⤵
- Program crash
PID:2784
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 2405⤵
- Program crash
PID:1736
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 2404⤵
- Loads dropped DLL
- Program crash
PID:1760
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:996 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-144.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe7⤵PID:388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe8⤵PID:3948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe9⤵PID:5092
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe10⤵PID:6752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe11⤵PID:8604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe12⤵PID:10324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe13⤵PID:6064
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 21613⤵PID:7020
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 21612⤵PID:11076
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 21611⤵PID:8960
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 21610⤵PID:8020
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 2169⤵PID:5888
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 2368⤵PID:4328
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 2367⤵
- Program crash
PID:2088
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 2366⤵
- Program crash
PID:1084
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe6⤵PID:2056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe7⤵PID:3656
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 2408⤵PID:4588
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe7⤵PID:4604
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe8⤵PID:5460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe9⤵PID:7576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe10⤵PID:10132
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 21610⤵PID:10336
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 2169⤵PID:8924
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 2168⤵PID:6332
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 2407⤵PID:5444
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 2366⤵
- Program crash
PID:3356
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 2405⤵
- Program crash
PID:3012
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1000 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe6⤵
- Executes dropped EXE
PID:1116 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe7⤵PID:3540
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe8⤵PID:4452
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe9⤵PID:6324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe10⤵PID:8524
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe11⤵PID:10260
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 21611⤵PID:11104
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 21610⤵PID:9060
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 2369⤵PID:7588
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 2168⤵PID:5340
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 2367⤵PID:4144
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 2366⤵
- Program crash
PID:744
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:436 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe6⤵PID:3688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe7⤵PID:4120
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe8⤵PID:5176
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exe9⤵PID:7708
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe10⤵PID:8564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe11⤵PID:10960
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 21611⤵PID:5940
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 23610⤵PID:9760
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 2169⤵PID:8300
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 2368⤵PID:6372
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 2167⤵PID:4860
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 2366⤵
- Program crash
PID:3884
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 2405⤵
- Program crash
PID:2216
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 2404⤵
- Program crash
PID:2616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 2403⤵
- Loads dropped DLL
- Program crash
PID:916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 2402⤵
- Program crash
PID:2700
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD5be894750350b9e55d97985b9e14f1989
SHA16655ef8d73d4a6469e3ef8d1b4819c2c8e27c954
SHA25668554b5d374c0120666a588f839e7f943d8328717841c52b4929d1c63716074b
SHA5125c18ad9e84719e03c6d94bc64f92faf44ebc47e872250964d56aa2d0900af4617935bd0989c0ac559a57ba952e2ddd9c96fec25a350bf657ff95bfaace5700ca
-
Filesize
184KB
MD5081a83918edef38aba1cac5a626a5baf
SHA1e67ba11de8164eb634b5f0fdd4a7fb70d6686ef7
SHA25675745c03ce3d96208f81aaae7b6de9d708fe85e35d22feb5eadbe7e4dcc8f77b
SHA512cd0a3e2b2171039593fa744ea6faca1ee5a615a9cfd10f5e0a4832f1bc85027c823c5e134332a0f11c5b0fe677bf559db615ecea144931bfd5e166c49dbd4cb4
-
Filesize
184KB
MD5b6b96935ff18974dbfc4f65d2ccaa299
SHA118d50ba1c734360936316a6bb6eb2447fb354941
SHA256be4fd9c8c89d845952ad7c50dac8bc77e19559253ca57f7951fa2faed9a35d22
SHA512e146aed34978fc7c71c2007ed986729d922919b23f8e0e50959c6b50a0921ba940c6a526b427059f4d3ad46e79f59b2edcbe8d023dc46d695a1a9c14d14c2be5
-
Filesize
184KB
MD5217c072fce5043ab9608e187b7628077
SHA12d170b3d19b010f2d2a4a59688d41b94590d99a7
SHA256f804db5c887d2408a5631a18dc6f625344f080f208125009a82bef08f14aa279
SHA51292f261d9de7ad7ae475e2c7116036d2136a2e8af41e38eaa3434ac48a2fbb120dbdd180c0445936168c024caf2f5a1d81a0eda6bc6b2f47290e1960d5465cd77
-
Filesize
184KB
MD5ba863343d38245a1f62cafabfa45b988
SHA1b75668ee40e7b43cdb007f231477fdee261e1e38
SHA256e09d37ecd92d574e549408bd2f45b210bc01cd8143095560c44c7484653226b9
SHA512976af50f90c28e69e43452e4f7bba4b1d59c969eae19901e8fa52a2a3923cf45b188f7e6b6ed9204d92675638a00d4b70aaf3c37b2b47a9b02983282301c513c
-
Filesize
184KB
MD56ab51fd360690a284fdacf9c34115897
SHA1d0302fd01a8d1560a3b15d297900b42f6925c68b
SHA256b545e6fa6455d8d7e7e3e01f855d71928e209eda211e3e70d0f2c047cafaf541
SHA512f0e8929dce0dcfd1b697e35e995dd19670ea7695e77a51e440f99bc2d359fc1ca91d945d55d8d3d2420e3489253a46a2cffee11fe75a76f42bffb2e205c2f909
-
Filesize
184KB
MD5bc0fb0770d13d3d299d78e732942d16b
SHA1de54eb22bde81a2788e3706c1d058274e9460752
SHA25686db7af354438f76e7ebe8f5325f8202c685a1f2932ff69b4fb1f5e2774c08eb
SHA512d2febb5ebfc8bc556d42b3276e297eeba2da090ffc1d7bb73d17f1ef76b80ce02d9c3009adb6e6ccda5106ac045b89da4d2396bfadeb586aad7438e43497b3d6
-
Filesize
184KB
MD5e60b686d764a492226bb38cd0061b0e8
SHA1f773142462cda9283bd3381edd48ac642576029a
SHA2564749ab1e49b0ab2c794616c24261d47e8a13f0219873105ec52262eabed8d1ab
SHA512651277dfc3b813586da58f9e1712c175401a9f628af7275ee6ea1bde16b073e26deaa286bedc896458b70412245b3c546a22dbb86e0a213d8163d6b952008718
-
Filesize
184KB
MD51063f7fec2b403cc1e0109b03ae49a39
SHA17d678ff702adc2796744992b941345d80084d4c2
SHA2563284a10995d1b4f37f16277391d91bf79a096f62883393598f26a5aee70257c1
SHA5126f9712e613bf9989f1cebeabfbf4dbcda50d5b17f4a9c6677c6e0138e3e38d96e891e4d47fab6c24672080d02e72fabf25b1306b1aa0187e3e7ff1d08aa82348
-
Filesize
184KB
MD5662bb651e82c8c6a903d95ced6c191c1
SHA1aec6843008b8ca266f24c3ce19eacd2e1d28a534
SHA25605e7d134c91ea923ef8289ff543462ed72e3318e98a00b28c4985b8afc3ce590
SHA512021b366c56a2b8a99d0589420ad4f0131f94a99577652002b9050ffd851653b8a1e982125bfca8ab114048a8173dbe5cdc31bda7bf98b4c8fce05cb4a3d6a0e7
-
Filesize
184KB
MD522b359738ae53c1bab4a03e9f7e434ba
SHA16c28d14d37034c4409ed528d03662bf28f7a11d0
SHA25637131eaeaa462bf27edd0efa6f1b72eaa200f351d39179ab403f9cb26128074a
SHA51205cb0d6cda85c3d361946c78cee9479b4dc97947e73b3e8b00c3fd46bbb621151bf31020505edbff161e77cf33e3712e6d33e698ab1fe61efbac6618571dfbf2
-
Filesize
184KB
MD567550bbdb5cf0ac0e6191bbf675ebeb7
SHA1e820e027a4aefc755d30194b443f3f022e8270de
SHA2568131312329dcecd55a3f3e314e914d56190a7ab6f9680a1584af3bf960f2ea39
SHA512087407f22315e79442a0be5a0702acbba49802a7f238e17c8885600b304e874051d70180507270800bf7eb2cb6a59c521c16638dfe962784ef085017d5d3c7a1
-
Filesize
184KB
MD56ce244ec6dad51f5fb947dffd6b58973
SHA1d70a6814edf4bece9acca9a1fa0db73a552fa1fc
SHA2562962d60bb38ab145c73c4317a100dc15d32fbf134006a0bea603e9d8b25775b7
SHA512b11ee328d7d752703121729c8f06ab82b61500edcbed7089007d204e4943e0d76e8c5013ab5602ca2a3c537e7ed35ee69deb2cd7c30b568ff2eae9ab1981ba50
-
Filesize
184KB
MD5a85b5babc54a17443968a799009bdc0f
SHA12a1580b7d5909b47ce0a6911f93e03b49dd6a788
SHA256daabb9d20cbd09403609091e6d866bdd1be3f3fff303c694f3cf46da863b6556
SHA512f8cc50fb7f13f5f94be8b995d5add06b878be9730ff6ffbc84e55a364b080cf17f34651fd482efb183f84157e2ca87a42c48acf5d968cfc6e8d934693e67f89f
-
Filesize
184KB
MD5dcb33e2ada390ddb5c65ea8f286c1613
SHA1668ff099860f60e807ba00dc797010d0e18a9ce7
SHA256ff2d45d27eb43f31a8a67f95414764a4153296a579af4ce964c515550be6a292
SHA5127fe61e3f7ae8c8dedc3a12ba06e48ae5de63ebaed5154e5e23339dd33c756491863b51320bb179e8363f0c5c48c0fe9a9255a9ac6abaacd502f632e507fc0575
-
Filesize
184KB
MD5824235d3e6a49ec0f9578ea1d31debc3
SHA14714661bc2a363a6bf8bea79adfd8cbe982a2d0c
SHA2566c7d50f43d29b7691f60c4979fa4570ed0335bec8f1d1387b842083f0705773e
SHA512f12df2919471f2c73a91e0c3266ee4aa5727457a9a043b855816bd8f0abecfc52f24ed27239e39de33997afc7aeb4aea824df1ad6fc5beda33963716c3cc2620
-
Filesize
184KB
MD5530ce687943326a2ebb6d6d21722415d
SHA107e36a4eb47e5ea40e97b771dc5fddd017dcdb49
SHA256ae3ff90abd9d36d26a12fea96000ebc141dc2a1195af69154e32ffbe69382381
SHA51208e8d624d2b5aaa65b9f529bda437072519b15032f013b10edab48310cf7a6f08a850b7af431fc45400e0c010e0015df8bf9976d73b45d3bf7516543734d8be8
-
Filesize
184KB
MD5379273a4cb6e0f0aebf248eafe9af7e7
SHA1494902ff94297188f5dd3da6655a2ab9b062ce79
SHA256e984f607fbdc5b26cb87ee0acff1f09c505efde8f3bb23389f972a7ed96e7bc8
SHA5128e83c35b9891e1d880c089d8505f80b28208f53b40123ff050dcfd35e1be16e8a77cca65710379b69c7a45519a120607ce74b450da2ded02253d5a4f8fdf2740
-
Filesize
184KB
MD518d617464a1f9c76dafc78560f332b69
SHA1705b42b9d6f21eff30956ad619ebc38d7062e437
SHA2565b5c307c8d027f1823d26434bbef6c018cdaa90a458807db4a98d17ea9a5ed77
SHA512cc02efbd81218ed7a553292720aaccc7f945d07bdb503925657c8828e4dc7cbcc4cbf39cc642db56e8e3a601346ef0970249c513a5aa021413dc4c5938bc46f6
-
Filesize
184KB
MD5c7100f4dbebc59322ee734546e34ca7a
SHA1e3a7764754c6dff16b1a03464e2037606bb16083
SHA256afa9fb4d922b7105d7f3ba771cb70a7dc3ee04a928b963a19b727ccfe73f4688
SHA5121f0b009b0a80a4103517b9410b0ade92459b9c11f1be18565adb4a80206c5d6ce7f4b01eee7ff50dd519e919e6c898d2693caebc876f2391321ede53abe1faf3
-
Filesize
184KB
MD5bb83a8844a293666a081e21ecc0890b7
SHA1596284969080eee016d5db2b4e816c9abd3706de
SHA25674d737508f7d82423f22b726cd3a5f80170a8c6ebdb438d6ddc43a3fef91cf96
SHA51292354f5dc6b82c03bf39fe49515d38ddf72020f6aff9b165bd9c4a4a0fa5de2697095fc3b8811b73fafd7ea70aa1a91a321e6a62298431e10c98d0657191b61e
-
Filesize
184KB
MD5e18407b65dfcf5aa1097800d48e3b678
SHA165d10efcfedb0527bc726f4958069a45671f1e0f
SHA25681af652b7e84fba843842f3c3de7471fa80322ad1f323c72ba56a7cb4698acc5
SHA51247923b2a4642b2eb23f40d1acf2a114fe9301226b60808239a8700f9831a7ad38c7d75e7c328df1923a12ae85069d15a20f24fab4ea0f4c93f59c40f28aa8460