7a877675c02eda4a0bbe06250658c53bea1f93e62b12d5d6bca803d0e5feed1d

Analysis

max time kernel
214s
max time network
161s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51ec6ffc03305ff8406ce3ee20b92612.exe
Size

184KB
MD5

51ec6ffc03305ff8406ce3ee20b92612
SHA1

0f7d69fb2b88ee4c0044a2280c8862f1e291658b
SHA256

7a877675c02eda4a0bbe06250658c53bea1f93e62b12d5d6bca803d0e5feed1d
SHA512

cc9346f97dc39e7d0c30164049a31b38b550f981bbd211d6cbdcd25b4d3d126201d730d72282413372b76672082715dbf3ea549960d93c21093c4ea5988893be
SSDEEP

3072:aEkGoQ/n9H0rOjl43yzS8y1gX0Mwtlt8TxZ/P9ZNlPyFb:aEZoKl0re4CzS8WPKnNlPyF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2024	Unicorn-16986.exe
2940	Unicorn-18304.exe
2012	Unicorn-58049.exe
2052	Unicorn-30015.exe
2064	Unicorn-12548.exe
2084	Unicorn-11993.exe
1560	Unicorn-12823.exe
892	Unicorn-11583.exe
1520	Unicorn-54562.exe
3040	Unicorn-54728.exe
988	Unicorn-26379.exe
1700	Unicorn-18211.exe
2676	Unicorn-16990.exe
2276	Unicorn-35014.exe
2108	Unicorn-62232.exe
2460	Unicorn-62232.exe
2544	Unicorn-27976.exe
1248	Unicorn-17116.exe
932	Unicorn-21754.exe
2140	Unicorn-40503.exe
2128	Unicorn-15060.exe
296	Unicorn-5138.exe
1644	Unicorn-3363.exe
2312	Unicorn-17199.exe
2832	Unicorn-1438.exe
1944	Unicorn-36227.exe
2560	Unicorn-13114.exe
1868	Unicorn-32719.exe
3036	Unicorn-49871.exe
1720	Unicorn-45782.exe
1136	Unicorn-45782.exe
436	Unicorn-45782.exe
2252	Unicorn-45782.exe
1128	Unicorn-45782.exe
1620	Unicorn-58610.exe
1356	Unicorn-21086.exe
2500	Unicorn-62886.exe
3064	Unicorn-34106.exe
1648	Unicorn-57795.exe
2956	Unicorn-42549.exe
1444	Unicorn-43295.exe
1932	Unicorn-55548.exe
680	Unicorn-5984.exe
2588	Unicorn-34573.exe
1048	Unicorn-17469.exe
1856	Unicorn-34935.exe
2844	Unicorn-57110.exe
616	Unicorn-49819.exe
2468	Unicorn-60146.exe
2376	Unicorn-12507.exe
876	Unicorn-5216.exe
2428	Unicorn-53410.exe
2924	Unicorn-51656.exe
916	Unicorn-8335.exe
2496	Unicorn-18236.exe
976	Unicorn-18236.exe
2452	Unicorn-51314.exe
2800	Unicorn-22508.exe
1012	Unicorn-56249.exe
2216	Unicorn-21665.exe
912	Unicorn-26042.exe
684	Unicorn-64417.exe
1808	Unicorn-29607.exe
2568	Unicorn-26042.exe

Loads dropped DLL 64 IoCs

pid	Process
2860	51ec6ffc03305ff8406ce3ee20b92612.exe
2860	51ec6ffc03305ff8406ce3ee20b92612.exe
2024	Unicorn-16986.exe
2024	Unicorn-16986.exe
2940	Unicorn-18304.exe
2940	Unicorn-18304.exe
2024	Unicorn-16986.exe
2024	Unicorn-16986.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2940	Unicorn-18304.exe
2940	Unicorn-18304.exe
2012	Unicorn-58049.exe
2012	Unicorn-58049.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2052	Unicorn-30015.exe
2052	Unicorn-30015.exe
1744	WerFault.exe
1744	WerFault.exe
1744	WerFault.exe
1744	WerFault.exe
1744	WerFault.exe
2084	Unicorn-11993.exe
2084	Unicorn-11993.exe
2064	Unicorn-12548.exe
2064	Unicorn-12548.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
892	Unicorn-11583.exe
1560	Unicorn-12823.exe
1520	Unicorn-54562.exe
1520	Unicorn-54562.exe
1560	Unicorn-12823.exe
892	Unicorn-11583.exe
2012	Unicorn-58049.exe
2012	Unicorn-58049.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
3040	Unicorn-54728.exe
3040	Unicorn-54728.exe
1700	Unicorn-18211.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
304	2860	WerFault.exe	26
2528	2024	WerFault.exe	27
2320	2940	WerFault.exe	29
1744	2052	WerFault.exe	31
2248	2064	WerFault.exe	33
3056	2084	WerFault.exe	34
3008	1560	WerFault.exe	36
2608	2012	WerFault.exe	30
2316	892	WerFault.exe	39
1324	1520	WerFault.exe	38
868	2460	WerFault.exe	50
828	1700	WerFault.exe	43
2928	1248	WerFault.exe	52
2920	2676	WerFault.exe	45
1996	2276	WerFault.exe	48
1972	2108	WerFault.exe	49
1088	3040	WerFault.exe	42
2892	2544	WerFault.exe	51
2304	932	WerFault.exe	53
1496	988	WerFault.exe	44
2236	1944	WerFault.exe	56
1592	3036	WerFault.exe	72
1072	1868	WerFault.exe	73
1160	1644	WerFault.exe	59
1376	2560	WerFault.exe	57
1660	1720	WerFault.exe	78
652	2312	WerFault.exe	58
1584	1356	WerFault.exe	81
1764	1620	WerFault.exe	82
1208	296	WerFault.exe	61
2204	1136	WerFault.exe	77
2728	436	WerFault.exe	76
2360	2140	WerFault.exe	63
1696	2832	WerFault.exe	62
2756	2252	WerFault.exe	75
2580	2924	WerFault.exe	100
2564	2500	WerFault.exe	83
1216	2128	WerFault.exe	60
2612	2376	WerFault.exe	96
2264	2956	WerFault.exe	95
2836	3064	WerFault.exe	84
2808	1648	WerFault.exe	85
1788	2468	WerFault.exe	87
440	616	WerFault.exe	90
2604	2428	WerFault.exe	97
832	1444	WerFault.exe	93
3024	1856	WerFault.exe	91
1212	2844	WerFault.exe	92
3080	2588	WerFault.exe	99
3120	1932	WerFault.exe	89
3140	1048	WerFault.exe	94
3212	680	WerFault.exe	88
3288	876	WerFault.exe	98
3468	916	WerFault.exe	114
3492	2496	WerFault.exe	115
3512	912	WerFault.exe	133
3520	1808	WerFault.exe	132
3568	684	WerFault.exe	131
3584	2452	WerFault.exe	123
3612	1712	WerFault.exe	130
4056	1012	WerFault.exe	126
3284	3240	WerFault.exe	144
3440	3356	WerFault.exe	150
3424	2216	WerFault.exe	129

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2860	51ec6ffc03305ff8406ce3ee20b92612.exe
2024	Unicorn-16986.exe
2940	Unicorn-18304.exe
2012	Unicorn-58049.exe
2052	Unicorn-30015.exe
2064	Unicorn-12548.exe
2084	Unicorn-11993.exe
1560	Unicorn-12823.exe
892	Unicorn-11583.exe
1520	Unicorn-54562.exe
3040	Unicorn-54728.exe
1700	Unicorn-18211.exe
2676	Unicorn-16990.exe
988	Unicorn-26379.exe
2276	Unicorn-35014.exe
2108	Unicorn-62232.exe
2460	Unicorn-62232.exe
2544	Unicorn-27976.exe
1248	Unicorn-17116.exe
932	Unicorn-21754.exe
1944	Unicorn-36227.exe
2140	Unicorn-40503.exe
2560	Unicorn-13114.exe
296	Unicorn-5138.exe
2312	Unicorn-17199.exe
2128	Unicorn-15060.exe
2832	Unicorn-1438.exe
1644	Unicorn-3363.exe
1868	Unicorn-32719.exe
3036	Unicorn-49871.exe
2252	Unicorn-45782.exe
1136	Unicorn-45782.exe
1720	Unicorn-45782.exe
436	Unicorn-45782.exe
1356	Unicorn-21086.exe
1620	Unicorn-58610.exe
2500	Unicorn-62886.exe
3064	Unicorn-34106.exe
1648	Unicorn-57795.exe
1444	Unicorn-43295.exe
2844	Unicorn-57110.exe
2924	Unicorn-51656.exe
2956	Unicorn-42549.exe
680	Unicorn-5984.exe
2376	Unicorn-12507.exe
1932	Unicorn-55548.exe
2468	Unicorn-60146.exe
1856	Unicorn-34935.exe
2588	Unicorn-34573.exe
2428	Unicorn-53410.exe
616	Unicorn-49819.exe
1048	Unicorn-17469.exe
876	Unicorn-5216.exe
916	Unicorn-8335.exe
2496	Unicorn-18236.exe
912	Unicorn-26042.exe
684	Unicorn-64417.exe
1808	Unicorn-29607.exe
2800	Unicorn-22508.exe
2216	Unicorn-21665.exe
1012	Unicorn-56249.exe
1712	Unicorn-33691.exe
2568	Unicorn-26042.exe
3240	Unicorn-16595.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2024	2860	51ec6ffc03305ff8406ce3ee20b92612.exe	27
PID 2860 wrote to memory of 2024	2860	51ec6ffc03305ff8406ce3ee20b92612.exe	27
PID 2860 wrote to memory of 2024	2860	51ec6ffc03305ff8406ce3ee20b92612.exe	27
PID 2860 wrote to memory of 2024	2860	51ec6ffc03305ff8406ce3ee20b92612.exe	27
PID 2860 wrote to memory of 304	2860	51ec6ffc03305ff8406ce3ee20b92612.exe	28
PID 2860 wrote to memory of 304	2860	51ec6ffc03305ff8406ce3ee20b92612.exe	28
PID 2860 wrote to memory of 304	2860	51ec6ffc03305ff8406ce3ee20b92612.exe	28
PID 2860 wrote to memory of 304	2860	51ec6ffc03305ff8406ce3ee20b92612.exe	28
PID 2024 wrote to memory of 2940	2024	Unicorn-16986.exe	29
PID 2024 wrote to memory of 2940	2024	Unicorn-16986.exe	29
PID 2024 wrote to memory of 2940	2024	Unicorn-16986.exe	29
PID 2024 wrote to memory of 2940	2024	Unicorn-16986.exe	29
PID 2940 wrote to memory of 2012	2940	Unicorn-18304.exe	30
PID 2940 wrote to memory of 2012	2940	Unicorn-18304.exe	30
PID 2940 wrote to memory of 2012	2940	Unicorn-18304.exe	30
PID 2940 wrote to memory of 2012	2940	Unicorn-18304.exe	30
PID 2024 wrote to memory of 2052	2024	Unicorn-16986.exe	31
PID 2024 wrote to memory of 2052	2024	Unicorn-16986.exe	31
PID 2024 wrote to memory of 2052	2024	Unicorn-16986.exe	31
PID 2024 wrote to memory of 2052	2024	Unicorn-16986.exe	31
PID 2024 wrote to memory of 2528	2024	Unicorn-16986.exe	32
PID 2024 wrote to memory of 2528	2024	Unicorn-16986.exe	32
PID 2024 wrote to memory of 2528	2024	Unicorn-16986.exe	32
PID 2024 wrote to memory of 2528	2024	Unicorn-16986.exe	32
PID 2940 wrote to memory of 2064	2940	Unicorn-18304.exe	33
PID 2940 wrote to memory of 2064	2940	Unicorn-18304.exe	33
PID 2940 wrote to memory of 2064	2940	Unicorn-18304.exe	33
PID 2940 wrote to memory of 2064	2940	Unicorn-18304.exe	33
PID 2012 wrote to memory of 2084	2012	Unicorn-58049.exe	34
PID 2012 wrote to memory of 2084	2012	Unicorn-58049.exe	34
PID 2012 wrote to memory of 2084	2012	Unicorn-58049.exe	34
PID 2012 wrote to memory of 2084	2012	Unicorn-58049.exe	34
PID 2940 wrote to memory of 2320	2940	Unicorn-18304.exe	35
PID 2940 wrote to memory of 2320	2940	Unicorn-18304.exe	35
PID 2940 wrote to memory of 2320	2940	Unicorn-18304.exe	35
PID 2940 wrote to memory of 2320	2940	Unicorn-18304.exe	35
PID 2052 wrote to memory of 1560	2052	Unicorn-30015.exe	36
PID 2052 wrote to memory of 1560	2052	Unicorn-30015.exe	36
PID 2052 wrote to memory of 1560	2052	Unicorn-30015.exe	36
PID 2052 wrote to memory of 1560	2052	Unicorn-30015.exe	36
PID 2052 wrote to memory of 1744	2052	Unicorn-30015.exe	37
PID 2052 wrote to memory of 1744	2052	Unicorn-30015.exe	37
PID 2052 wrote to memory of 1744	2052	Unicorn-30015.exe	37
PID 2052 wrote to memory of 1744	2052	Unicorn-30015.exe	37
PID 2084 wrote to memory of 892	2084	Unicorn-11993.exe	39
PID 2084 wrote to memory of 892	2084	Unicorn-11993.exe	39
PID 2084 wrote to memory of 892	2084	Unicorn-11993.exe	39
PID 2084 wrote to memory of 892	2084	Unicorn-11993.exe	39
PID 2064 wrote to memory of 1520	2064	Unicorn-12548.exe	38
PID 2064 wrote to memory of 1520	2064	Unicorn-12548.exe	38
PID 2064 wrote to memory of 1520	2064	Unicorn-12548.exe	38
PID 2064 wrote to memory of 1520	2064	Unicorn-12548.exe	38
PID 2064 wrote to memory of 2248	2064	Unicorn-12548.exe	40
PID 2064 wrote to memory of 2248	2064	Unicorn-12548.exe	40
PID 2064 wrote to memory of 2248	2064	Unicorn-12548.exe	40
PID 2064 wrote to memory of 2248	2064	Unicorn-12548.exe	40
PID 2084 wrote to memory of 3056	2084	Unicorn-11993.exe	41
PID 2084 wrote to memory of 3056	2084	Unicorn-11993.exe	41
PID 2084 wrote to memory of 3056	2084	Unicorn-11993.exe	41
PID 2084 wrote to memory of 3056	2084	Unicorn-11993.exe	41
PID 1520 wrote to memory of 1700	1520	Unicorn-54562.exe	43
PID 1520 wrote to memory of 1700	1520	Unicorn-54562.exe	43
PID 1520 wrote to memory of 1700	1520	Unicorn-54562.exe	43
PID 1520 wrote to memory of 1700	1520	Unicorn-54562.exe	43

C:\Users\Admin\AppData\Local\Temp\51ec6ffc03305ff8406ce3ee20b92612.exe
"C:\Users\Admin\AppData\Local\Temp\51ec6ffc03305ff8406ce3ee20b92612.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11993.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26379.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5216.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        12⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        13⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
        14⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
        14⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        13⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 216
        12⤵
        Program crash
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 236
        11⤵
        Program crash
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49819.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
        11⤵
        Program crash
        
        PID:440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        10⤵
        Program crash
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
        9⤵
        Program crash
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        10⤵
        Executes dropped EXE
        
        PID:976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        10⤵
        Program crash
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        10⤵
        Program crash
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        9⤵
        Program crash
        
        PID:1072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
        8⤵
        Program crash
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        12⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        13⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        12⤵
        Program crash
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 236
        11⤵
        Program crash
        
        PID:3212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        10⤵
        Program crash
        
        PID:2564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
        9⤵
        Program crash
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        8⤵
        Program crash
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        7⤵
        Program crash
        
        PID:2316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        11⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        11⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
        10⤵
        Program crash
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
        9⤵
        Program crash
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 220
        9⤵
        Program crash
        
        PID:2604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        8⤵
        Program crash
        
        PID:1216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        7⤵
        Program crash
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        11⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        11⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
        10⤵
        Program crash
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        9⤵
        Program crash
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        8⤵
        Program crash
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
        10⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        10⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
        9⤵
        Program crash
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
        8⤵
        Program crash
        
        PID:832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        7⤵
        Program crash
        
        PID:1160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        6⤵
        Program crash
        
        PID:2920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12548.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13114.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        11⤵
        Program crash
        
        PID:2612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
        10⤵
        Program crash
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57110.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        11⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        11⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        10⤵
        Program crash
        
        PID:1212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        9⤵
        Program crash
        
        PID:1376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        8⤵
        Program crash
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21665.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        11⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        11⤵
        Program crash
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        10⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        11⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
        11⤵
        Program crash
        
        PID:3440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        10⤵
        Program crash
        
        PID:3492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        9⤵
        Program crash
        
        PID:2808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        8⤵
        Program crash
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        7⤵
        Program crash
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17199.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        11⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        12⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        13⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        13⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
        12⤵
        Program crash
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 236
        11⤵
        Program crash
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        10⤵
        Program crash
        
        PID:1788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
        9⤵
        Program crash
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        9⤵
        Executes dropped EXE
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        10⤵
        Program crash
        
        PID:3584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        9⤵
        Program crash
        
        PID:3120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        8⤵
        Program crash
        
        PID:652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
        7⤵
        Program crash
        
        PID:2892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        6⤵
        Program crash
        
        PID:1324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2248
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        8⤵
        Executes dropped EXE
        
        PID:1128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 216
        8⤵
        Program crash
        
        PID:1208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        7⤵
        Program crash
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        9⤵
        Program crash
        
        PID:2264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
        8⤵
        Program crash
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        10⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
        9⤵
        Program crash
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 216
        8⤵
        Program crash
        
        PID:3024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        7⤵
        Program crash
        
        PID:2360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        6⤵
        Program crash
        
        PID:1088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:3008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
      4⤵
      Loads dropped DLL
      Program crash
      PID:1744
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
  2⤵
  - Program crash
  PID:304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe

Filesize
184KB

MD5
4caa0383fea5a86f1219cae2b357cd4e

SHA1
fae2085cd2688273322bc8b4b60779903ea942f5

SHA256
a49c0983eda7538e7147b888e1961006c21bcdbf14aee859000c2c8b6a57f0a3

SHA512
29155c8028b13cbb65d7375590532967b0d7a825a3bf8515b45c2b5ef99fcb271834e741ebc0a8addae4dcbc8aa4ae230b5d6ce72b069078be4239862116a0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11993.exe

Filesize
184KB

MD5
51df56676ebc77f6871e93b70d721393

SHA1
66889de66ea1689641800f20e20dc9cea2bb316c

SHA256
a657f45656695a22399b1cf993108d117c8672aac63b54b99f4a2fa428532afb

SHA512
8f70c1686c2b7dc8de116da35a2266c3749ee0a7e0810b9fcc52ac742d0a27dcda46ad30e39e225005457841320ee8e46daf79cef9011b4a35191b951b1c32c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe

Filesize
184KB

MD5
3d11bb296fca6eb4f833d8571c1a4568

SHA1
7e7cd0344f38d7a902a0c026288b45ee34b7e196

SHA256
6986634e6a5c4643ea013557f7eeb463ecd3442abad4534c3058cc84aec032e2

SHA512
18337469bf60b11078bd8eb60aef48daaa68260c0d30115d6c2d94cc52a55abc7b6ce0ad09c6a05d593ec5b0c4942c40b9bb15fba30a0418863c1a4e471dc490

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe

Filesize
136KB

MD5
29950cd42e4cac4c837eda7bb183bd1a

SHA1
92506fdadf14f585182b0f293dede8e8e6871bbc

SHA256
1ae3a7ed621381a2a55f90ac25fd97ef3e07d0c3554a903056e60d7a7637c482

SHA512
66e6b12d8cfc0b5ba4fcdbbc2609ff13128bceb903233cda2179847ed0161b393d5bd43532e45cdf1a6b1b82f9f5e61e668346477da18f2a9035058b1b8ff39e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe

Filesize
184KB

MD5
24c579249d08bea37d0155bf47405019

SHA1
670a697a8fa323da0c6d5294667614aa711dd609

SHA256
50c2ac34dccbba7b96711674f398a3bcf0b0947fd44309a6b0ef59d1b83ef2ac

SHA512
97ce69cb5db49398635ccb24fdd136dc2874e27788e3c84a8ac4f2f42e735a28306159c2e3fc2023e93bbb6dee1f038091710a7ce61925e8453aa3d099430a50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe

Filesize
184KB

MD5
6ef11e4358f7427a510253797c114ecf

SHA1
7cbbd389cbc02eaf5396fc56f7f11a51443e2a99

SHA256
4b15bc45b7db3f5bd0066aa089c70eec23ad1d543307b6273064be9acb6a81e7

SHA512
0bfe685b3ad42189a142a20c68ae4a2ff1c761904eaac34d15c5ed9e8832ed72ae77b7fd5c235b425ac50dae4677687c059bc38e80f9a8b1e1d007786499e5c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe

Filesize
184KB

MD5
74e10f0ccbba6a81f1c94bff7f6bf9c4

SHA1
f4307be848c3c2710c52fc9a0c81a49e71851152

SHA256
f7bc10f4bc9b2f45e6463579db4fb7acb55e3ba215b58e94e8809a71a1a3a3e8

SHA512
e881d72e218e02606d7c2437bf2f777d0bb4743aae4b6e5c8ac0b968292f002c4bf45df18d53c55f51c35b538a881135eeee6c0941d162f58ca8ee213455c220

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12548.exe

Filesize
184KB

MD5
09f8aad82821cdd1ea3109683165b034

SHA1
8fd186d0063eaf5471c581e3514ef65715a0da90

SHA256
88f3cfcd7f77add7117cb1c5832fc1a62c21bd290e44525c17aa2a7543a85e68

SHA512
10fe5e5ac9a475480f5d10e42f538d51fc3f04248f108330583decb0daa6c81376b4f5c9ce9586305f1e1cc174553320b3f597a75a851e929773d9b7f19abe0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe

Filesize
184KB

MD5
24e4a200dd9cdfcff72275db5731e9d8

SHA1
02c919abfd5f490d9fe3d71c6ac4c7ab82dac8cd

SHA256
2a9e8053ebae5d1178865d93d0aba274ba5acfa8c8a12e4eca3900bfddf8aa12

SHA512
57229aa3a042212b992878c9c48f938b601bb8edcb20d0414343c4e89e8ba70a842b9cc8e3a2df2d04ce26627ee1683edfed8a363fa59b5a8104cf485de5e82b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe

Filesize
184KB

MD5
1dea88d745f1ea99d4592a28a2bbf7d0

SHA1
32f5557333e84b8732b5321874a5596a9d41850c

SHA256
bfaa459fa547735024256e481e7fce085f91599fcbf8dabbe4038c8d354e8668

SHA512
91cf17e928f628a2031bc8ad87dd60afcf1609e5ceac4c14e944b6669620e3a4640233886b57af814cceca169cd86ab5927cb714dda84dbcb5b14154ba36878d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe

Filesize
184KB

MD5
7a2f80994f6476af07ebd32401e5c3bd

SHA1
7f887854f52c85b2620b884b6572f56ac52d955b

SHA256
67ac996bf0e57990aac8fc850c47b232fa733e41b78d83213180058ac7c6d7ab

SHA512
bedf92ed19958d65c0881f4e13ad05ab7eb60c4f7af716d53141c25ace50b8c45cc5c0dd91240f820cacfed7ecfa363596c2174a74ea8d22ef27e80c81b6a8ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26379.exe

Filesize
184KB

MD5
b77410643e52eb9b324fb5348d4e2cdf

SHA1
0b357c0ef20263f9bb154ed043dff3eb48083f04

SHA256
56fabd8b1f0a6e0dd6662917760ebce3ba27b5ec326f61e851a11d372b8d25de

SHA512
66190dac80af56d2a680729752ca7ae9d3d60b949cb5ac703181d6906461ddd0dff63275f0d700c4436c7be3e727de33ff6a8f89c957539276aa93e4c47d4dab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe

Filesize
184KB

MD5
76e540109c665b91961144527ca7e9ce

SHA1
57a2b0db5cd9ee5c709a70e15e5ea1430debc92c

SHA256
d3b05daf3888c0ce751ceba20206567407bdafee999a1783a5f3c03cb1a02139

SHA512
ff552a19358425b01e5aced681ea0b8b41957469152dbbb98709274f940552c6cd9a94b6c461f8659f07d84ea6470827b51802b95cd364a95c004278c0d114dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe

Filesize
184KB

MD5
2619cefd695fe50f12ff95eaa7912b8a

SHA1
7de517c147347e87316cb711985c913900be36a9

SHA256
83e94384cf10be2e98661411c3915a313bde2e3c7076ba064118b35e0f177e1f

SHA512
24e16c727003f2306e505a28364c708e925f40ebcf4e25d917578175a7d8148947395dfd10d18b43c70c5c03d9a03ff52173c5693361bf935f019a5f9ad119a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe

Filesize
184KB

MD5
3f88d8808942fd01d19ae3a83c1151de

SHA1
d075ce0b49aa62c35c9545725abbc105fa266044

SHA256
375371e5447dc5ad247f579ad39b2e10c710660293afc078008e2c9f86fca492

SHA512
82b7a085ade08412ada375169ec14cc7e9f9bbea7b0def50feeb01dae2b2f221a007990986c1bf9c88ff475a4ccb4b00ae04a976a8ce0b5ce5325b7e539678c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe

Filesize
184KB

MD5
fdae7d987c532fe8d2fa58d26721535a

SHA1
a53c1209f3ff0293f6a66b6b33f75adb9eef0fb0

SHA256
f8dc6ca75ad7b018d7b9243c7bc1cf9c4802456a945efe0f86f6262ca00751d5

SHA512
bc8e8c1addcde9cb18ef81e6fbc5b2f7fe4fbf703d854c04e21864199e9d629edcb038f3377b255885433c023ea569500db18d2ef8a40599a7b222951ca04a4f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads