95ddb8d7162ea7be37c6c887d030f18fb9564236881badc47331c4d04ee0fb92

Analysis

max time kernel
149s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e0fe8175fe2c5e68c8f353e541ae3c9.exe
Size

184KB
MD5

0e0fe8175fe2c5e68c8f353e541ae3c9
SHA1

0cf9711769f632b83be57445b6b5751388b49c26
SHA256

95ddb8d7162ea7be37c6c887d030f18fb9564236881badc47331c4d04ee0fb92
SHA512

5a293c8729bf18a7d306242f1784068eb2d5b1045b8a0f27d98d16f302a4a0e59fa24575e89a61b7332d1ec47e2861d32a9e337cbdc3b57e9799dc8f9239355c
SSDEEP

3072:/j9Ro3+sQGAG5yjvdticMvkGtVY6bdfn7wSx2BIQuNlPvpFi:/jTo2rG5MdgcMvVvsSNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2752	Unicorn-9869.exe
2772	Unicorn-41712.exe
2908	Unicorn-64825.exe
2592	Unicorn-36341.exe
2620	Unicorn-30673.exe
2564	Unicorn-60845.exe
960	Unicorn-19896.exe
2632	Unicorn-40316.exe
1644	Unicorn-59366.exe
2304	Unicorn-8774.exe
2476	Unicorn-62059.exe
2372	Unicorn-14825.exe
2424	Unicorn-29770.exe
616	Unicorn-21624.exe
2288	Unicorn-61073.exe
1920	Unicorn-7041.exe
1636	Unicorn-33684.exe
2464	Unicorn-11680.exe
1152	Unicorn-27462.exe
896	Unicorn-15641.exe
2900	Unicorn-52397.exe
2340	Unicorn-18141.exe
2316	Unicorn-58427.exe
2648	Unicorn-9781.exe
1508	Unicorn-7088.exe
1948	Unicorn-54919.exe
2520	Unicorn-18525.exe
2984	Unicorn-48697.exe
1088	Unicorn-24555.exe
2756	Unicorn-5526.exe
2704	Unicorn-14249.exe
2584	Unicorn-15531.exe
2360	Unicorn-53035.exe
544	Unicorn-55002.exe
1476	Unicorn-18054.exe
1744	Unicorn-43112.exe
1372	Unicorn-39028.exe
2308	Unicorn-20576.exe
1500	Unicorn-49911.exe
2276	Unicorn-53248.exe
2912	Unicorn-53248.exe
1748	Unicorn-35328.exe
1136	Unicorn-20938.exe
1544	Unicorn-25044.exe
676	Unicorn-63938.exe
1332	Unicorn-24852.exe
1388	Unicorn-37658.exe
1640	Unicorn-26798.exe
2692	Unicorn-20659.exe
2736	Unicorn-13258.exe
2188	Unicorn-31733.exe
2204	Unicorn-7036.exe
2532	Unicorn-2760.exe
1796	Unicorn-48432.exe
1512	Unicorn-21235.exe
1236	Unicorn-40093.exe
2776	Unicorn-25594.exe
2964	Unicorn-39984.exe
2312	Unicorn-15864.exe
2264	Unicorn-46782.exe
1192	Unicorn-9833.exe
3080	Unicorn-53352.exe
3248	Unicorn-51852.exe
3240	Unicorn-51852.exe

Loads dropped DLL 64 IoCs

pid	Process
2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe
2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe
2752	Unicorn-9869.exe
2752	Unicorn-9869.exe
2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe
2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe
2772	Unicorn-41712.exe
2772	Unicorn-41712.exe
2752	Unicorn-9869.exe
2908	Unicorn-64825.exe
2908	Unicorn-64825.exe
2752	Unicorn-9869.exe
756	WerFault.exe
756	WerFault.exe
756	WerFault.exe
756	WerFault.exe
756	WerFault.exe
756	WerFault.exe
756	WerFault.exe
756	WerFault.exe
756	WerFault.exe
2620	Unicorn-30673.exe
2620	Unicorn-30673.exe
2592	Unicorn-36341.exe
2592	Unicorn-36341.exe
2772	Unicorn-41712.exe
2772	Unicorn-41712.exe
2564	Unicorn-60845.exe
2564	Unicorn-60845.exe
2908	Unicorn-64825.exe
2908	Unicorn-64825.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
960	Unicorn-19896.exe
2620	Unicorn-30673.exe
960	Unicorn-19896.exe
2620	Unicorn-30673.exe
2632	Unicorn-40316.exe
2632	Unicorn-40316.exe
2592	Unicorn-36341.exe
2592	Unicorn-36341.exe
1644	Unicorn-59366.exe
1644	Unicorn-59366.exe
2476	Unicorn-62059.exe
2476	Unicorn-62059.exe
2564	Unicorn-60845.exe
2564	Unicorn-60845.exe
2304	Unicorn-8774.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2392	2432	WerFault.exe	27
756	2752	WerFault.exe	28
1936	2772	WerFault.exe	29
920	2908	WerFault.exe	30
368	2620	WerFault.exe	33
1624	2592	WerFault.exe	32
2096	2564	WerFault.exe	34
2856	960	WerFault.exe	36
2596	2632	WerFault.exe	37
2976	1644	WerFault.exe	39
1492	2304	WerFault.exe	38
2488	2476	WerFault.exe	40
1032	2372	WerFault.exe	43
1576	1152	WerFault.exe	50
1784	2288	WerFault.exe	46
2712	2424	WerFault.exe	44
2040	2900	WerFault.exe	55
2380	616	WerFault.exe	45
400	2316	WerFault.exe	57
2084	1508	WerFault.exe	59
1504	1948	WerFault.exe	60
2536	2520	WerFault.exe	61
2200	2340	WerFault.exe	56
1532	1636	WerFault.exe	48
1524	896	WerFault.exe	54
2788	2704	WerFault.exe	65
1436	2464	WerFault.exe	49
1016	2648	WerFault.exe	58
2196	1500	WerFault.exe	80
3124	1476	WerFault.exe	76
3188	1920	WerFault.exe	47
3484	2756	WerFault.exe	64
3476	2984	WerFault.exe	62
3536	2360	WerFault.exe	70
3528	676	WerFault.exe	86
3604	2912	WerFault.exe	82
3632	1088	WerFault.exe	63
3732	1744	WerFault.exe	77
3896	1748	WerFault.exe	83
4028	544	WerFault.exe	72
4020	1544	WerFault.exe	87
3448	1640	WerFault.exe	91
3472	2532	WerFault.exe	100
3436	284	WerFault.exe	84
3544	2776	WerFault.exe	109
3524	2188	WerFault.exe	97
3556	2312	WerFault.exe	113
3468	1136	WerFault.exe	85
3680	1332	WerFault.exe	89
3716	2308	WerFault.exe	79
3764	1388	WerFault.exe	90
3692	2584	WerFault.exe	68
4264	2276	WerFault.exe	81
4516	2736	WerFault.exe	96
4616	1236	WerFault.exe	105
5036	1796	WerFault.exe	101
4472	1192	WerFault.exe	119
4548	3276	WerFault.exe	131
4704	3248	WerFault.exe	124
4788	3292	WerFault.exe	128
4812	4048	WerFault.exe	145
4840	3316	WerFault.exe	130
908	4356	WerFault.exe	159
4780	1372	WerFault.exe	78

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe
2752	Unicorn-9869.exe
2772	Unicorn-41712.exe
2908	Unicorn-64825.exe
2620	Unicorn-30673.exe
2592	Unicorn-36341.exe
2564	Unicorn-60845.exe
960	Unicorn-19896.exe
2632	Unicorn-40316.exe
1644	Unicorn-59366.exe
2304	Unicorn-8774.exe
2476	Unicorn-62059.exe
2372	Unicorn-14825.exe
2424	Unicorn-29770.exe
616	Unicorn-21624.exe
2288	Unicorn-61073.exe
1920	Unicorn-7041.exe
1636	Unicorn-33684.exe
2464	Unicorn-11680.exe
1152	Unicorn-27462.exe
896	Unicorn-15641.exe
2340	Unicorn-18141.exe
2900	Unicorn-52397.exe
2316	Unicorn-58427.exe
2648	Unicorn-9781.exe
1508	Unicorn-7088.exe
2520	Unicorn-18525.exe
1088	Unicorn-24555.exe
2984	Unicorn-48697.exe
2756	Unicorn-5526.exe
2704	Unicorn-14249.exe
2584	Unicorn-15531.exe
2360	Unicorn-53035.exe
544	Unicorn-55002.exe
1476	Unicorn-18054.exe
1372	Unicorn-39028.exe
1744	Unicorn-43112.exe
2308	Unicorn-20576.exe
1500	Unicorn-49911.exe
2276	Unicorn-53248.exe
2912	Unicorn-53248.exe
284	Unicorn-42942.exe
1748	Unicorn-35328.exe
1136	Unicorn-20938.exe
1544	Unicorn-25044.exe
676	Unicorn-63938.exe
1332	Unicorn-24852.exe
1388	Unicorn-37658.exe
1640	Unicorn-26798.exe
2692	Unicorn-20659.exe
2188	Unicorn-31733.exe
2736	Unicorn-13258.exe
2204	Unicorn-7036.exe
1512	Unicorn-21235.exe
2532	Unicorn-2760.exe
1796	Unicorn-48432.exe
1236	Unicorn-40093.exe
2776	Unicorn-25594.exe
2964	Unicorn-39984.exe
2312	Unicorn-15864.exe
2264	Unicorn-46782.exe
1192	Unicorn-9833.exe
3080	Unicorn-53352.exe
3316	Unicorn-6180.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2752	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	28
PID 2432 wrote to memory of 2752	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	28
PID 2432 wrote to memory of 2752	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	28
PID 2432 wrote to memory of 2752	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	28
PID 2752 wrote to memory of 2772	2752	Unicorn-9869.exe	29
PID 2752 wrote to memory of 2772	2752	Unicorn-9869.exe	29
PID 2752 wrote to memory of 2772	2752	Unicorn-9869.exe	29
PID 2752 wrote to memory of 2772	2752	Unicorn-9869.exe	29
PID 2432 wrote to memory of 2908	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	30
PID 2432 wrote to memory of 2908	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	30
PID 2432 wrote to memory of 2908	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	30
PID 2432 wrote to memory of 2908	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	30
PID 2432 wrote to memory of 2392	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	31
PID 2432 wrote to memory of 2392	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	31
PID 2432 wrote to memory of 2392	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	31
PID 2432 wrote to memory of 2392	2432	0e0fe8175fe2c5e68c8f353e541ae3c9.exe	31
PID 2772 wrote to memory of 2592	2772	Unicorn-41712.exe	32
PID 2772 wrote to memory of 2592	2772	Unicorn-41712.exe	32
PID 2772 wrote to memory of 2592	2772	Unicorn-41712.exe	32
PID 2772 wrote to memory of 2592	2772	Unicorn-41712.exe	32
PID 2908 wrote to memory of 2564	2908	Unicorn-64825.exe	34
PID 2908 wrote to memory of 2564	2908	Unicorn-64825.exe	34
PID 2908 wrote to memory of 2564	2908	Unicorn-64825.exe	34
PID 2908 wrote to memory of 2564	2908	Unicorn-64825.exe	34
PID 2752 wrote to memory of 2620	2752	Unicorn-9869.exe	33
PID 2752 wrote to memory of 2620	2752	Unicorn-9869.exe	33
PID 2752 wrote to memory of 2620	2752	Unicorn-9869.exe	33
PID 2752 wrote to memory of 2620	2752	Unicorn-9869.exe	33
PID 2752 wrote to memory of 756	2752	Unicorn-9869.exe	35
PID 2752 wrote to memory of 756	2752	Unicorn-9869.exe	35
PID 2752 wrote to memory of 756	2752	Unicorn-9869.exe	35
PID 2752 wrote to memory of 756	2752	Unicorn-9869.exe	35
PID 2620 wrote to memory of 960	2620	Unicorn-30673.exe	36
PID 2620 wrote to memory of 960	2620	Unicorn-30673.exe	36
PID 2620 wrote to memory of 960	2620	Unicorn-30673.exe	36
PID 2620 wrote to memory of 960	2620	Unicorn-30673.exe	36
PID 2592 wrote to memory of 2632	2592	Unicorn-36341.exe	37
PID 2592 wrote to memory of 2632	2592	Unicorn-36341.exe	37
PID 2592 wrote to memory of 2632	2592	Unicorn-36341.exe	37
PID 2592 wrote to memory of 2632	2592	Unicorn-36341.exe	37
PID 2772 wrote to memory of 2304	2772	Unicorn-41712.exe	38
PID 2772 wrote to memory of 2304	2772	Unicorn-41712.exe	38
PID 2772 wrote to memory of 2304	2772	Unicorn-41712.exe	38
PID 2772 wrote to memory of 2304	2772	Unicorn-41712.exe	38
PID 2564 wrote to memory of 1644	2564	Unicorn-60845.exe	39
PID 2564 wrote to memory of 1644	2564	Unicorn-60845.exe	39
PID 2564 wrote to memory of 1644	2564	Unicorn-60845.exe	39
PID 2564 wrote to memory of 1644	2564	Unicorn-60845.exe	39
PID 2908 wrote to memory of 2476	2908	Unicorn-64825.exe	40
PID 2908 wrote to memory of 2476	2908	Unicorn-64825.exe	40
PID 2908 wrote to memory of 2476	2908	Unicorn-64825.exe	40
PID 2908 wrote to memory of 2476	2908	Unicorn-64825.exe	40
PID 2772 wrote to memory of 1936	2772	Unicorn-41712.exe	41
PID 2772 wrote to memory of 1936	2772	Unicorn-41712.exe	41
PID 2772 wrote to memory of 1936	2772	Unicorn-41712.exe	41
PID 2772 wrote to memory of 1936	2772	Unicorn-41712.exe	41
PID 2908 wrote to memory of 920	2908	Unicorn-64825.exe	42
PID 2908 wrote to memory of 920	2908	Unicorn-64825.exe	42
PID 2908 wrote to memory of 920	2908	Unicorn-64825.exe	42
PID 2908 wrote to memory of 920	2908	Unicorn-64825.exe	42
PID 960 wrote to memory of 2372	960	Unicorn-19896.exe	43
PID 960 wrote to memory of 2372	960	Unicorn-19896.exe	43
PID 960 wrote to memory of 2372	960	Unicorn-19896.exe	43
PID 960 wrote to memory of 2372	960	Unicorn-19896.exe	43

C:\Users\Admin\AppData\Local\Temp\0e0fe8175fe2c5e68c8f353e541ae3c9.exe
"C:\Users\Admin\AppData\Local\Temp\0e0fe8175fe2c5e68c8f353e541ae3c9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21235.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        10⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 380
        10⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 376
        9⤵
        Program crash
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 376
        8⤵
        Program crash
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        9⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 380
        9⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 376
        8⤵
        Program crash
        
        PID:3896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 376
        7⤵
        Program crash
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        9⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 380
        9⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 376
        8⤵
        Program crash
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 368
        7⤵
        Program crash
        
        PID:1016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 376
        6⤵
        Program crash
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        9⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 380
        10⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 376
        9⤵
        Program crash
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
        8⤵
        Executes dropped EXE
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        9⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 380
        9⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 368
        8⤵
        Program crash
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 376
        7⤵
        Program crash
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        8⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 376
        8⤵
        Program crash
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 376
        7⤵
        Program crash
        
        PID:2196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 376
        6⤵
        Program crash
        
        PID:1784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 380
        5⤵
        Program crash
        
        PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        8⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 372
        8⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 372
        7⤵
        Program crash
        
        PID:3476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 376
        6⤵
        Program crash
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7036.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        8⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 372
        8⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 376
        7⤵
        Program crash
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48432.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        8⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 372
        8⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 380
        7⤵
        Program crash
        
        PID:5036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 376
        6⤵
        Program crash
        
        PID:3632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 376
        5⤵
        Program crash
        
        PID:1492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:1936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30673.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        9⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 380
        9⤵
        Program crash
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 376
        8⤵
        Program crash
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 376
        7⤵
        Program crash
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        9⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 372
        9⤵
        Program crash
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 376
        8⤵
        Program crash
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 368
        7⤵
        Program crash
        
        PID:3536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 376
        6⤵
        Program crash
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24824.exe
        8⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 372
        8⤵
        Program crash
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 368
        7⤵
        Program crash
        
        PID:4028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 376
        6⤵
        Program crash
        
        PID:2200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 380
        5⤵
        Program crash
        
        PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        9⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 380
        9⤵
        Program crash
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 376
        8⤵
        Program crash
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 376
        7⤵
        Program crash
        
        PID:3124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 376
        6⤵
        Program crash
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        8⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 372
        8⤵
        Program crash
        
        PID:908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 376
        7⤵
        Program crash
        
        PID:4616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 376
        6⤵
        Program crash
        
        PID:3732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 368
        5⤵
        Program crash
        
        PID:2712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 376
      4⤵
      Program crash
      PID:368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 380
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        6⤵
        Executes dropped EXE
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        10⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 380
        10⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 376
        9⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
        8⤵
        Executes dropped EXE
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
        9⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 380
        9⤵
        Program crash
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 376
        8⤵
        Program crash
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 376
        7⤵
        Program crash
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        8⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 380
        8⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 376
        7⤵
        Program crash
        
        PID:3468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 376
        6⤵
        Program crash
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18525.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        8⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 380
        8⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 376
        7⤵
        Program crash
        
        PID:4020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 380
        6⤵
        Program crash
        
        PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 376
        5⤵
        Program crash
        
        PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23363.exe
        6⤵
        
        PID:4276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 380
        6⤵
        Program crash
        
        PID:4780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 376
        5⤵
        Program crash
        
        PID:1436
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 380
      4⤵
      Program crash
      PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        7⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 376
        7⤵
        Program crash
        
        PID:3680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 372
        6⤵
        Program crash
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        7⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 380
        7⤵
        
        PID:5148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 376
        6⤵
        Program crash
        
        PID:3764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 368
        5⤵
        Program crash
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        6⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        7⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 372
        7⤵
        Program crash
        
        PID:4548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 368
        6⤵
        Program crash
        
        PID:3448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 376
        5⤵
        Program crash
        
        PID:2788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 376
      4⤵
      Program crash
      PID:2488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 376
  2⤵
  - Program crash
  PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe

Filesize
184KB

MD5
7d0d28919bb96cbfa67bf18fd8ce89d3

SHA1
f2fe7377cd08c0a2c188ecab4e3387142fff140e

SHA256
3aa9eccf060e09abd796cc49a99df1bb14801df4025223fcd1a7e77491a65f10

SHA512
a17d6560ff001c458770946b0bc55dfd7ffd9cf72afd3de86817a6b98e0ee5af50455d4337d79e0d5662e3d2e78e0439f754059c15db1422be4bdb32c5169b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe

Filesize
184KB

MD5
e966ac693315467967966cebe4f3d59c

SHA1
cb451428c3d8ae3091c596a9f4ee7f61f610cc52

SHA256
b04c46e54045a36f59362276681769607aa7278253d41d427fa0b643ca19c6ec

SHA512
ec52db3721a04504442f61eaed271556f4618a71ee55681ab0b946e5384f98a76e687145246a99a021dfaaed2d74039795dc21627b169174bd4a218e3ee152ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe

Filesize
184KB

MD5
8b926638223132e00026d1535c1c9487

SHA1
a7d3b91ee6590e34f177ffd912f738881093392c

SHA256
a0e3ba9637c8fab1a38703449adca82be2fb587691b1b9b080d6c4cea0ba82b6

SHA512
245ed4a4a14c3d8f9cc9276d6779fc74f34c89e963daa2e46937d8bf59b7f14a9f8aa08d537b40ed294d9c00c59bd5d2139c580a3295e29801177bdd0bb28ea6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe

Filesize
184KB

MD5
a2e4e888914591521e1c9640c3413938

SHA1
9d706047582bf29b9682884fd1df792f429cf74d

SHA256
3183691fad8ca90d0c3954267ca2d02ab23800edd9471a5abb4dcaac8340fba5

SHA512
41dec55a6a79be4a898625cea92b7fcee6fb8666cf3bc3697945fa05de07aed7b89b515bd112f1b3d1e5e5cbff1d51a0d19ed0fa38903120ecb724d6c61f93a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30673.exe

Filesize
184KB

MD5
14aa5fb36e93cb40f0b7b487ab50fb3a

SHA1
902f3f35a8d3ed57df29fe66b65d515c9cd7a97d

SHA256
5c37e96f14c289e0048c25ea2a3ee5ac1d1c60b1447e280fcc19a972d3fe629b

SHA512
899fb96acef9b5564cdef3cf30d49fedd92c5bfcbb1491e99add638ae1d0e4a8b3d9a374b640171589da7c94ac83f0e786a27ae28809738103105a70b783a752

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe

Filesize
184KB

MD5
0ba5cfe2d585ac47b0cf22a4abd53c11

SHA1
e5df45e5ac047e4e57dfbe75f2fd938cf15d262c

SHA256
4945f7a08610732c4f9430a19c1f3c6fd9d74ad5b5507e13b0ba6c9bf7282187

SHA512
b581212aece3475c085df987090b05dcc3d7510e5e9badb83b7f9f8179d1a9f27b2f22ff72153cc9ed9c58ef52a8f86ecc87b65def879fc72db8e1b89bfafbec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe

Filesize
184KB

MD5
0d6543f9bc7e79ea7eb75a6866cba547

SHA1
bc4f618ac7efb8ce62463caa3ac17754582ee1f7

SHA256
6796ffad5296ff0f4ad9ed21e1a54168fcb0af35a07570c6babb6432ee4c0477

SHA512
bcc36092a670fc0dc6d43d55e53842acac4d6ba757b2327a0a564b21c30ac4151b91ba010e7ea8ebcd501b3fba95ed1a62a9368a0e78a0c9b23e58240d6997fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe

Filesize
184KB

MD5
6b26ebccdf40f7aac630d661e94f2856

SHA1
eb73ba1d22ac2a531d442e0419afe5fc6fdb9125

SHA256
d3bce44874ee07b7f62b0ce028efe000cfd8ee89db484041d041e95e8b49157a

SHA512
293f65b1fbcf1eb541fdf0cb849ac961cf82c7d31579ad8fa53c730a8a6bda2b203555e0b8fa7066ce2438aaaec6989bdfe57f784c11210d41397af27b4756bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe

Filesize
184KB

MD5
a3dc061d70cf444f66c5eef4909c7e2b

SHA1
c36f6e42b4138048747205a56809e19cb14299be

SHA256
73887733a053b6561d8e3ae65203ba72f73986073292c027185e54de1172c684

SHA512
a85ec878826316995d4b479865ce2b0c5d78f4046268322ceef3967a832067a975b76574cc805180f1d3111982d214e48cafe716979950802ae1d7eccf6039af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe

Filesize
184KB

MD5
1bb9167d5e44a76ed906353e0172d3c4

SHA1
ad7a6aa456bff343d1bfa08fe6ab3b83fe11f83c

SHA256
27233249ed4fe6829b1f20cdc277a7a91986dc872e679fe3c97de45fe4209cdf

SHA512
b0da7a22c5a87ba18fb109d2017c911af3a0f3fc1e339735cc931025f7c33e9b765e16d9b32c593405fe1084f22248099a850ccc56bf4b734ea5d9530181b835

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe

Filesize
184KB

MD5
a3be2fe65ba1a0fbaa0c44ddfca07bbf

SHA1
0059aee5852597ea62aa17ac5ffbcd3fc6c9ac5c

SHA256
1659cd5b0ea1e50b5eb8345ade97b218c0e94f65b9ac80ea6fbc2dbef2c30a66

SHA512
2bdfbdc334fecdf93e09b270bf429b6e5e52d353bb46a62853c6e18715f59593ac2a6eec19d57530b1e9c809359edde9553d98a27758161add28921d18a31196

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe

Filesize
184KB

MD5
e52120c88fccd23e0d6ce2a4cc9e8a32

SHA1
66b5e887bb90da6f3f37944e7f64f3cf66b5011e

SHA256
780bd808b846e62a178956f3e13f383b6cf49f58c6c416484cd2fada42a807f4

SHA512
46365026d80871d48bca82aa7292869d0a9b8be6a2a6e01568ce094298adf9a1ad74595e911d1f2cc0fcb0ece4ce61a450bbbb99e1e9cba20d4226060efbc619

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe

Filesize
184KB

MD5
d6bdea94551ad44ace5efa667b483f00

SHA1
f9f4da0c11bcb7dfca59e5b03bde57b1f20a5f28

SHA256
e47753e8f1296453519e8bdd6713f87605f9682d826167f1e64af4649c489472

SHA512
1e4a26272eb990e10d0d5530c1fe42b476e0efd0ab7a92af7e0fdfae762e965ac2a4215685b36432f69a56824634d81eef3801a578b255ef1f191bcdf00cd112

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads