b6141d6fa8ed3aa3a7cdf6d4cc9999a18ed90d31bcf46bb7c627e7c6e45044dd

Analysis

max time kernel
22s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38ac87ee64005f5cd53973941ef295f8.exe
Size

184KB
MD5

38ac87ee64005f5cd53973941ef295f8
SHA1

7ccd98e7eb599eaba94d17f897b55dd15dcd7f8e
SHA256

b6141d6fa8ed3aa3a7cdf6d4cc9999a18ed90d31bcf46bb7c627e7c6e45044dd
SHA512

1d5c28bf8d779d9d896c523102074e86358000c01fd608b6e19cf80ebcaa12bd4c2c4e8afe584aa3e9f8a2e846ecce93499239e50b047173f4989e3265c10003
SSDEEP

3072:YGFGoEMHXOA8keQ3wTOq08deY8t6qHbhfDMx+Yd6GNlPvpFb:YG4oxD8k7wqq08itduNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
2796	Unicorn-36589.exe
2820	Unicorn-22365.exe
2824	Unicorn-15820.exe
2752	Unicorn-38784.exe
2788	Unicorn-12141.exe
2592	Unicorn-43335.exe
2272	Unicorn-14834.exe
2532	Unicorn-16693.exe
2100	Unicorn-58280.exe
1264	Unicorn-911.exe

Loads dropped DLL 20 IoCs

pid	Process
2524	38ac87ee64005f5cd53973941ef295f8.exe
2524	38ac87ee64005f5cd53973941ef295f8.exe
2524	38ac87ee64005f5cd53973941ef295f8.exe
2796	Unicorn-36589.exe
2524	38ac87ee64005f5cd53973941ef295f8.exe
2796	Unicorn-36589.exe
2820	Unicorn-22365.exe
2824	Unicorn-15820.exe
2820	Unicorn-22365.exe
2824	Unicorn-15820.exe
2796	Unicorn-36589.exe
2788	Unicorn-12141.exe
2796	Unicorn-36589.exe
2788	Unicorn-12141.exe
2820	Unicorn-22365.exe
2820	Unicorn-22365.exe
2752	Unicorn-38784.exe
2752	Unicorn-38784.exe
2824	Unicorn-15820.exe
2824	Unicorn-15820.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2096	2524	WerFault.exe	14
2284	2752	WerFault.exe	33
1152	2796	WerFault.exe	28
1764	2820	WerFault.exe	30
868	2824	WerFault.exe	29
2584	2788	WerFault.exe	32
892	2592	WerFault.exe	43
2216	2532	WerFault.exe	40
1680	1264	WerFault.exe	34
2928	2100	WerFault.exe	41
528	704	WerFault.exe	45
2092	1168	WerFault.exe	56
2424	1556	WerFault.exe	48
2364	2968	WerFault.exe	47
1364	1636	WerFault.exe	52
1884	2028	WerFault.exe	51
932	2024	WerFault.exe	50
2180	2232	WerFault.exe	49
1248	1172	WerFault.exe	55
2948	2272	WerFault.exe	42
2652	2376	WerFault.exe	46
2804	1048	WerFault.exe	54
1820	2280	WerFault.exe	44
3244	2768	WerFault.exe	69
3292	2612	WerFault.exe	61
3572	2844	WerFault.exe	70
3720	2720	WerFault.exe	72
3752	2308	WerFault.exe	91
3844	2432	WerFault.exe	68
3864	1644	WerFault.exe	71
3812	2120	WerFault.exe	94
3932	2888	WerFault.exe	64
3972	3008	WerFault.exe	92
3996	2484	WerFault.exe	93
4040	2576	WerFault.exe	67
968	2536	WerFault.exe	62
3200	1936	WerFault.exe	63
2188	2864	WerFault.exe	65
3344	272	WerFault.exe	98
3760	2868	WerFault.exe	90
3312	1828	WerFault.exe	87
4120	2572	WerFault.exe	88
4352	2712	WerFault.exe	66
4344	1564	WerFault.exe	89
4736	2872	WerFault.exe	85
4868	3376	WerFault.exe	115
4912	3236	WerFault.exe	104
4944	3136	WerFault.exe	101
4960	3220	WerFault.exe	103
4972	3328	WerFault.exe	112
4952	3112	WerFault.exe	108
4148	3440	WerFault.exe	117
4936	3176	WerFault.exe	100
4928	3120	WerFault.exe	106
4920	3088	WerFault.exe	111
4904	3384	WerFault.exe	114
4320	1888	WerFault.exe	95
4896	3104	WerFault.exe	109
4888	3364	WerFault.exe	116
4860	3144	WerFault.exe	99
3260	3096	WerFault.exe	110
5232	4060	WerFault.exe	147
5280	4216	WerFault.exe	150
5272	3592	WerFault.exe	140

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2524	38ac87ee64005f5cd53973941ef295f8.exe
2796	Unicorn-36589.exe
2820	Unicorn-22365.exe
2824	Unicorn-15820.exe
2752	Unicorn-38784.exe
2788	Unicorn-12141.exe
2532	Unicorn-16693.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2796	2524	38ac87ee64005f5cd53973941ef295f8.exe	28
PID 2524 wrote to memory of 2796	2524	38ac87ee64005f5cd53973941ef295f8.exe	28
PID 2524 wrote to memory of 2796	2524	38ac87ee64005f5cd53973941ef295f8.exe	28
PID 2524 wrote to memory of 2796	2524	38ac87ee64005f5cd53973941ef295f8.exe	28
PID 2524 wrote to memory of 2824	2524	38ac87ee64005f5cd53973941ef295f8.exe	29
PID 2524 wrote to memory of 2824	2524	38ac87ee64005f5cd53973941ef295f8.exe	29
PID 2524 wrote to memory of 2824	2524	38ac87ee64005f5cd53973941ef295f8.exe	29
PID 2524 wrote to memory of 2824	2524	38ac87ee64005f5cd53973941ef295f8.exe	29
PID 2796 wrote to memory of 2820	2796	Unicorn-36589.exe	30
PID 2796 wrote to memory of 2820	2796	Unicorn-36589.exe	30
PID 2796 wrote to memory of 2820	2796	Unicorn-36589.exe	30
PID 2796 wrote to memory of 2820	2796	Unicorn-36589.exe	30
PID 2524 wrote to memory of 2096	2524	38ac87ee64005f5cd53973941ef295f8.exe	31
PID 2524 wrote to memory of 2096	2524	38ac87ee64005f5cd53973941ef295f8.exe	31
PID 2524 wrote to memory of 2096	2524	38ac87ee64005f5cd53973941ef295f8.exe	31
PID 2524 wrote to memory of 2096	2524	38ac87ee64005f5cd53973941ef295f8.exe	31
PID 2820 wrote to memory of 2752	2820	Unicorn-22365.exe	33
PID 2820 wrote to memory of 2752	2820	Unicorn-22365.exe	33
PID 2820 wrote to memory of 2752	2820	Unicorn-22365.exe	33
PID 2820 wrote to memory of 2752	2820	Unicorn-22365.exe	33
PID 2824 wrote to memory of 2788	2824	Unicorn-15820.exe	32
PID 2824 wrote to memory of 2788	2824	Unicorn-15820.exe	32
PID 2824 wrote to memory of 2788	2824	Unicorn-15820.exe	32
PID 2824 wrote to memory of 2788	2824	Unicorn-15820.exe	32
PID 2796 wrote to memory of 2272	2796	Unicorn-36589.exe	42
PID 2796 wrote to memory of 2272	2796	Unicorn-36589.exe	42
PID 2796 wrote to memory of 2272	2796	Unicorn-36589.exe	42
PID 2796 wrote to memory of 2272	2796	Unicorn-36589.exe	42
PID 2788 wrote to memory of 2592	2788	Unicorn-12141.exe	43
PID 2788 wrote to memory of 2592	2788	Unicorn-12141.exe	43
PID 2788 wrote to memory of 2592	2788	Unicorn-12141.exe	43
PID 2788 wrote to memory of 2592	2788	Unicorn-12141.exe	43
PID 2820 wrote to memory of 2100	2820	Unicorn-22365.exe	41
PID 2820 wrote to memory of 2100	2820	Unicorn-22365.exe	41
PID 2820 wrote to memory of 2100	2820	Unicorn-22365.exe	41
PID 2820 wrote to memory of 2100	2820	Unicorn-22365.exe	41
PID 2752 wrote to memory of 2532	2752	Unicorn-38784.exe	40
PID 2752 wrote to memory of 2532	2752	Unicorn-38784.exe	40
PID 2752 wrote to memory of 2532	2752	Unicorn-38784.exe	40
PID 2752 wrote to memory of 2532	2752	Unicorn-38784.exe	40
PID 2824 wrote to memory of 1264	2824	Unicorn-15820.exe	34
PID 2824 wrote to memory of 1264	2824	Unicorn-15820.exe	34
PID 2824 wrote to memory of 1264	2824	Unicorn-15820.exe	34
PID 2824 wrote to memory of 1264	2824	Unicorn-15820.exe	34

C:\Users\Admin\AppData\Local\Temp\38ac87ee64005f5cd53973941ef295f8.exe
"C:\Users\Admin\AppData\Local\Temp\38ac87ee64005f5cd53973941ef295f8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 376
        5⤵
        Program crash
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        6⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        10⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18222.exe
        11⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        12⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 380
        12⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 376
        11⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 380
        10⤵
        Program crash
        
        PID:4912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 376
        9⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        10⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 372
        10⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 380
        9⤵
        Program crash
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 368
        8⤵
        Program crash
        
        PID:968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 376
        7⤵
        Program crash
        
        PID:1248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 368
        6⤵
        Program crash
        
        PID:2216
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 368
      4⤵
      Program crash
      PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
      4⤵
      Executes dropped EXE
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        5⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4435.exe
        6⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
        8⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
        11⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe
        12⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 384
        12⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 376
        11⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 380
        10⤵
        Program crash
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 368
        9⤵
        Program crash
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        11⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
        12⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 372
        12⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 380
        11⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21957.exe
        10⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 380
        10⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 380
        9⤵
        Program crash
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 376
        8⤵
        Program crash
        
        PID:4040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 368
        7⤵
        Program crash
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18057.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        8⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
        10⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        11⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 372
        11⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 376
        10⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 376
        9⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 380
        8⤵
        Program crash
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 380
        7⤵
        Program crash
        
        PID:2188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 376
        6⤵
        Program crash
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39800.exe
        5⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60673.exe
        6⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        7⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
        10⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        11⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        12⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 372
        11⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 380
        10⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 380
        9⤵
        Program crash
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 368
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        8⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20635.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        10⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 380
        10⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        9⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        10⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 380
        10⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 376
        9⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 376
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 376
        7⤵
        Program crash
        
        PID:3200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 368
        6⤵
        Program crash
        
        PID:2092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 368
        5⤵
        Program crash
        
        PID:2928
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 380
    3⤵
    - Program crash
    PID:1152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
    3⤵
    - Executes dropped EXE
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
      4⤵
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        5⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        8⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        10⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 380
        9⤵
        Program crash
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 368
        8⤵
        Program crash
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
        9⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 372
        9⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 380
        8⤵
        Program crash
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 376
        7⤵
        Program crash
        
        PID:3720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 368
        6⤵
        Program crash
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2741.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
        10⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 380
        10⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 376
        9⤵
        Program crash
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 380
        8⤵
        Program crash
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 380
        7⤵
        Program crash
        
        PID:3760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 376
        6⤵
        Program crash
        
        PID:3292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 376
        5⤵
        Program crash
        
        PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
      4⤵
      PID:964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 376
      4⤵
      Program crash
      PID:2948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 368
      4⤵
      Program crash
      PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
      4⤵
      Executes dropped EXE
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        5⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54316.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        11⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 376
        10⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 372
        9⤵
        Program crash
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        10⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 372
        10⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 372
        9⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 372
        8⤵
        Program crash
        
        PID:4352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 376
        7⤵
        Program crash
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31792.exe
        10⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 372
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 380
        9⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 380
        8⤵
        Program crash
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6851.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        10⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 380
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 380
        9⤵
        Program crash
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 380
        8⤵
        Program crash
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 368
        7⤵
        Program crash
        
        PID:3932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 376
        6⤵
        Program crash
        
        PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        5⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        9⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
        11⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 380
        11⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        10⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 372
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 372
        9⤵
        Program crash
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 380
        8⤵
        Program crash
        
        PID:3312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 376
        7⤵
        Program crash
        
        PID:3244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 376
        6⤵
        Program crash
        
        PID:2424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 368
        5⤵
        Program crash
        
        PID:892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
    3⤵
    - Executes dropped EXE
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
      4⤵
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        5⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35977.exe
        6⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
        11⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 372
        11⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 380
        10⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 380
        9⤵
        Program crash
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 376
        8⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29104.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
        10⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 372
        10⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
        9⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 380
        9⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 380
        8⤵
        Program crash
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 372
        7⤵
        Program crash
        
        PID:3844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 376
        6⤵
        Program crash
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
        8⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
        9⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 372
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 384
        8⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 376
        7⤵
        Program crash
        
        PID:4320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 368
        6⤵
        Program crash
        
        PID:3864
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 376
        5⤵
        Program crash
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
      4⤵
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25728.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        10⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 380
        10⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 380
        9⤵
        Program crash
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 380
        8⤵
        Program crash
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48932.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        9⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 380
        9⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 380
        8⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 380
        7⤵
        Program crash
        
        PID:4736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 376
        6⤵
        Program crash
        
        PID:3572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 368
        5⤵
        Program crash
        
        PID:932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 368
      4⤵
      Program crash
      PID:1680
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 380
    3⤵
    - Program crash
    PID:868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 368
  2⤵
  - Program crash
  PID:2096

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads