4116874925b4ee3fb9ab5e86b996576ba1c69aebfb02abab6c4f1bdad0334234

Analysis

max time kernel
151s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49872d10d3143fca6bf4e1ad99c260cf.exe
Size

184KB
MD5

49872d10d3143fca6bf4e1ad99c260cf
SHA1

1fb956c757fd62098c39fe1bfe3570222024a57a
SHA256

4116874925b4ee3fb9ab5e86b996576ba1c69aebfb02abab6c4f1bdad0334234
SHA512

298adde055536c633e6d8412ea59b4aa56090f9db87a8884a80cffd39e53238dd595017fe94763e740fbd7239ed137461af99806636e5a5696ac300514396d4b
SSDEEP

3072:a1+moz/5fhApryjidlK0tZFp3dm6aPfFQ8ux8HIEENlPvpFB:a1noFOprxdQ0tZmNtWNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2752	Unicorn-12792.exe
2840	Unicorn-46892.exe
2756	Unicorn-43554.exe
2624	Unicorn-3358.exe
2664	Unicorn-35708.exe
2612	Unicorn-31838.exe
1876	Unicorn-8376.exe
2676	Unicorn-21375.exe
320	Unicorn-46046.exe
2668	Unicorn-37519.exe
764	Unicorn-28605.exe
368	Unicorn-56970.exe
2280	Unicorn-52502.exe
820	Unicorn-31781.exe
1652	Unicorn-48501.exe
824	Unicorn-36249.exe
1324	Unicorn-41340.exe
2200	Unicorn-52476.exe
1340	Unicorn-36872.exe
1760	Unicorn-42086.exe
2528	Unicorn-670.exe
1884	Unicorn-25004.exe
2040	Unicorn-54339.exe
1228	Unicorn-33364.exe
2532	Unicorn-12190.exe
2712	Unicorn-45787.exe
336	Unicorn-26213.exe
1056	Unicorn-47785.exe
752	Unicorn-47785.exe
2192	Unicorn-47785.exe
272	Unicorn-47785.exe
2512	Unicorn-10452.exe
1612	Unicorn-43317.exe
2020	Unicorn-18813.exe
1928	Unicorn-28289.exe
888	Unicorn-51916.exe
2196	Unicorn-57920.exe
960	Unicorn-25994.exe
276	Unicorn-44215.exe
1732	Unicorn-3929.exe
1736	Unicorn-4718.exe
2540	Unicorn-33477.exe
2112	Unicorn-909.exe
1492	Unicorn-58558.exe
1988	Unicorn-3566.exe
528	Unicorn-8226.exe
1684	Unicorn-25309.exe
1704	Unicorn-8418.exe
436	Unicorn-5273.exe
2892	Unicorn-58366.exe
1632	Unicorn-23987.exe
1396	Unicorn-25139.exe
2324	Unicorn-40323.exe
1552	Unicorn-26352.exe
2120	Unicorn-49046.exe
1624	Unicorn-49238.exe
648	Unicorn-34629.exe
1584	Unicorn-743.exe
2312	Unicorn-44005.exe
1932	Unicorn-31177.exe
2576	Unicorn-40902.exe
3040	Unicorn-21036.exe
1596	Unicorn-40902.exe
2396	Unicorn-40902.exe

Loads dropped DLL 64 IoCs

pid	Process
1184	49872d10d3143fca6bf4e1ad99c260cf.exe
1184	49872d10d3143fca6bf4e1ad99c260cf.exe
2752	Unicorn-12792.exe
2752	Unicorn-12792.exe
1184	49872d10d3143fca6bf4e1ad99c260cf.exe
1184	49872d10d3143fca6bf4e1ad99c260cf.exe
2752	Unicorn-12792.exe
2840	Unicorn-46892.exe
2752	Unicorn-12792.exe
2756	Unicorn-43554.exe
2840	Unicorn-46892.exe
2756	Unicorn-43554.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
2664	Unicorn-35708.exe
2664	Unicorn-35708.exe
2756	Unicorn-43554.exe
2756	Unicorn-43554.exe
2612	Unicorn-31838.exe
2612	Unicorn-31838.exe
2840	Unicorn-46892.exe
2840	Unicorn-46892.exe
2624	Unicorn-3358.exe
2624	Unicorn-3358.exe
3056	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2076	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2632	1184	WerFault.exe	27
3056	2752	WerFault.exe	28
1244	2840	WerFault.exe	29
2128	2624	WerFault.exe	34
2492	2756	WerFault.exe	30
2144	2612	WerFault.exe	33
2076	2664	WerFault.exe	32
2856	2676	WerFault.exe	37
2724	2668	WerFault.exe	38
1392	1876	WerFault.exe	36
1336	320	WerFault.exe	39
2648	820	WerFault.exe	48
3052	368	WerFault.exe	46
2400	2280	WerFault.exe	47
1944	1652	WerFault.exe	51
280	824	WerFault.exe	52
2100	764	WerFault.exe	40
2824	1760	WerFault.exe	60
2644	1884	WerFault.exe	59
1868	272	WerFault.exe	76
1676	2192	WerFault.exe	73
832	752	WerFault.exe	75
972	2528	WerFault.exe	56
3208	1056	WerFault.exe	74
3232	2532	WerFault.exe	57
3256	2040	WerFault.exe	58
3272	2512	WerFault.exe	79
3296	336	WerFault.exe	72
3320	1340	WerFault.exe	54
3412	2712	WerFault.exe	62
3424	1612	WerFault.exe	78
3448	1324	WerFault.exe	55
3468	1228	WerFault.exe	61
3460	1928	WerFault.exe	81
3500	2020	WerFault.exe	80
3540	2200	WerFault.exe	53
3612	2196	WerFault.exe	83
3624	888	WerFault.exe	82
3968	1632	WerFault.exe	99
3944	1704	WerFault.exe	93
3980	2120	WerFault.exe	105
3988	2324	WerFault.exe	104
4052	528	WerFault.exe	96
3768	1988	WerFault.exe	92
3552	1552	WerFault.exe	106
1472	1736	WerFault.exe	91
2356	1684	WerFault.exe	95
2552	1396	WerFault.exe	107
4104	960	WerFault.exe	84
4144	1732	WerFault.exe	85
4216	276	WerFault.exe	86
4260	2540	WerFault.exe	90
4244	436	WerFault.exe	98
4252	1492	WerFault.exe	94
4276	1584	WerFault.exe	103
4292	1624	WerFault.exe	102
4300	2892	WerFault.exe	97
4424	2112	WerFault.exe	89
4316	3040	WerFault.exe	114
5160	1992	WerFault.exe	120
5168	1784	WerFault.exe	117
5192	1892	WerFault.exe	118
5184	1744	WerFault.exe	122
5176	2576	WerFault.exe	113

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1184	49872d10d3143fca6bf4e1ad99c260cf.exe
2752	Unicorn-12792.exe
2840	Unicorn-46892.exe
2756	Unicorn-43554.exe
2624	Unicorn-3358.exe
2612	Unicorn-31838.exe
2664	Unicorn-35708.exe
1876	Unicorn-8376.exe
2676	Unicorn-21375.exe
2668	Unicorn-37519.exe
764	Unicorn-28605.exe
320	Unicorn-46046.exe
368	Unicorn-56970.exe
2280	Unicorn-52502.exe
820	Unicorn-31781.exe
1652	Unicorn-48501.exe
824	Unicorn-36249.exe
2200	Unicorn-52476.exe
1340	Unicorn-36872.exe
2532	Unicorn-12190.exe
2040	Unicorn-54339.exe
1324	Unicorn-41340.exe
2528	Unicorn-670.exe
1884	Unicorn-25004.exe
1760	Unicorn-42086.exe
1228	Unicorn-33364.exe
2712	Unicorn-45787.exe
336	Unicorn-26213.exe
752	Unicorn-47785.exe
272	Unicorn-47785.exe
1056	Unicorn-47785.exe
2192	Unicorn-47785.exe
1612	Unicorn-43317.exe
2512	Unicorn-10452.exe
2020	Unicorn-18813.exe
1928	Unicorn-28289.exe
888	Unicorn-51916.exe
2196	Unicorn-57920.exe
960	Unicorn-25994.exe
276	Unicorn-44215.exe
1732	Unicorn-3929.exe
1704	Unicorn-8418.exe
2112	Unicorn-909.exe
2540	Unicorn-33477.exe
1492	Unicorn-58558.exe
1988	Unicorn-3566.exe
1632	Unicorn-23987.exe
1736	Unicorn-4718.exe
528	Unicorn-8226.exe
436	Unicorn-5273.exe
1684	Unicorn-25309.exe
2892	Unicorn-58366.exe
2324	Unicorn-40323.exe
1584	Unicorn-743.exe
1552	Unicorn-26352.exe
1624	Unicorn-49238.exe
2120	Unicorn-49046.exe
1396	Unicorn-25139.exe
648	Unicorn-34629.exe
1932	Unicorn-31177.exe
2312	Unicorn-44005.exe
2576	Unicorn-40902.exe
1352	Unicorn-40902.exe
1596	Unicorn-40902.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2752	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	28
PID 1184 wrote to memory of 2752	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	28
PID 1184 wrote to memory of 2752	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	28
PID 1184 wrote to memory of 2752	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	28
PID 2752 wrote to memory of 2840	2752	Unicorn-12792.exe	29
PID 2752 wrote to memory of 2840	2752	Unicorn-12792.exe	29
PID 2752 wrote to memory of 2840	2752	Unicorn-12792.exe	29
PID 2752 wrote to memory of 2840	2752	Unicorn-12792.exe	29
PID 1184 wrote to memory of 2756	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	30
PID 1184 wrote to memory of 2756	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	30
PID 1184 wrote to memory of 2756	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	30
PID 1184 wrote to memory of 2756	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	30
PID 1184 wrote to memory of 2632	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	31
PID 1184 wrote to memory of 2632	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	31
PID 1184 wrote to memory of 2632	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	31
PID 1184 wrote to memory of 2632	1184	49872d10d3143fca6bf4e1ad99c260cf.exe	31
PID 2752 wrote to memory of 2664	2752	Unicorn-12792.exe	32
PID 2752 wrote to memory of 2664	2752	Unicorn-12792.exe	32
PID 2752 wrote to memory of 2664	2752	Unicorn-12792.exe	32
PID 2752 wrote to memory of 2664	2752	Unicorn-12792.exe	32
PID 2840 wrote to memory of 2624	2840	Unicorn-46892.exe	34
PID 2840 wrote to memory of 2624	2840	Unicorn-46892.exe	34
PID 2840 wrote to memory of 2624	2840	Unicorn-46892.exe	34
PID 2840 wrote to memory of 2624	2840	Unicorn-46892.exe	34
PID 2756 wrote to memory of 2612	2756	Unicorn-43554.exe	33
PID 2756 wrote to memory of 2612	2756	Unicorn-43554.exe	33
PID 2756 wrote to memory of 2612	2756	Unicorn-43554.exe	33
PID 2756 wrote to memory of 2612	2756	Unicorn-43554.exe	33
PID 2752 wrote to memory of 3056	2752	Unicorn-12792.exe	35
PID 2752 wrote to memory of 3056	2752	Unicorn-12792.exe	35
PID 2752 wrote to memory of 3056	2752	Unicorn-12792.exe	35
PID 2752 wrote to memory of 3056	2752	Unicorn-12792.exe	35
PID 2664 wrote to memory of 1876	2664	Unicorn-35708.exe	36
PID 2664 wrote to memory of 1876	2664	Unicorn-35708.exe	36
PID 2664 wrote to memory of 1876	2664	Unicorn-35708.exe	36
PID 2664 wrote to memory of 1876	2664	Unicorn-35708.exe	36
PID 2756 wrote to memory of 2676	2756	Unicorn-43554.exe	37
PID 2756 wrote to memory of 2676	2756	Unicorn-43554.exe	37
PID 2756 wrote to memory of 2676	2756	Unicorn-43554.exe	37
PID 2756 wrote to memory of 2676	2756	Unicorn-43554.exe	37
PID 2612 wrote to memory of 320	2612	Unicorn-31838.exe	39
PID 2612 wrote to memory of 320	2612	Unicorn-31838.exe	39
PID 2612 wrote to memory of 320	2612	Unicorn-31838.exe	39
PID 2612 wrote to memory of 320	2612	Unicorn-31838.exe	39
PID 2840 wrote to memory of 2668	2840	Unicorn-46892.exe	38
PID 2840 wrote to memory of 2668	2840	Unicorn-46892.exe	38
PID 2840 wrote to memory of 2668	2840	Unicorn-46892.exe	38
PID 2840 wrote to memory of 2668	2840	Unicorn-46892.exe	38
PID 2624 wrote to memory of 764	2624	Unicorn-3358.exe	40
PID 2624 wrote to memory of 764	2624	Unicorn-3358.exe	40
PID 2624 wrote to memory of 764	2624	Unicorn-3358.exe	40
PID 2624 wrote to memory of 764	2624	Unicorn-3358.exe	40
PID 2840 wrote to memory of 1244	2840	Unicorn-46892.exe	41
PID 2840 wrote to memory of 1244	2840	Unicorn-46892.exe	41
PID 2840 wrote to memory of 1244	2840	Unicorn-46892.exe	41
PID 2840 wrote to memory of 1244	2840	Unicorn-46892.exe	41
PID 2624 wrote to memory of 2128	2624	Unicorn-3358.exe	42
PID 2624 wrote to memory of 2128	2624	Unicorn-3358.exe	42
PID 2624 wrote to memory of 2128	2624	Unicorn-3358.exe	42
PID 2624 wrote to memory of 2128	2624	Unicorn-3358.exe	42
PID 2756 wrote to memory of 2492	2756	Unicorn-43554.exe	43
PID 2756 wrote to memory of 2492	2756	Unicorn-43554.exe	43
PID 2756 wrote to memory of 2492	2756	Unicorn-43554.exe	43
PID 2756 wrote to memory of 2492	2756	Unicorn-43554.exe	43

C:\Users\Admin\AppData\Local\Temp\49872d10d3143fca6bf4e1ad99c260cf.exe
"C:\Users\Admin\AppData\Local\Temp\49872d10d3143fca6bf4e1ad99c260cf.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        11⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        12⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 372
        12⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 372
        11⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 376
        10⤵
        Program crash
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 380
        9⤵
        Program crash
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        10⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 376
        10⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 376
        9⤵
        Program crash
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 376
        8⤵
        Program crash
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 372
        7⤵
        Program crash
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51916.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        9⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
        11⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 380
        10⤵
        Program crash
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 376
        9⤵
        Program crash
        
        PID:3944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 380
        8⤵
        Program crash
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        9⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 376
        10⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 380
        9⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 384
        7⤵
        Program crash
        
        PID:972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 380
        6⤵
        Program crash
        
        PID:2100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 360
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        9⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        11⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 376
        11⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 368
        10⤵
        Program crash
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 376
        9⤵
        Program crash
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 380
        8⤵
        Program crash
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49238.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        9⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 376
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 384
        8⤵
        Program crash
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 380
        7⤵
        Program crash
        
        PID:3448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 368
        6⤵
        Program crash
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        10⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 380
        10⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 376
        9⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 376
        8⤵
        Program crash
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 380
        7⤵
        Program crash
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 376
        8⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 376
        7⤵
        Program crash
        
        PID:4252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 376
        6⤵
        Program crash
        
        PID:3256
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 380
        5⤵
        Program crash
        
        PID:2724
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:1244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
        10⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 380
        10⤵
        Program crash
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 376
        9⤵
        Program crash
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 376
        8⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        10⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 380
        10⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 380
        9⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 376
        8⤵
        Program crash
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 376
        7⤵
        Program crash
        
        PID:3540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 376
        6⤵
        Program crash
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        8⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
        9⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 376
        9⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 368
        8⤵
        Program crash
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 376
        7⤵
        Program crash
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 380
        9⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 376
        8⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 376
        7⤵
        Program crash
        
        PID:4244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 380
        6⤵
        Program crash
        
        PID:3232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 376
        5⤵
        Program crash
        
        PID:1392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:2076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57920.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        11⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        12⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 376
        11⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 376
        10⤵
        Program crash
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 376
        9⤵
        Program crash
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        10⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        11⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 372
        10⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 376
        9⤵
        Program crash
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 384
        8⤵
        Program crash
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25994.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        8⤵
        Executes dropped EXE
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 376
        9⤵
        Program crash
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 376
        8⤵
        Program crash
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 372
        7⤵
        Program crash
        
        PID:2644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 376
        6⤵
        Program crash
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        10⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 380
        10⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 376
        9⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 376
        8⤵
        Program crash
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 376
        7⤵
        Program crash
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        9⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 380
        9⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 380
        8⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 380
        7⤵
        Program crash
        
        PID:4144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 376
        6⤵
        Program crash
        
        PID:2824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 368
        5⤵
        Program crash
        
        PID:1336
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 376
      4⤵
      Program crash
      PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3566.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        8⤵
        Executes dropped EXE
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53897.exe
        9⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 376
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 376
        8⤵
        Program crash
        
        PID:3768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 376
        7⤵
        Program crash
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58366.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        9⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 380
        9⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 380
        8⤵
        Program crash
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 376
        7⤵
        Program crash
        
        PID:4300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 376
        6⤵
        Program crash
        
        PID:3320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 376
        5⤵
        Program crash
        
        PID:280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        9⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 380
        9⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 380
        8⤵
        Program crash
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 376
        7⤵
        Program crash
        
        PID:1472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 380
        6⤵
        Program crash
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        8⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 376
        7⤵
        
        PID:5560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 376
        6⤵
        Program crash
        
        PID:4260
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 376
        5⤵
        Program crash
        
        PID:3412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 376
      4⤵
      Program crash
      PID:2856
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2492
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 372
  2⤵
  - Program crash
  PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe

Filesize
184KB

MD5
7caecadbdeef7bc0c30f19eec39ae79e

SHA1
6b167e761e9e522b284eb9479d4df55afaa5a280

SHA256
5ad8e9b81b6b01f7d302f84b5470ac2c676b568ae698b2c1cf80297b2d0907da

SHA512
977b8d9f26d0a2dc56f7e57706f4210f0d5275b0c7ff15393780395883b60a948e3f42e15167f21d8279356f95abaa799a495d5866dcbf3d3ec7157c974916a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe

Filesize
184KB

MD5
06aa8507f05ae4e13d148a1c0448c6d7

SHA1
85d04659646a58ad8ab948d34cef47ecc83a5638

SHA256
ecf9084fcd48e5934fff888e793ece090acec9b520bc3dfe9a7301df7c2fe42e

SHA512
e46ea7425df035018fe2073b84adcfaaf92f25b349b914d22578b466373c22330df048674c0aee006c4c58f4f4c2097ccc1502a35d94ad3c603bfd3f75c981a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe

Filesize
184KB

MD5
f54539d5ae60f080c735d0f88fe6b2da

SHA1
1cbf91381af3cdb2239c19ede86aa1a0e6c65b93

SHA256
2ae35d16f8dc76b03124d47ab5081c7c4a521e61a92481801afd92eab3d831e5

SHA512
f0e7d5e28e7ba71d36595a36104bf5ff07bf80e44ccc40cf3c743e7b04f2138f81cf5bbe74e22c77761f56cd8071c10bad834ec481ddc6a750b6676c276ca0c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe

Filesize
184KB

MD5
56353575f15bb4ff84ccdd95e8e19b52

SHA1
c8c86bada7c63da90bec9dae65440ee71214010d

SHA256
0af7daeed1e70b0c06ed89e5bc42daf2447ff81e204876c5532ee00ef75f4c90

SHA512
8d75fd9bf0dc5ed51858922f6a10f392c279f02670d6b9f830b7c4989a48407c0bfc45e3b9f690ee0458656a9dfe9221553b31dfc3804752a78e8d5b86fa75a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe

Filesize
184KB

MD5
e39ca352dc4a521c14baecc8d4d101a6

SHA1
92741aac3bc8801f1ba867ae3bec4eb25266fcb0

SHA256
fcc2f477681ac8f4aee2718c65846c26beab67f9f344efdbe08637c15854f5cd

SHA512
ef9799a1b9bfebc9368364a90ec2aa4efe46f511f22d7c7cca4879df35c3bf169dc6812ed27baa21a4ca137c8531ba13413913c92203a3d302046dd4d84367ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe

Filesize
184KB

MD5
f476c2a1bae5406a00f94831040a85fa

SHA1
b3582eefb42967ab4fc4232141f2a0109e51a120

SHA256
522a6391914036ec3ad63c31f05e6379d926d7279a45274148865d9f6df80c16

SHA512
8a0d939510974b5b0123c5df9b1a109c792024e66bd09a2d76711b074d142688024b9519a279008396d41d3ba268e72f5181df4808f437949d579a4e22a1481a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe

Filesize
184KB

MD5
601172032b87c70ce6e7c0478ce17ae5

SHA1
2d454b13c3119a1c3ae0439781da228d2043a07d

SHA256
7dcaaa05a513328cb4fcd245a95a0b34cb904e2a7e2f41413585c28754cefcd7

SHA512
498834c3dc0bcff9cf3d9bbd268071ab20900d5992fbab396c5dccc736012334f2b9186263b5cd6515df0d33b766f65cf7a064e2c6605a489b63d11ade3185ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe

Filesize
184KB

MD5
50635606d71ad7db2782c50bde53b888

SHA1
555b971981aa6c50dce529e8bad99894c8228996

SHA256
422430eb4b0b2014c27020c7dfc9635c7c3d70e914fbdb9df71b663049f8ed87

SHA512
5fd6435f9058b3e727f6220e68fe37921d43b7b27889e6290b2ef406e138b129016cfe0349706d25a197cc27ff1b5a3cfa4e2b8943b4003e6aff385522687311

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe

Filesize
184KB

MD5
ba73e92259c66a1b43a7ea4a5a8e22f4

SHA1
254ed10361ec7f6b713c6385be3ec2c803f630fb

SHA256
9b4ef78c937f483d438cc7fcf1376ca76b18bb4c65c54dc1d2367e62f696f102

SHA512
0cfcd8f3b256c27b24fa1578db920eee1c9b2f36c2d2a3dc955aa514ebd806771edebd5054261eb4964e9ffebde3b4a8fdd799f33ec03568a8be7695269dc577

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe

Filesize
184KB

MD5
7770327d4855931f7c91f304d7285515

SHA1
4e4b9de85895006aa176972a1d2bdd2a62ec61e9

SHA256
6eaf3a98a15d4422778fbcd69e1e9ef03844f99aec4fd23fb327ceee0e5db97f

SHA512
68fb83ecb29424ebf2e8a7d8b7e79fcb911109954ef6120db0eb752b9acb66859bf46b41de517181b10cba6582ad9422ffb807f32d6f225927132de012e3c446

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe

Filesize
184KB

MD5
0dcaaac43e16c6259cf41b1e7c0a7498

SHA1
defa516622fabc1b522e81516c0410a2c85d3b74

SHA256
78a26730137c680d8d13cfa5e79fb6aad6a0c0a53e7412725cbd2407eed2d580

SHA512
05d17d33042a19b0710813becc9e8c1bc6b37b4f2ef3fded3c5339a8b132e85c6fa643770b6ca9c4c6061657f6cc84e3b94af9b50883b79d1f9f321385e816df

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads