81b2fe3997b76646bd1dc58889e8185cdf88990aa3d794d82269bb5601aaf750

Analysis

max time kernel
30s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66edf1babf4e84dde811cca8d96d9743.exe
Size

184KB
MD5

66edf1babf4e84dde811cca8d96d9743
SHA1

2fc8c2973dd3ffe6aa45bd02734f306500b84be1
SHA256

81b2fe3997b76646bd1dc58889e8185cdf88990aa3d794d82269bb5601aaf750
SHA512

2781c3eabca7567de833d16209977c9ffbe06474d9d44a7d56fe03b5badff5e295ead12f96e0f325de3bd5a2d9009e5859a89eafaff4c36bb6fe230a20502fa7
SSDEEP

3072:xKenoJITfUA/yOjCKTC8zzFRUsL6T9NkBDvxzJd0z7lPvpFN:xKioCl/ydKe8zzkm/e7lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3008	Unicorn-57417.exe
2620	Unicorn-59010.exe
2568	Unicorn-22808.exe
2556	Unicorn-27812.exe
2672	Unicorn-11475.exe
2612	Unicorn-57147.exe
1984	Unicorn-4672.exe
2364	Unicorn-54257.exe
944	Unicorn-59088.exe
1576	Unicorn-29753.exe
1956	Unicorn-42751.exe
2780	Unicorn-45482.exe
2784	Unicorn-4257.exe
1904	Unicorn-1112.exe
1560	Unicorn-25424.exe
652	Unicorn-37122.exe
1528	Unicorn-4833.exe
1932	Unicorn-1496.exe
1284	Unicorn-21362.exe
952	Unicorn-31772.exe
2408	Unicorn-3354.exe
1500	Unicorn-7459.exe
1020	Unicorn-62607.exe
1952	Unicorn-59270.exe
2104	Unicorn-62415.exe
1672	Unicorn-5046.exe
2260	Unicorn-1709.exe
1624	Unicorn-62991.exe
2516	Unicorn-10453.exe
2212	Unicorn-13982.exe
2360	Unicorn-46463.exe
2964	Unicorn-59462.exe
2636	Unicorn-20729.exe
2388	Unicorn-41895.exe
276	Unicorn-21305.exe
1492	Unicorn-45617.exe
1588	Unicorn-34111.exe
848	Unicorn-3816.exe
2024	Unicorn-95.exe
2908	Unicorn-28705.exe
384	Unicorn-26505.exe
2748	Unicorn-45856.exe
580	Unicorn-29520.exe
2020	Unicorn-10230.exe
980	Unicorn-59047.exe
2172	Unicorn-21544.exe
1864	Unicorn-12415.exe
2540	Unicorn-18206.exe
876	Unicorn-57895.exe
1032	Unicorn-4055.exe
1480	Unicorn-4055.exe
572	Unicorn-20968.exe
2356	Unicorn-9462.exe
2996	Unicorn-35114.exe
2892	Unicorn-44714.exe
2732	Unicorn-55451.exe
1756	Unicorn-5736.exe
1548	Unicorn-52602.exe
1244	Unicorn-57433.exe
2768	Unicorn-36074.exe
752	Unicorn-11569.exe
1140	Unicorn-8616.exe
2128	Unicorn-42789.exe
692	Unicorn-22923.exe

Loads dropped DLL 64 IoCs

pid	Process
1868	66edf1babf4e84dde811cca8d96d9743.exe
1868	66edf1babf4e84dde811cca8d96d9743.exe
3008	Unicorn-57417.exe
3008	Unicorn-57417.exe
1868	66edf1babf4e84dde811cca8d96d9743.exe
1868	66edf1babf4e84dde811cca8d96d9743.exe
2620	Unicorn-59010.exe
2620	Unicorn-59010.exe
2568	Unicorn-22808.exe
3008	Unicorn-57417.exe
2568	Unicorn-22808.exe
3008	Unicorn-57417.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
2612	Unicorn-57147.exe
2612	Unicorn-57147.exe
2672	Unicorn-11475.exe
2672	Unicorn-11475.exe
2556	Unicorn-27812.exe
2556	Unicorn-27812.exe
2568	Unicorn-22808.exe
2568	Unicorn-22808.exe
2620	Unicorn-59010.exe
2620	Unicorn-59010.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2364	Unicorn-54257.exe
2364	Unicorn-54257.exe
1984	Unicorn-4672.exe
1984	Unicorn-4672.exe
2672	Unicorn-11475.exe
2672	Unicorn-11475.exe
2612	Unicorn-57147.exe
2612	Unicorn-57147.exe
1956	Unicorn-42751.exe
1956	Unicorn-42751.exe
944	Unicorn-59088.exe
944	Unicorn-59088.exe
2556	Unicorn-27812.exe
2556	Unicorn-27812.exe
1576	Unicorn-29753.exe
1576	Unicorn-29753.exe
1300	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1660	WerFault.exe

Program crash 58 IoCs

pid	pid_target	Process	procid_target
2720	1868	WerFault.exe	16
3056	3008	WerFault.exe	28
2040	2620	WerFault.exe	29
2708	2568	WerFault.exe	30
1300	2612	WerFault.exe	33
1308	2672	WerFault.exe	34
1660	2556	WerFault.exe	32
2604	2364	WerFault.exe	37
2696	1984	WerFault.exe	36
2772	1956	WerFault.exe	38
1544	944	WerFault.exe	39
2196	1576	WerFault.exe	40
1928	2780	WerFault.exe	43
1188	1904	WerFault.exe	44
1732	2784	WerFault.exe	46
3028	1528	WerFault.exe	48
2332	1560	WerFault.exe	45
2384	1588	WerFault.exe	76
1444	2212	WerFault.exe	64
2064	2636	WerFault.exe	69
3164	2104	WerFault.exe	59
3156	2360	WerFault.exe	65
3148	1284	WerFault.exe	50
3140	1932	WerFault.exe	49
3264	1492	WerFault.exe	75
3256	1952	WerFault.exe	58
3272	580	WerFault.exe	82
3248	952	WerFault.exe	54
3240	276	WerFault.exe	72
3280	1020	WerFault.exe	57
3224	2260	WerFault.exe	61
3232	652	WerFault.exe	47
3216	1500	WerFault.exe	56
3300	2908	WerFault.exe	79
3444	1624	WerFault.exe	62
3436	572	WerFault.exe	91
3428	2172	WerFault.exe	85
3420	2020	WerFault.exe	83
3412	2356	WerFault.exe	92
3456	1032	WerFault.exe	89
3484	2408	WerFault.exe	55
3500	2388	WerFault.exe	71
3540	2964	WerFault.exe	66
3764	2516	WerFault.exe	63
3980	848	WerFault.exe	77
3524	2024	WerFault.exe	78
3480	1672	WerFault.exe	60
3964	2748	WerFault.exe	81
3576	2996	WerFault.exe	93
4104	692	WerFault.exe	109
4212	2540	WerFault.exe	87
4360	2768	WerFault.exe	105
4468	2644	WerFault.exe	119
4704	1228	WerFault.exe	113
4852	4080	WerFault.exe	149
4940	2068	WerFault.exe	115
4952	1140	WerFault.exe	107
5048	4224	WerFault.exe	157

Suspicious use of SetWindowsHookEx 58 IoCs

pid	Process
1868	66edf1babf4e84dde811cca8d96d9743.exe
3008	Unicorn-57417.exe
2620	Unicorn-59010.exe
2568	Unicorn-22808.exe
2556	Unicorn-27812.exe
2612	Unicorn-57147.exe
2672	Unicorn-11475.exe
1984	Unicorn-4672.exe
2364	Unicorn-54257.exe
1956	Unicorn-42751.exe
944	Unicorn-59088.exe
1576	Unicorn-29753.exe
2780	Unicorn-45482.exe
2784	Unicorn-4257.exe
1904	Unicorn-1112.exe
1560	Unicorn-25424.exe
652	Unicorn-37122.exe
1528	Unicorn-4833.exe
1284	Unicorn-21362.exe
1932	Unicorn-1496.exe
952	Unicorn-31772.exe
2408	Unicorn-3354.exe
1500	Unicorn-7459.exe
1020	Unicorn-62607.exe
2104	Unicorn-62415.exe
1672	Unicorn-5046.exe
1952	Unicorn-59270.exe
2260	Unicorn-1709.exe
1624	Unicorn-62991.exe
2212	Unicorn-13982.exe
2516	Unicorn-10453.exe
2360	Unicorn-46463.exe
2964	Unicorn-59462.exe
2636	Unicorn-20729.exe
276	Unicorn-21305.exe
2388	Unicorn-41895.exe
1492	Unicorn-45617.exe
1588	Unicorn-34111.exe
848	Unicorn-3816.exe
2024	Unicorn-95.exe
2908	Unicorn-28705.exe
384	Unicorn-26505.exe
580	Unicorn-29520.exe
2748	Unicorn-45856.exe
2172	Unicorn-21544.exe
2020	Unicorn-10230.exe
980	Unicorn-59047.exe
2540	Unicorn-18206.exe
1864	Unicorn-12415.exe
876	Unicorn-57895.exe
1032	Unicorn-4055.exe
1480	Unicorn-4055.exe
572	Unicorn-20968.exe
2356	Unicorn-9462.exe
2996	Unicorn-35114.exe
2892	Unicorn-44714.exe
1756	Unicorn-5736.exe
2732	Unicorn-55451.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 3008	1868	66edf1babf4e84dde811cca8d96d9743.exe	28
PID 1868 wrote to memory of 3008	1868	66edf1babf4e84dde811cca8d96d9743.exe	28
PID 1868 wrote to memory of 3008	1868	66edf1babf4e84dde811cca8d96d9743.exe	28
PID 1868 wrote to memory of 3008	1868	66edf1babf4e84dde811cca8d96d9743.exe	28
PID 3008 wrote to memory of 2620	3008	Unicorn-57417.exe	29
PID 3008 wrote to memory of 2620	3008	Unicorn-57417.exe	29
PID 3008 wrote to memory of 2620	3008	Unicorn-57417.exe	29
PID 3008 wrote to memory of 2620	3008	Unicorn-57417.exe	29
PID 1868 wrote to memory of 2568	1868	66edf1babf4e84dde811cca8d96d9743.exe	30
PID 1868 wrote to memory of 2568	1868	66edf1babf4e84dde811cca8d96d9743.exe	30
PID 1868 wrote to memory of 2568	1868	66edf1babf4e84dde811cca8d96d9743.exe	30
PID 1868 wrote to memory of 2568	1868	66edf1babf4e84dde811cca8d96d9743.exe	30
PID 1868 wrote to memory of 2720	1868	66edf1babf4e84dde811cca8d96d9743.exe	31
PID 1868 wrote to memory of 2720	1868	66edf1babf4e84dde811cca8d96d9743.exe	31
PID 1868 wrote to memory of 2720	1868	66edf1babf4e84dde811cca8d96d9743.exe	31
PID 1868 wrote to memory of 2720	1868	66edf1babf4e84dde811cca8d96d9743.exe	31
PID 2620 wrote to memory of 2556	2620	Unicorn-59010.exe	32
PID 2620 wrote to memory of 2556	2620	Unicorn-59010.exe	32
PID 2620 wrote to memory of 2556	2620	Unicorn-59010.exe	32
PID 2620 wrote to memory of 2556	2620	Unicorn-59010.exe	32
PID 2568 wrote to memory of 2672	2568	Unicorn-22808.exe	34
PID 2568 wrote to memory of 2672	2568	Unicorn-22808.exe	34
PID 2568 wrote to memory of 2672	2568	Unicorn-22808.exe	34
PID 2568 wrote to memory of 2672	2568	Unicorn-22808.exe	34
PID 3008 wrote to memory of 2612	3008	Unicorn-57417.exe	33
PID 3008 wrote to memory of 2612	3008	Unicorn-57417.exe	33
PID 3008 wrote to memory of 2612	3008	Unicorn-57417.exe	33
PID 3008 wrote to memory of 2612	3008	Unicorn-57417.exe	33
PID 3008 wrote to memory of 3056	3008	Unicorn-57417.exe	35
PID 3008 wrote to memory of 3056	3008	Unicorn-57417.exe	35
PID 3008 wrote to memory of 3056	3008	Unicorn-57417.exe	35
PID 3008 wrote to memory of 3056	3008	Unicorn-57417.exe	35
PID 2612 wrote to memory of 1984	2612	Unicorn-57147.exe	36
PID 2612 wrote to memory of 1984	2612	Unicorn-57147.exe	36
PID 2612 wrote to memory of 1984	2612	Unicorn-57147.exe	36
PID 2612 wrote to memory of 1984	2612	Unicorn-57147.exe	36
PID 2672 wrote to memory of 2364	2672	Unicorn-11475.exe	37
PID 2672 wrote to memory of 2364	2672	Unicorn-11475.exe	37
PID 2672 wrote to memory of 2364	2672	Unicorn-11475.exe	37
PID 2672 wrote to memory of 2364	2672	Unicorn-11475.exe	37
PID 2556 wrote to memory of 1576	2556	Unicorn-27812.exe	40
PID 2556 wrote to memory of 1576	2556	Unicorn-27812.exe	40
PID 2556 wrote to memory of 1576	2556	Unicorn-27812.exe	40
PID 2556 wrote to memory of 1576	2556	Unicorn-27812.exe	40
PID 2568 wrote to memory of 944	2568	Unicorn-22808.exe	39
PID 2568 wrote to memory of 944	2568	Unicorn-22808.exe	39
PID 2568 wrote to memory of 944	2568	Unicorn-22808.exe	39
PID 2568 wrote to memory of 944	2568	Unicorn-22808.exe	39
PID 2620 wrote to memory of 1956	2620	Unicorn-59010.exe	38
PID 2620 wrote to memory of 1956	2620	Unicorn-59010.exe	38
PID 2620 wrote to memory of 1956	2620	Unicorn-59010.exe	38
PID 2620 wrote to memory of 1956	2620	Unicorn-59010.exe	38
PID 2620 wrote to memory of 2040	2620	Unicorn-59010.exe	41
PID 2620 wrote to memory of 2040	2620	Unicorn-59010.exe	41
PID 2620 wrote to memory of 2040	2620	Unicorn-59010.exe	41
PID 2620 wrote to memory of 2040	2620	Unicorn-59010.exe	41
PID 2568 wrote to memory of 2708	2568	Unicorn-22808.exe	42
PID 2568 wrote to memory of 2708	2568	Unicorn-22808.exe	42
PID 2568 wrote to memory of 2708	2568	Unicorn-22808.exe	42
PID 2568 wrote to memory of 2708	2568	Unicorn-22808.exe	42
PID 2364 wrote to memory of 2780	2364	Unicorn-54257.exe	43
PID 2364 wrote to memory of 2780	2364	Unicorn-54257.exe	43
PID 2364 wrote to memory of 2780	2364	Unicorn-54257.exe	43
PID 2364 wrote to memory of 2780	2364	Unicorn-54257.exe	43

C:\Users\Admin\AppData\Local\Temp\66edf1babf4e84dde811cca8d96d9743.exe
"C:\Users\Admin\AppData\Local\Temp\66edf1babf4e84dde811cca8d96d9743.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 372
        8⤵
        Program crash
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 380
        7⤵
        Program crash
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 380
        7⤵
        Program crash
        
        PID:3540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 376
        6⤵
        Program crash
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
        9⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 380
        9⤵
        Program crash
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 380
        8⤵
        Program crash
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 372
        7⤵
        Program crash
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 372
        6⤵
        Program crash
        
        PID:3140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 376
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21544.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        8⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 380
        8⤵
        Program crash
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        8⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 380
        7⤵
        Program crash
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
        7⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 380
        7⤵
        Program crash
        
        PID:4212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 380
        6⤵
        Program crash
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        7⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        8⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 380
        8⤵
        Program crash
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 380
        7⤵
        Program crash
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
        6⤵
        
        PID:2864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 380
        6⤵
        Program crash
        
        PID:3764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 368
        5⤵
        Program crash
        
        PID:2772
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 372
      4⤵
      Loads dropped DLL
      Program crash
      PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        10⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 380
        10⤵
        Program crash
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 380
        9⤵
        Program crash
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 380
        8⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        7⤵
        Executes dropped EXE
        
        PID:692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 380
        8⤵
        Program crash
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 380
        7⤵
        Program crash
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        7⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 372
        7⤵
        Program crash
        
        PID:3524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 368
        6⤵
        Program crash
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
        7⤵
        Executes dropped EXE
        
        PID:1548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 380
        7⤵
        Program crash
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        6⤵
        Executes dropped EXE
        
        PID:1244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 380
        6⤵
        Program crash
        
        PID:3256
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 368
        5⤵
        Program crash
        
        PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        7⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 380
        7⤵
        Program crash
        
        PID:3456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 380
        6⤵
        Program crash
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        6⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 380
        7⤵
        Program crash
        
        PID:4940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 380
        6⤵
        Program crash
        
        PID:3412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 376
        5⤵
        Program crash
        
        PID:2332
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:1300
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 380
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 380
        9⤵
        Program crash
        
        PID:3576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 360
        8⤵
        Program crash
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 372
        7⤵
        Program crash
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        7⤵
        Executes dropped EXE
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 368
        8⤵
        Program crash
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 372
        7⤵
        Program crash
        
        PID:3500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 376
        6⤵
        Program crash
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 380
        7⤵
        Program crash
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 380
        6⤵
        Program crash
        
        PID:3484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 372
        5⤵
        Program crash
        
        PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45617.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        7⤵
        Executes dropped EXE
        
        PID:752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 384
        7⤵
        Program crash
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        6⤵
        Executes dropped EXE
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        7⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 380
        7⤵
        Program crash
        
        PID:4952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 380
        6⤵
        Program crash
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 244
        6⤵
        Program crash
        
        PID:2384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 376
        5⤵
        Program crash
        
        PID:1188
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:1308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        7⤵
        Executes dropped EXE
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 380
        7⤵
        Program crash
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        6⤵
        
        PID:2756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 372
        6⤵
        Program crash
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        6⤵
        
        PID:2112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 380
        6⤵
        Program crash
        
        PID:3420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 376
        5⤵
        Program crash
        
        PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 380
        5⤵
        Program crash
        
        PID:3224
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 368
      4⤵
      Program crash
      PID:1544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 372
  2⤵
  - Program crash
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe

Filesize
184KB

MD5
6be5bba8fc7008a3178e2ec4864ddc80

SHA1
3b683d8d1f04d5e5d7e3338b0bf1a64289583eb6

SHA256
cb5e23711a1320c5781607ea894646b3fce63f7ac2fbcd4d6a446b74cdca575c

SHA512
b5ba5f09b7b6f45af82d8418cd0ffdecd1f38a379767f60afbe4d0c7cb71e77b3d8fdb151971f5ac13dfe198ff6c5bea699ca826fdbd6305b587f7214e88f714

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe

Filesize
184KB

MD5
9895c05bcdaeae21d3bc793cd4ad3c4e

SHA1
947fbfb6258de77eadc4780781d798e0d6a274dd

SHA256
4107677d238e1ea9b66dedba49a50a7327bdb3aae5612e5decd9478a770573e4

SHA512
4733aee2f485780d4ec0b9e23a5bbb45843cd4b46a44f2d98735d5360c4865b8b5066dc37ae7e5e1ae10076b79181082c216bf831e5247efa22b72150b515bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe

Filesize
184KB

MD5
946ebe4115494979e8323e53ce633272

SHA1
f0fac58e1d0eaae6fc46931268dd3450f48e6268

SHA256
563c619f6af381e30a21c368d8c685c2494c047b3016bb73688794a4dc368959

SHA512
6f4a8421fc7d8005e31ce97330411e0be6fe1f13708eef995caf16c8a818db1e7b3997bbe0fcce7de21f4ab689add367e505ffe58f4132aae4af46f6c936894d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe

Filesize
184KB

MD5
c721e5c54b4ae82cec7f7a787eae3781

SHA1
a90f028fcacd6a1a1a654c64ad54a093bc96ae17

SHA256
bd1f8d18ace849d3792386089a77d5a744b1ca3a59024bd7842685cc9ab359ae

SHA512
c7d455ec7264ff12bee0410b45ebf2e76f726e4cc2a858ce490e6e0e36d7c84f69161a2727faa0c11583449e8c2389f8743fba8e58642c1c7f076c147fb47436

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe

Filesize
184KB

MD5
117701f737f27c4eab463882fe875e74

SHA1
2055b45c152cfc8e60fbcf1b7e151276a3144ba0

SHA256
38244bf94aa066fd5b658441ce76d63d5def1eddb2ce9e2b7cbf18945a4f4244

SHA512
ab803b7db213c1f9ffdc85b4d314a943c9fa37716f62e2f6d31a637d06aae030a0d7d58ce598ceb2f7f163b49ecf22a3e310aeac1a44e3994e462e2a408b0c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe

Filesize
184KB

MD5
29fe47e1a7612913759c22c7cb039c6c

SHA1
1adc0c48648e9e00aebbb39be6a250a604f8902c

SHA256
756dc058ec8060008db6c73c0f4a527ff655b79dee97ab62eda9d3474546e28c

SHA512
8c241eae3e59b43500930a7d889bf50d2cf50806d32d9cedb95c4da7074129371cd4ce0e0dfcc4e60186542d068c22d2891aa7e764f85bcd5e44a6f9c2341f11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe

Filesize
184KB

MD5
41a38e15538462863cd4b013a1e2e67a

SHA1
5b587602870b4f0ed2645cef9505c3bd2de2f616

SHA256
860869e79dffa83c437e7b70f6640564b2de96e345ba9e8e039bd5c60f7753e2

SHA512
759c756b7d317b9a404fe10802141c49c5e7015e4649f4a1b96780ee4288028f071b31969653e32e30b78e636f0e9999f9a817ffaa075eca098f2f79dd6440e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe

Filesize
184KB

MD5
e7506316ca8003dd4d543716e3b4d02f

SHA1
ef097f63e28d568e4a71e801e7b728ca2fbd565d

SHA256
b1265d3bb8d178a5e04e6e43d139fe54bb77dad0a4094ee0480d17f347811c1f

SHA512
994dee14629f6c5138c43dadf74d4f1b53df191e3fef47733de8ef18e24efbba0d9f234a39003fc012da2066e2b197c76b2837ce00c6d8ecdff7a3f5c9447f57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe

Filesize
184KB

MD5
3367802c8bac7e2115571e3da4461f9b

SHA1
aec0a8c4aa9b317f5f611043ad4c41e4295db5f3

SHA256
90e81bbc78ddbaf2587cdf9909fa654bc50195d3f8604d4201c8c7f101c020f5

SHA512
670b7edfeef70d9d39aeef8613e49df03bdc6ce95caa0de42517428fce540a07df7cdf70eec958ed6733373334f902d557ea9dfcdc0a18949716276a04f47542

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe

Filesize
184KB

MD5
e2707109ee2cc062a82ddca705a03af1

SHA1
98111cf9d943d49ac61d04eb0507d1a1ad99f9e4

SHA256
bf92e76bca19bc81de7905aa3bade9373668b3d0f1be7a1c67474230d4213d4a

SHA512
8b309d7dd35d92b4b685c360e93f66ff2d34885317bbae047a82a079ddfe011c6ce2e0b9ffa2d2068b2abd024e08ffd9fc9a70332e3d69c28bae1c2d65deb799

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe

Filesize
184KB

MD5
e901c6ec056b3c183faa0f0ce61c053a

SHA1
c28ff19aaab39084d1c6c43218eac24a0e4b3c4e

SHA256
e77c0f4dc941f3f601313d7146c306e60efb7bc269642bb6adff5effc926e24a

SHA512
e16224467283ba39747c3280155a0aeadf4ef4ac81db4801b106cf7f69ada327448a129284289ab47999c7b57a01be714de2004c9fead62308b0a7ccd963e967

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe

Filesize
184KB

MD5
24dd99e71bf5589151713e56d845f2b8

SHA1
d2860004b0efaa5406af78f30320c8ac1afc7625

SHA256
86a44fa8d5e1e5d57db81a819405eede2f0fa5111ab60e720a8b0531b6f5e8bb

SHA512
e27455748bd61a90858c0541276db9f8ab7ee7cc2f82e4346264065c128c0728a6df0f99a16bfbe040f5b2f59ae1c4123acf4d777b7286287a4fda081f004b03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe

Filesize
184KB

MD5
a9d3091bb6b3b78751a9d461da841902

SHA1
cd3b2c72cbcd6a72c7cc9ed5bc2033e64c450f21

SHA256
4fb24daf4090bfe8a262fd147b9d27fa10e5bdc1a19a7ff06e1adcd21a829870

SHA512
aa17a895ee6c3a963502882cded9aac3400f2503d94a6a3f6bdbf61bd7bebf02d682f97009f8153fb30ef1573c129d11f5b7a3c9b950cbaeac8ca464517053d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe

Filesize
184KB

MD5
4bd5a8ff85f3301658e639ce7db3bdd4

SHA1
509ae0d4bd47b143312fa4bcdec4936d603ceed5

SHA256
29d2c77bed7acb496e2eeaf801bd20aac1325084f3e2ff2b125e4fe690f174d7

SHA512
34d4be39829f38d9a45ed93f8a03ec28323abad1b706b5cd1835b5a5413d4e7846262adc759497673b8a155d491ccfb3dd465e70b1b86899ad074613233fd549

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads