f9c831040bb837dac01ce80626da7f305022ed670580ffbe01c7e5052b73f8c9

Analysis

max time kernel
66s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e03503b072a7baf1e51c62174c31be41.exe
Size

184KB
MD5

e03503b072a7baf1e51c62174c31be41
SHA1

4aa2c9aa681e1c8fe4fe6debedcf0da43b1c434c
SHA256

f9c831040bb837dac01ce80626da7f305022ed670580ffbe01c7e5052b73f8c9
SHA512

55f2ed165f42e7153ca93baaec71a1367fd915defb4b122f2338e36485e5a90311ac6c522230faf572feaee50db6149cde47f53500cdc526bd4d6de59d178562
SSDEEP

3072:Jf4PoxJwolGVIN0OMgrLx8azp7vd8IXLL8xPfBKENlPvOFz:JfAofEVIzMOLx8faIhNlPvOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2972	Unicorn-50075.exe
1288	Unicorn-60464.exe
2580	Unicorn-45560.exe
2600	Unicorn-61484.exe
2668	Unicorn-2724.exe
1988	Unicorn-53316.exe
3036	Unicorn-49315.exe
1692	Unicorn-17197.exe
2980	Unicorn-20535.exe
1412	Unicorn-27311.exe
2848	Unicorn-34131.exe
1604	Unicorn-40715.exe
2028	Unicorn-9434.exe
2396	Unicorn-45890.exe
2416	Unicorn-451.exe
2244	Unicorn-29554.exe
1384	Unicorn-58718.exe
2140	Unicorn-8126.exe
1236	Unicorn-8147.exe
1076	Unicorn-10840.exe
856	Unicorn-26622.exe
2124	Unicorn-1925.exe
1680	Unicorn-63378.exe
972	Unicorn-22900.exe
1044	Unicorn-12039.exe
1672	Unicorn-49543.exe
900	Unicorn-61515.exe
1608	Unicorn-25313.exe
2968	Unicorn-59377.exe
3044	Unicorn-28651.exe
2760	Unicorn-37373.exe
2636	Unicorn-40903.exe
2528	Unicorn-32735.exe
2660	Unicorn-42033.exe
2472	Unicorn-49647.exe
2432	Unicorn-23005.exe
2500	Unicorn-35811.exe
3016	Unicorn-20867.exe
2860	Unicorn-15391.exe
3024	Unicorn-61707.exe
2996	Unicorn-446.exe
2768	Unicorn-21421.exe
2796	Unicorn-3316.exe
1788	Unicorn-6009.exe
1944	Unicorn-27821.exe
2056	Unicorn-54463.exe
1112	Unicorn-11847.exe
1760	Unicorn-62439.exe
1440	Unicorn-36050.exe
112	Unicorn-55916.exe
1560	Unicorn-42080.exe
1632	Unicorn-14883.exe
1036	Unicorn-13300.exe
932	Unicorn-8661.exe
2896	Unicorn-41888.exe
2384	Unicorn-49502.exe
1168	Unicorn-60384.exe
2900	Unicorn-58246.exe
2236	Unicorn-23436.exe
2588	Unicorn-54162.exe
2728	Unicorn-37634.exe
2752	Unicorn-17768.exe
2484	Unicorn-38188.exe
2480	Unicorn-23244.exe

Loads dropped DLL 64 IoCs

pid	Process
844	e03503b072a7baf1e51c62174c31be41.exe
844	e03503b072a7baf1e51c62174c31be41.exe
2972	Unicorn-50075.exe
2972	Unicorn-50075.exe
844	e03503b072a7baf1e51c62174c31be41.exe
844	e03503b072a7baf1e51c62174c31be41.exe
1288	Unicorn-60464.exe
1288	Unicorn-60464.exe
2972	Unicorn-50075.exe
2972	Unicorn-50075.exe
2580	Unicorn-45560.exe
2580	Unicorn-45560.exe
2600	Unicorn-61484.exe
2600	Unicorn-61484.exe
1288	Unicorn-60464.exe
1288	Unicorn-60464.exe
1988	Unicorn-53316.exe
1988	Unicorn-53316.exe
2580	Unicorn-45560.exe
2580	Unicorn-45560.exe
2496	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2496	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
3036	Unicorn-49315.exe
3036	Unicorn-49315.exe
2600	Unicorn-61484.exe
2600	Unicorn-61484.exe
1692	Unicorn-17197.exe
1692	Unicorn-17197.exe
2980	Unicorn-20535.exe
2980	Unicorn-20535.exe
1988	Unicorn-53316.exe
1988	Unicorn-53316.exe
1412	Unicorn-27311.exe
1412	Unicorn-27311.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2592	844	WerFault.exe	27
2496	1288	WerFault.exe	29
2524	2580	WerFault.exe	30
540	2600	WerFault.exe	32
808	1988	WerFault.exe	34
2392	2972	WerFault.exe	28
1696	3036	WerFault.exe	35
2336	1692	WerFault.exe	36
2344	2980	WerFault.exe	37
1308	1412	WerFault.exe	38
1684	2848	WerFault.exe	41
2700	1604	WerFault.exe	42
2704	2028	WerFault.exe	43
2316	2416	WerFault.exe	45
1276	2396	WerFault.exe	44
2420	2244	WerFault.exe	46
1312	1384	WerFault.exe	49
2820	2140	WerFault.exe	50
2412	1236	WerFault.exe	51
1764	1672	WerFault.exe	58
2016	972	WerFault.exe	56
2640	856	WerFault.exe	53
2576	1044	WerFault.exe	57
2992	1076	WerFault.exe	52
1652	2500	WerFault.exe	74
1060	2432	WerFault.exe	73
1368	2124	WerFault.exe	54
2216	2768	WerFault.exe	79
3056	900	WerFault.exe	63
2052	3044	WerFault.exe	67
2544	1788	WerFault.exe	84
2612	2760	WerFault.exe	68
1744	2472	WerFault.exe	72
2228	1944	WerFault.exe	88
2208	1112	WerFault.exe	90
1924	2636	WerFault.exe	69
2744	2728	WerFault.exe	105
2468	2860	WerFault.exe	76
3076	3024	WerFault.exe	77
916	2996	WerFault.exe	78
3092	1608	WerFault.exe	65
3112	2796	WerFault.exe	83
3144	1760	WerFault.exe	91
3136	1440	WerFault.exe	92
3176	1036	WerFault.exe	96
3168	1632	WerFault.exe	95
3196	1560	WerFault.exe	94
3436	932	WerFault.exe	97
3428	2604	WerFault.exe	130
3420	1848	WerFault.exe	133
3412	1144	WerFault.exe	118
3404	2696	WerFault.exe	122
3396	1724	WerFault.exe	124
3548	112	WerFault.exe	93
3572	2968	WerFault.exe	66
3596	2056	WerFault.exe	87
3588	1680	WerFault.exe	55
3700	3016	WerFault.exe	75
3784	2484	WerFault.exe	106
3776	2752	WerFault.exe	104
3804	2384	WerFault.exe	99
3900	2480	WerFault.exe	107
3996	2588	WerFault.exe	103
3972	2896	WerFault.exe	98

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
844	e03503b072a7baf1e51c62174c31be41.exe
2972	Unicorn-50075.exe
1288	Unicorn-60464.exe
2580	Unicorn-45560.exe
2600	Unicorn-61484.exe
1988	Unicorn-53316.exe
3036	Unicorn-49315.exe
1692	Unicorn-17197.exe
2980	Unicorn-20535.exe
1412	Unicorn-27311.exe
2848	Unicorn-34131.exe
1604	Unicorn-40715.exe
2028	Unicorn-9434.exe
2396	Unicorn-45890.exe
2416	Unicorn-451.exe
2244	Unicorn-29554.exe
1384	Unicorn-58718.exe
2140	Unicorn-8126.exe
1236	Unicorn-8147.exe
1076	Unicorn-10840.exe
856	Unicorn-26622.exe
1680	Unicorn-63378.exe
2124	Unicorn-1925.exe
972	Unicorn-22900.exe
1044	Unicorn-12039.exe
1672	Unicorn-49543.exe
900	Unicorn-61515.exe
1608	Unicorn-25313.exe
2968	Unicorn-59377.exe
3044	Unicorn-28651.exe
2636	Unicorn-40903.exe
2760	Unicorn-37373.exe
2528	Unicorn-32735.exe
2660	Unicorn-42033.exe
2472	Unicorn-49647.exe
2432	Unicorn-23005.exe
2500	Unicorn-35811.exe
2996	Unicorn-446.exe
2860	Unicorn-15391.exe
3016	Unicorn-20867.exe
3024	Unicorn-61707.exe
2768	Unicorn-21421.exe
1788	Unicorn-6009.exe
2796	Unicorn-3316.exe
2056	Unicorn-54463.exe
1944	Unicorn-27821.exe
1112	Unicorn-11847.exe
1760	Unicorn-62439.exe
1560	Unicorn-42080.exe
112	Unicorn-55916.exe
1440	Unicorn-36050.exe
1632	Unicorn-14883.exe
1036	Unicorn-13300.exe
932	Unicorn-8661.exe
2896	Unicorn-41888.exe
2384	Unicorn-49502.exe
2728	Unicorn-37634.exe
2752	Unicorn-17768.exe
1168	Unicorn-60384.exe
2900	Unicorn-58246.exe
2588	Unicorn-54162.exe
2236	Unicorn-23436.exe
2252	Unicorn-28650.exe
2484	Unicorn-38188.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 2972	844	e03503b072a7baf1e51c62174c31be41.exe	28
PID 844 wrote to memory of 2972	844	e03503b072a7baf1e51c62174c31be41.exe	28
PID 844 wrote to memory of 2972	844	e03503b072a7baf1e51c62174c31be41.exe	28
PID 844 wrote to memory of 2972	844	e03503b072a7baf1e51c62174c31be41.exe	28
PID 2972 wrote to memory of 1288	2972	Unicorn-50075.exe	29
PID 2972 wrote to memory of 1288	2972	Unicorn-50075.exe	29
PID 2972 wrote to memory of 1288	2972	Unicorn-50075.exe	29
PID 2972 wrote to memory of 1288	2972	Unicorn-50075.exe	29
PID 844 wrote to memory of 2580	844	e03503b072a7baf1e51c62174c31be41.exe	30
PID 844 wrote to memory of 2580	844	e03503b072a7baf1e51c62174c31be41.exe	30
PID 844 wrote to memory of 2580	844	e03503b072a7baf1e51c62174c31be41.exe	30
PID 844 wrote to memory of 2580	844	e03503b072a7baf1e51c62174c31be41.exe	30
PID 844 wrote to memory of 2592	844	e03503b072a7baf1e51c62174c31be41.exe	31
PID 844 wrote to memory of 2592	844	e03503b072a7baf1e51c62174c31be41.exe	31
PID 844 wrote to memory of 2592	844	e03503b072a7baf1e51c62174c31be41.exe	31
PID 844 wrote to memory of 2592	844	e03503b072a7baf1e51c62174c31be41.exe	31
PID 1288 wrote to memory of 2600	1288	Unicorn-60464.exe	32
PID 1288 wrote to memory of 2600	1288	Unicorn-60464.exe	32
PID 1288 wrote to memory of 2600	1288	Unicorn-60464.exe	32
PID 1288 wrote to memory of 2600	1288	Unicorn-60464.exe	32
PID 2972 wrote to memory of 2668	2972	Unicorn-50075.exe	33
PID 2972 wrote to memory of 2668	2972	Unicorn-50075.exe	33
PID 2972 wrote to memory of 2668	2972	Unicorn-50075.exe	33
PID 2972 wrote to memory of 2668	2972	Unicorn-50075.exe	33
PID 2580 wrote to memory of 1988	2580	Unicorn-45560.exe	34
PID 2580 wrote to memory of 1988	2580	Unicorn-45560.exe	34
PID 2580 wrote to memory of 1988	2580	Unicorn-45560.exe	34
PID 2580 wrote to memory of 1988	2580	Unicorn-45560.exe	34
PID 2600 wrote to memory of 3036	2600	Unicorn-61484.exe	35
PID 2600 wrote to memory of 3036	2600	Unicorn-61484.exe	35
PID 2600 wrote to memory of 3036	2600	Unicorn-61484.exe	35
PID 2600 wrote to memory of 3036	2600	Unicorn-61484.exe	35
PID 1288 wrote to memory of 1692	1288	Unicorn-60464.exe	36
PID 1288 wrote to memory of 1692	1288	Unicorn-60464.exe	36
PID 1288 wrote to memory of 1692	1288	Unicorn-60464.exe	36
PID 1288 wrote to memory of 1692	1288	Unicorn-60464.exe	36
PID 1988 wrote to memory of 2980	1988	Unicorn-53316.exe	37
PID 1988 wrote to memory of 2980	1988	Unicorn-53316.exe	37
PID 1988 wrote to memory of 2980	1988	Unicorn-53316.exe	37
PID 1988 wrote to memory of 2980	1988	Unicorn-53316.exe	37
PID 2580 wrote to memory of 1412	2580	Unicorn-45560.exe	38
PID 2580 wrote to memory of 1412	2580	Unicorn-45560.exe	38
PID 2580 wrote to memory of 1412	2580	Unicorn-45560.exe	38
PID 2580 wrote to memory of 1412	2580	Unicorn-45560.exe	38
PID 1288 wrote to memory of 2496	1288	Unicorn-60464.exe	39
PID 1288 wrote to memory of 2496	1288	Unicorn-60464.exe	39
PID 1288 wrote to memory of 2496	1288	Unicorn-60464.exe	39
PID 1288 wrote to memory of 2496	1288	Unicorn-60464.exe	39
PID 2580 wrote to memory of 2524	2580	Unicorn-45560.exe	40
PID 2580 wrote to memory of 2524	2580	Unicorn-45560.exe	40
PID 2580 wrote to memory of 2524	2580	Unicorn-45560.exe	40
PID 2580 wrote to memory of 2524	2580	Unicorn-45560.exe	40
PID 3036 wrote to memory of 2848	3036	Unicorn-49315.exe	41
PID 3036 wrote to memory of 2848	3036	Unicorn-49315.exe	41
PID 3036 wrote to memory of 2848	3036	Unicorn-49315.exe	41
PID 3036 wrote to memory of 2848	3036	Unicorn-49315.exe	41
PID 2600 wrote to memory of 1604	2600	Unicorn-61484.exe	42
PID 2600 wrote to memory of 1604	2600	Unicorn-61484.exe	42
PID 2600 wrote to memory of 1604	2600	Unicorn-61484.exe	42
PID 2600 wrote to memory of 1604	2600	Unicorn-61484.exe	42
PID 1692 wrote to memory of 2028	1692	Unicorn-17197.exe	43
PID 1692 wrote to memory of 2028	1692	Unicorn-17197.exe	43
PID 1692 wrote to memory of 2028	1692	Unicorn-17197.exe	43
PID 1692 wrote to memory of 2028	1692	Unicorn-17197.exe	43

C:\Users\Admin\AppData\Local\Temp\e03503b072a7baf1e51c62174c31be41.exe
"C:\Users\Admin\AppData\Local\Temp\e03503b072a7baf1e51c62174c31be41.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        10⤵
        
        PID:352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        10⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        10⤵
        
        PID:848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        10⤵
        Program crash
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        9⤵
        Program crash
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15652.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        10⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        10⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
        9⤵
        Program crash
        
        PID:2544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        8⤵
        Program crash
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        9⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        9⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
        8⤵
        
        PID:860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        8⤵
        Program crash
        
        PID:3092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        7⤵
        Program crash
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27821.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        9⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
        10⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
        10⤵
        Program crash
        
        PID:3412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        9⤵
        Program crash
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        8⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 220
        8⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        9⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        9⤵
        Program crash
        
        PID:3404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
        8⤵
        Program crash
        
        PID:2208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 220
        7⤵
        Program crash
        
        PID:2820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        6⤵
        Program crash
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        9⤵
        
        PID:760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        9⤵
        Program crash
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        9⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
        9⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        8⤵
        Program crash
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36050.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        8⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
        8⤵
        Program crash
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
        7⤵
        Program crash
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        8⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
        8⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        7⤵
        Program crash
        
        PID:2612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        6⤵
        Program crash
        
        PID:2700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        8⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 216
        8⤵
        Program crash
        
        PID:3776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
        7⤵
        Program crash
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        7⤵
        
        PID:3624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        6⤵
        Program crash
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
        8⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 216
        8⤵
        Program crash
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        7⤵
        Program crash
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        7⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        7⤵
        Program crash
        
        PID:3196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 220
        6⤵
        Program crash
        
        PID:2992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        5⤵
        Program crash
        
        PID:2336
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
    3⤵
    - Executes dropped EXE
    PID:2668
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
    3⤵
    - Program crash
    PID:2392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53316.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        8⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
        8⤵
        Program crash
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51017.exe
        7⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        7⤵
        Program crash
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        8⤵
        Program crash
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        7⤵
        Program crash
        
        PID:2216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        6⤵
        Program crash
        
        PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        7⤵
        
        PID:304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        7⤵
        Program crash
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        8⤵
        
        PID:632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        7⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        7⤵
        
        PID:4064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
        6⤵
        Program crash
        
        PID:2016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        5⤵
        Program crash
        
        PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8661.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        8⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        8⤵
        Program crash
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        7⤵
        Program crash
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
        7⤵
        
        PID:328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        7⤵
        Program crash
        
        PID:3972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 220
        6⤵
        Program crash
        
        PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
        6⤵
        Executes dropped EXE
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12226.exe
        7⤵
        
        PID:968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        7⤵
        Program crash
        
        PID:3900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        6⤵
        Program crash
        
        PID:1652
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        5⤵
        Program crash
        
        PID:2316
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        9⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        9⤵
        Program crash
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        8⤵
        Program crash
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34763.exe
        7⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
        8⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        7⤵
        Program crash
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        7⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        7⤵
        Program crash
        
        PID:3784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        6⤵
        Program crash
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
        6⤵
        Program crash
        
        PID:2468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        5⤵
        Program crash
        
        PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
        7⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        7⤵
        Program crash
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53430.exe
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        7⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        7⤵
        Program crash
        
        PID:3420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        6⤵
        Program crash
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
        6⤵
        
        PID:2880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
        6⤵
        Program crash
        
        PID:3176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        5⤵
        Program crash
        
        PID:1764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
      4⤵
      Program crash
      PID:1308
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
  2⤵
  - Program crash
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe

Filesize
184KB

MD5
eda04dc0b3e3543ecf740e2d1154a7a2

SHA1
73a4c23aab3ab1feb822ab6c8052f23db5c12569

SHA256
f0e1f7de4a7c1046415f8d46f71b8549ccf3c127b32caa1d69494d56d12b658d

SHA512
52666fd61249d11c30d50516c74ec83e1a75f94e88bd11b71aafee455408b48fd97c59bb86aabb7675f09188c7af80aef92c9d0e0173dd5042312027884fbe36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe

Filesize
184KB

MD5
9c7d8439c12852a45a6c7a45e7b73ec1

SHA1
fb8106fa872a35f207cdbaf01f699cd0b33d0fd1

SHA256
98c76e09a57ff6919ca8d92331d938ebcfcf56ffe06943d60f2a1a07b0c0a194

SHA512
f82e8726aecaf4ed0f8f019dadef6a720d272c2cb0497660bcc1b39d2dd0090f3e8311c9edc38b87ee21873c8dd98bf546e3f119b593e929fa352f1c364989ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe

Filesize
184KB

MD5
045905b14825f2a7e96125cd0774d764

SHA1
604eb7c12b21862f849365e8b0f2c02ad247bc87

SHA256
f899ce156442b15304d2d67d2955f9073ba5438b12bad727c315eabeb0f8d70d

SHA512
575c85be2d516a8d7aa79a83288eab0cb421a561e3f983cf30a34707b7a68813bcdc6a7a9b41e66a6b04716ca974a73f00616a48a449ce5f5d89024c90682232

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53316.exe

Filesize
184KB

MD5
175fa9c004ef7fee70c3dd0e9c8a5f9a

SHA1
38ddaa31e6cc284461e8a4ed2f9be9d1708b6603

SHA256
41b02419843063ca78543f801d3c7066c9d0614de087c7f26aaf381ee4a3eecc

SHA512
84df67f3383e93f9940ef5472e6a4dc78ef234a575f11a4e356799cd56a250bc3d4cd15214d5d875231ace6cc49a611f003b03bea0eccbcc7cb89ce8306c3941

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe

Filesize
184KB

MD5
5c3a93a1d382718dabeba97bf6442b2c

SHA1
bb3f1d4ce36e78221f1d334d16882f1063d2bf73

SHA256
66422573b72b68a2a14e80c53258795f0c64cb77c2672de24d7f5456ca115839

SHA512
5de98fcb1f1ad1c2080afc1c16297d6d76547f7c6f139c4f81a0877b2f997ae41a22382c2141d1299eda3ae2426d48ebf577ec01085b8cdd5e7ad7d6b8dddfa0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe

Filesize
184KB

MD5
873d2c02f88cf9fd51327252213c254d

SHA1
a359a9b7055c9d2761cd04733f4009382631b7ac

SHA256
01dfe751345b407053e3fb12f1a262e6a2650ad0f649acf7054ce9f824423dd5

SHA512
a044cc0737afe412d894d3ba18e2b3bf44ef1b62bf22094f86b70d41fe64cc782005b23733a66b25fee144daaff3a72b3a37e128c22060d4a19b243ffe0ea673

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe

Filesize
184KB

MD5
0efbf958b003b127949f937153d8da4e

SHA1
03c1db7d2568b2c3fb03f8949034e4d553b159e4

SHA256
31fc980ec0e79b3a550ecd1f9249b5252dd738a34f18ae7455feda336ed01ae7

SHA512
b04dae58d9f5664bc9ad44ec63277ec7af2666a33deaec0280db8606535d2f5b056b2ce54fa9892df6d1b78d8741663fe0074762d4e1e6072cd5343eb0301ae5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe

Filesize
184KB

MD5
f65f07d2b271f68da66239cfd0ec8207

SHA1
3aa160fc8b2611c01163021676f28ce206e3352c

SHA256
2396ab85362292b35bc869fb5693a6e538b2dc092dedd483266513c9b92600b5

SHA512
fdee384e9252ea0a21351aeb2cfcb3135ef81a4f55ff9d6bc739328521d45c3f8bef3eb76e395b4e4ebdc31adf6963adcd1c7d03d74c7a5db7d5a9769837c900

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe

Filesize
184KB

MD5
30f93297a9fe71b1389fa457391d1693

SHA1
9ea324e359a3e982aa5007ecf69544c3d2feba69

SHA256
3881a2794919273da70b245e6b6d28b162ca995ba18e7d458e724de031bd7a2d

SHA512
cce55ecfec905dbfab9628b1a1316edf80e8146988f80f83bd339b56698fff4488bed45265c6d9b0b9761150cae2933a730d0e4c59f364b307c675c1d8af11e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe

Filesize
184KB

MD5
853ea5b072354fa0f7435679edb1c6e8

SHA1
28ddb35e3eae96b9f194f6906a1716fa84b98fdc

SHA256
e28cae91be7f715c9c84f4ea0e3341e0eff5f93248bf20800824ebee90f1191c

SHA512
73220fda1d103d36672f75e209f2a0479b8d532bf22acf9a753850f65dcb73054689a169b4d281fe65417559c1fde3941db780cd353191cd4d07bd68d9076d07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe

Filesize
184KB

MD5
c2fd20281333f11e96530e7963177815

SHA1
48ec1cbe14a99b0337499579378f5d431ffcdda1

SHA256
4cbe877bde3bfa9a1b2c775759015b42a4effcac0b241012853198f837f3d1ce

SHA512
63f9927e6a9634a85387a40deddcad8b274c354dfb78e98a7e6a198c9b0bd1bee9b1440757bdfde68037236a658ef6ca0a17572cf53ff25ff91128cce6c362de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe

Filesize
184KB

MD5
71f5f2a04ae72192137dbffec54ff0bd

SHA1
f01549d5545acb21ab867bb09d0ce1a777ce338e

SHA256
f76f324087ec43ddb70b8358055ba0f5041dee4b9a54dc1d0388d5bdd9d3d78d

SHA512
658cfe71a334bb84ed21269bc9621e5fc63fa5fe17d198d3b4d7368cac3492996482308fa4f2d98148eb93619b9f8280a7f33dff7b925f6f1eb81d80957b874d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe

Filesize
184KB

MD5
175182793475b7580ef5bae1d8c70fb4

SHA1
edea519f9270b4903cd10cdde56a6691cd11b18c

SHA256
7f2cbd43db715f7345ad64d0f799ab1ec6e5018617bdce99389e54bcd1a959b8

SHA512
7ab517a2856ddea03cb196aa6285a494d3a2a333f84245f3a22e251fc8375ab3a9fff4abcd0c84fa7b04a429fbd412730890c74dbb783fc2833caf962aee65d4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads