4184002f4c1e40e86c65bedfdaee791c4c072f580abecf7a89b50cc55f6e34bd

Analysis

max time kernel
34s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dec9edea0f2468701e9b2f20f7aeed72.exe
Size

184KB
MD5

dec9edea0f2468701e9b2f20f7aeed72
SHA1

7f19f27ba3e9896e1a165bd1e37961c594e01bde
SHA256

4184002f4c1e40e86c65bedfdaee791c4c072f580abecf7a89b50cc55f6e34bd
SHA512

86a0a35dcb9cdf52a6c94a4166550a9daabadd5d7679d31adbff5822a5507323c28b78d9b0f3c285bf53c00857d1117c31d0680a9165bd8cbcbdcd1460928eef
SSDEEP

3072:QA7aomxH01qTVYjAqUdWnjBLGZR6zw6vaEEx9zPppslPvpMW:QAGoxoTVhq8WnjcMUXslPvpM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1740	Unicorn-35991.exe
2888	Unicorn-30449.exe
2304	Unicorn-2415.exe
2680	Unicorn-9543.exe
2688	Unicorn-47047.exe
2664	Unicorn-50576.exe
2884	Unicorn-39642.exe
1452	Unicorn-3440.exe
924	Unicorn-15137.exe
1496	Unicorn-44473.exe
840	Unicorn-38738.exe
2860	Unicorn-17764.exe
2024	Unicorn-31831.exe
1928	Unicorn-45257.exe
2600	Unicorn-887.exe
1432	Unicorn-4416.exe
2264	Unicorn-4930.exe
1656	Unicorn-21459.exe
1060	Unicorn-26289.exe
972	Unicorn-29819.exe
1420	Unicorn-36185.exe
2932	Unicorn-57120.exe
2504	Unicorn-61951.exe
572	Unicorn-16280.exe
1136	Unicorn-40976.exe
1876	Unicorn-36569.exe
2840	Unicorn-24962.exe
2156	Unicorn-20555.exe
2944	Unicorn-33322.exe
2176	Unicorn-43218.exe
2656	Unicorn-46321.exe
2260	Unicorn-51578.exe
2476	Unicorn-56409.exe
2676	Unicorn-60130.exe
1528	Unicorn-48625.exe
2004	Unicorn-58786.exe
1572	Unicorn-50618.exe
2712	Unicorn-56518.exe
1180	Unicorn-26306.exe
2092	Unicorn-11038.exe
1704	Unicorn-35735.exe
2088	Unicorn-56902.exe
584	Unicorn-31708.exe
1796	Unicorn-28370.exe
1120	Unicorn-13171.exe
1808	Unicorn-13555.exe
808	Unicorn-19455.exe
2320	Unicorn-62481.exe
2516	Unicorn-10135.exe
1840	Unicorn-5688.exe
2668	Unicorn-3887.exe
2536	Unicorn-64785.exe
1884	Unicorn-61448.exe
1548	Unicorn-56809.exe
2308	Unicorn-37135.exe
1860	Unicorn-24329.exe
1244	Unicorn-58262.exe
2068	Unicorn-37052.exe
1512	Unicorn-56918.exe
1932	Unicorn-31345.exe
2052	Unicorn-16078.exe
2796	Unicorn-56041.exe
2700	Unicorn-37436.exe
2228	Unicorn-37436.exe

Loads dropped DLL 64 IoCs

pid	Process
2344	dec9edea0f2468701e9b2f20f7aeed72.exe
2344	dec9edea0f2468701e9b2f20f7aeed72.exe
1740	Unicorn-35991.exe
1740	Unicorn-35991.exe
2344	dec9edea0f2468701e9b2f20f7aeed72.exe
2344	dec9edea0f2468701e9b2f20f7aeed72.exe
2888	Unicorn-30449.exe
2888	Unicorn-30449.exe
1740	Unicorn-35991.exe
1740	Unicorn-35991.exe
2304	Unicorn-2415.exe
2304	Unicorn-2415.exe
1660	WerFault.exe
1660	WerFault.exe
1660	WerFault.exe
1660	WerFault.exe
1660	WerFault.exe
2688	Unicorn-47047.exe
2688	Unicorn-47047.exe
2304	Unicorn-2415.exe
2304	Unicorn-2415.exe
2680	Unicorn-9543.exe
2680	Unicorn-9543.exe
2888	Unicorn-30449.exe
2888	Unicorn-30449.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
2664	Unicorn-50576.exe
2664	Unicorn-50576.exe
2884	Unicorn-39642.exe
2884	Unicorn-39642.exe
2688	Unicorn-47047.exe
2688	Unicorn-47047.exe
1452	Unicorn-3440.exe
1452	Unicorn-3440.exe
2680	Unicorn-9543.exe
2680	Unicorn-9543.exe
1496	Unicorn-44473.exe
1496	Unicorn-44473.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
352	WerFault.exe
352	WerFault.exe
352	WerFault.exe
352	WerFault.exe
1952	WerFault.exe
352	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
840	Unicorn-38738.exe
840	Unicorn-38738.exe

Program crash 62 IoCs

pid	pid_target	Process	procid_target
2648	2344	WerFault.exe	27
1660	1740	WerFault.exe	28
940	2888	WerFault.exe	29
1296	2304	WerFault.exe	30
1952	2664	WerFault.exe	34
352	2688	WerFault.exe	33
1648	2680	WerFault.exe	32
1556	2884	WerFault.exe	36
2460	1496	WerFault.exe	39
2412	924	WerFault.exe	38
2452	1452	WerFault.exe	37
528	840	WerFault.exe	42
1412	2860	WerFault.exe	43
1228	2024	WerFault.exe	44
952	1928	WerFault.exe	45
2968	2600	WerFault.exe	46
880	1432	WerFault.exe	47
2760	2264	WerFault.exe	51
928	1060	WerFault.exe	53
2016	1656	WerFault.exe	52
1308	572	WerFault.exe	58
1680	972	WerFault.exe	54
1980	2932	WerFault.exe	56
3504	1136	WerFault.exe	59
3728	2712	WerFault.exe	76
3940	1704	WerFault.exe	79
4056	2004	WerFault.exe	74
4048	1876	WerFault.exe	60
4040	1808	WerFault.exe	90
2296	2092	WerFault.exe	78
3104	2676	WerFault.exe	72
2044	1796	WerFault.exe	85
2432	2476	WerFault.exe	70
4088	1548	WerFault.exe	98
3140	1120	WerFault.exe	87
3176	1572	WerFault.exe	75
4080	2536	WerFault.exe	96
4072	808	WerFault.exe	91
4064	2156	WerFault.exe	63
4032	2840	WerFault.exe	62
3240	2176	WerFault.exe	65
1608	1528	WerFault.exe	73
3256	2668	WerFault.exe	95
3316	2052	WerFault.exe	105
4152	2504	WerFault.exe	57
4144	584	WerFault.exe	83
4136	1420	WerFault.exe	55
4384	2260	WerFault.exe	67
4376	1812	WerFault.exe	111
4460	1180	WerFault.exe	77
4492	1840	WerFault.exe	94
4484	2320	WerFault.exe	92
4476	2088	WerFault.exe	80
4468	2944	WerFault.exe	64
4452	1512	WerFault.exe	103
4444	1884	WerFault.exe	97
4436	2308	WerFault.exe	99
4428	2516	WerFault.exe	93
4532	2656	WerFault.exe	66
4524	1860	WerFault.exe	100
4924	1204	WerFault.exe	110
4324	3268	WerFault.exe	143

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2344	dec9edea0f2468701e9b2f20f7aeed72.exe
1740	Unicorn-35991.exe
2888	Unicorn-30449.exe
2304	Unicorn-2415.exe
2688	Unicorn-47047.exe
2664	Unicorn-50576.exe
2680	Unicorn-9543.exe
2884	Unicorn-39642.exe
1452	Unicorn-3440.exe
1496	Unicorn-44473.exe
924	Unicorn-15137.exe
840	Unicorn-38738.exe
2860	Unicorn-17764.exe
2024	Unicorn-31831.exe
1928	Unicorn-45257.exe
2600	Unicorn-887.exe
1432	Unicorn-4416.exe
2264	Unicorn-4930.exe
1656	Unicorn-21459.exe
1060	Unicorn-26289.exe
972	Unicorn-29819.exe
1420	Unicorn-36185.exe
572	Unicorn-16280.exe
2932	Unicorn-57120.exe
2504	Unicorn-61951.exe
1136	Unicorn-40976.exe
1876	Unicorn-36569.exe
2840	Unicorn-24962.exe
2156	Unicorn-20555.exe
2944	Unicorn-33322.exe
2176	Unicorn-43218.exe
2656	Unicorn-46321.exe
2476	Unicorn-56409.exe
2260	Unicorn-51578.exe
2676	Unicorn-60130.exe
2004	Unicorn-58786.exe
1528	Unicorn-48625.exe
1572	Unicorn-50618.exe
1180	Unicorn-26306.exe
2712	Unicorn-56518.exe
2092	Unicorn-11038.exe
1704	Unicorn-35735.exe
2088	Unicorn-56902.exe
584	Unicorn-31708.exe
1796	Unicorn-28370.exe
1120	Unicorn-13171.exe
1808	Unicorn-13555.exe
808	Unicorn-19455.exe
2320	Unicorn-62481.exe
2516	Unicorn-10135.exe
1840	Unicorn-5688.exe
2668	Unicorn-3887.exe
2536	Unicorn-64785.exe
1884	Unicorn-61448.exe
1548	Unicorn-56809.exe
2308	Unicorn-37135.exe
1860	Unicorn-24329.exe
1244	Unicorn-58262.exe
2068	Unicorn-37052.exe
1512	Unicorn-56918.exe
1932	Unicorn-31345.exe
2052	Unicorn-16078.exe
2796	Unicorn-56041.exe
2700	Unicorn-37436.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 1740	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	28
PID 2344 wrote to memory of 1740	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	28
PID 2344 wrote to memory of 1740	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	28
PID 2344 wrote to memory of 1740	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	28
PID 1740 wrote to memory of 2888	1740	Unicorn-35991.exe	29
PID 1740 wrote to memory of 2888	1740	Unicorn-35991.exe	29
PID 1740 wrote to memory of 2888	1740	Unicorn-35991.exe	29
PID 1740 wrote to memory of 2888	1740	Unicorn-35991.exe	29
PID 2344 wrote to memory of 2304	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	30
PID 2344 wrote to memory of 2304	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	30
PID 2344 wrote to memory of 2304	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	30
PID 2344 wrote to memory of 2304	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	30
PID 2344 wrote to memory of 2648	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	31
PID 2344 wrote to memory of 2648	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	31
PID 2344 wrote to memory of 2648	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	31
PID 2344 wrote to memory of 2648	2344	dec9edea0f2468701e9b2f20f7aeed72.exe	31
PID 2888 wrote to memory of 2680	2888	Unicorn-30449.exe	32
PID 2888 wrote to memory of 2680	2888	Unicorn-30449.exe	32
PID 2888 wrote to memory of 2680	2888	Unicorn-30449.exe	32
PID 2888 wrote to memory of 2680	2888	Unicorn-30449.exe	32
PID 1740 wrote to memory of 2688	1740	Unicorn-35991.exe	33
PID 1740 wrote to memory of 2688	1740	Unicorn-35991.exe	33
PID 1740 wrote to memory of 2688	1740	Unicorn-35991.exe	33
PID 1740 wrote to memory of 2688	1740	Unicorn-35991.exe	33
PID 2304 wrote to memory of 2664	2304	Unicorn-2415.exe	34
PID 2304 wrote to memory of 2664	2304	Unicorn-2415.exe	34
PID 2304 wrote to memory of 2664	2304	Unicorn-2415.exe	34
PID 2304 wrote to memory of 2664	2304	Unicorn-2415.exe	34
PID 1740 wrote to memory of 1660	1740	Unicorn-35991.exe	35
PID 1740 wrote to memory of 1660	1740	Unicorn-35991.exe	35
PID 1740 wrote to memory of 1660	1740	Unicorn-35991.exe	35
PID 1740 wrote to memory of 1660	1740	Unicorn-35991.exe	35
PID 2688 wrote to memory of 2884	2688	Unicorn-47047.exe	36
PID 2688 wrote to memory of 2884	2688	Unicorn-47047.exe	36
PID 2688 wrote to memory of 2884	2688	Unicorn-47047.exe	36
PID 2688 wrote to memory of 2884	2688	Unicorn-47047.exe	36
PID 2304 wrote to memory of 1452	2304	Unicorn-2415.exe	37
PID 2304 wrote to memory of 1452	2304	Unicorn-2415.exe	37
PID 2304 wrote to memory of 1452	2304	Unicorn-2415.exe	37
PID 2304 wrote to memory of 1452	2304	Unicorn-2415.exe	37
PID 2680 wrote to memory of 924	2680	Unicorn-9543.exe	38
PID 2680 wrote to memory of 924	2680	Unicorn-9543.exe	38
PID 2680 wrote to memory of 924	2680	Unicorn-9543.exe	38
PID 2680 wrote to memory of 924	2680	Unicorn-9543.exe	38
PID 2888 wrote to memory of 1496	2888	Unicorn-30449.exe	39
PID 2888 wrote to memory of 1496	2888	Unicorn-30449.exe	39
PID 2888 wrote to memory of 1496	2888	Unicorn-30449.exe	39
PID 2888 wrote to memory of 1496	2888	Unicorn-30449.exe	39
PID 2888 wrote to memory of 940	2888	Unicorn-30449.exe	40
PID 2888 wrote to memory of 940	2888	Unicorn-30449.exe	40
PID 2888 wrote to memory of 940	2888	Unicorn-30449.exe	40
PID 2888 wrote to memory of 940	2888	Unicorn-30449.exe	40
PID 2304 wrote to memory of 1296	2304	Unicorn-2415.exe	41
PID 2304 wrote to memory of 1296	2304	Unicorn-2415.exe	41
PID 2304 wrote to memory of 1296	2304	Unicorn-2415.exe	41
PID 2304 wrote to memory of 1296	2304	Unicorn-2415.exe	41
PID 2664 wrote to memory of 840	2664	Unicorn-50576.exe	42
PID 2664 wrote to memory of 840	2664	Unicorn-50576.exe	42
PID 2664 wrote to memory of 840	2664	Unicorn-50576.exe	42
PID 2664 wrote to memory of 840	2664	Unicorn-50576.exe	42
PID 2884 wrote to memory of 2860	2884	Unicorn-39642.exe	43
PID 2884 wrote to memory of 2860	2884	Unicorn-39642.exe	43
PID 2884 wrote to memory of 2860	2884	Unicorn-39642.exe	43
PID 2884 wrote to memory of 2860	2884	Unicorn-39642.exe	43

C:\Users\Admin\AppData\Local\Temp\dec9edea0f2468701e9b2f20f7aeed72.exe
"C:\Users\Admin\AppData\Local\Temp\dec9edea0f2468701e9b2f20f7aeed72.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 380
        8⤵
        Program crash
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 380
        7⤵
        Program crash
        
        PID:4136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 380
        6⤵
        Program crash
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16280.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        9⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 380
        9⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        8⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 380
        8⤵
        Program crash
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15252.exe
        8⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 380
        8⤵
        Program crash
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 376
        7⤵
        Program crash
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 380
        7⤵
        Program crash
        
        PID:1608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 380
        6⤵
        Program crash
        
        PID:2968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 376
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        8⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 372
        8⤵
        Program crash
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        7⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 380
        8⤵
        Program crash
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 380
        7⤵
        Program crash
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        7⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 384
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 376
        6⤵
        Program crash
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        8⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 380
        8⤵
        Program crash
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
        8⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 380
        8⤵
        Program crash
        
        PID:4324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 380
        7⤵
        Program crash
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 372
        6⤵
        Program crash
        
        PID:4048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 380
        5⤵
        Program crash
        
        PID:2460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21459.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        9⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 372
        9⤵
        Program crash
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        8⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 380
        8⤵
        Program crash
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
        8⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 380
        8⤵
        Program crash
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 368
        7⤵
        Program crash
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        8⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 380
        8⤵
        Program crash
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        7⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 372
        7⤵
        Program crash
        
        PID:4532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 372
        6⤵
        Program crash
        
        PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13555.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
        8⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 380
        8⤵
        Program crash
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        7⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 380
        7⤵
        Program crash
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        7⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 380
        7⤵
        Program crash
        
        PID:4072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 376
        6⤵
        Program crash
        
        PID:928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 376
        5⤵
        Program crash
        
        PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        8⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 380
        8⤵
        Program crash
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe
        7⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 380
        7⤵
        Program crash
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        7⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 380
        7⤵
        Program crash
        
        PID:4444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 368
        6⤵
        Program crash
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        7⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 380
        7⤵
        Program crash
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        6⤵
        
        PID:1944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 372
        6⤵
        Program crash
        
        PID:2432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 376
        5⤵
        Program crash
        
        PID:1228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 364
      4⤵
      Loads dropped DLL
      Program crash
      PID:352
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        8⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 380
        8⤵
        Program crash
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        7⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 380
        7⤵
        Program crash
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        7⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 380
        7⤵
        Program crash
        
        PID:2044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 376
        6⤵
        Program crash
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
        7⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 380
        7⤵
        Program crash
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
        6⤵
        
        PID:1040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 380
        6⤵
        Program crash
        
        PID:4064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 372
        5⤵
        Program crash
        
        PID:528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 372
      4⤵
      Loads dropped DLL
      Program crash
      PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        8⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 372
        8⤵
        Program crash
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        7⤵
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 372
        7⤵
        Program crash
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        7⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 380
        7⤵
        Program crash
        
        PID:3256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 376
        6⤵
        Program crash
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        6⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
        7⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 380
        7⤵
        Program crash
        
        PID:4924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 380
        6⤵
        Program crash
        
        PID:4476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 380
        5⤵
        Program crash
        
        PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 380
        6⤵
        Program crash
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37436.exe
        5⤵
        Executes dropped EXE
        
        PID:2228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 380
        5⤵
        Program crash
        
        PID:4152
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 376
      4⤵
      Program crash
      PID:2452
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1296
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 372
  2⤵
  - Program crash
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe

Filesize
184KB

MD5
cfc5e4b3597dc8c96bf3d10940d15ae9

SHA1
0de4fe6c0473d09d446205779839bc397ef61420

SHA256
cad60e5cb4beea6cdb5bb6949273dd62c2c47de6ea33e163e91307e1a9583ef7

SHA512
938f0d5672711ef936d950ca7e619393a30225e92fac0fec6f0f3afa86387053761f54c475482698696475090bed6339b982952cacaea7649309b78f14c1d7bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe

Filesize
184KB

MD5
092dbe58fbb5aa624cb66c3acf2f23e6

SHA1
86b18260d500d2b227559415bbd0dbc99306615a

SHA256
fc0defa19823ec847b23b75ba376d485f7954c7f976beaa1b14b535fed0635b8

SHA512
dc23b81d04c9238f3c9220c9b998f7aae11f356086bbeb3438bd01e4fe88493b14c8a96dd8bbe1a1ed0b06712db38f6328441710953455afe384c0809d84c0f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe

Filesize
184KB

MD5
dd2c4b64e3756d19d2e069dbcfeb75a2

SHA1
55a1045a925c4af816505358c91b25af5494c901

SHA256
97a5c9366ea49d4804dc2e4f95c33a68eba97bb63c1a686bed16b68021e42800

SHA512
7cf60e7119cdf61af1de442bc857dbfdb2d783337a8af4d3c053161510ee4db0e4338b692092fd0d034b9cc8d3f563ff84719995f4dee92aaf71106cbe24bf2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe

Filesize
184KB

MD5
768504b250d5f89d69b639bc7fca9743

SHA1
d8f935e494645b44fdcee93a761a6df2442fe3d4

SHA256
9ecc541ec980da01503069417e3437e1538aadce4bb3246f262cf5aaffde740e

SHA512
5768d83ab4afe8dc6ae732db95a65df6cca3cddf87bad345d64ea5adea26fc40cac53bbf4b68e6ab67d37cbc510a9ca879819709cccfc9029f59869e09127fe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe

Filesize
184KB

MD5
465c11abe85b57f0e4e13a840ee92ef8

SHA1
dcf29da7ab31285e1b60791c45a45145f9288fcf

SHA256
ddbb9f82da16569b2908e5e567d22d7d5961a0ce5ad1c42145642c860beaa780

SHA512
e5e5c8f28223dbd581250cdadbb46a591468cf680f4198a99795911c55cc187e0424990f92d507da39226ab34fab8432bdbc477ee68b11e22f1fca30feeee37c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe

Filesize
184KB

MD5
90af9eb1cb4c0d90e1175bfb11019876

SHA1
cbc8b0b16b3617c6a750712d04c0e0e7d9e6ae9e

SHA256
02e42d242b969b8abc5eba7fda139da906641e88232dfb7293b9973c4a3d3438

SHA512
dff8e2d457c5180f70370eebd8695ed66560cd34e573aafe306e88bc0873a66dd2b8567bae1bee647c26b46c31a8909973e510f73e85d7f4c0a33d11590772fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe

Filesize
184KB

MD5
df26b5ce3c1a062054752d407a7ccd73

SHA1
67b955aac6e5c37003eeb0fdcdaea4a3b96cb9eb

SHA256
b350a52c55e91c111a282d1a18fe29f5801a80367106131bc4a383de56b326aa

SHA512
098399037ff2e49a212b3fcac13d33385114a0563f0075cb98c292b5d73e82c086409985d9534c5ddf55e961c7ad3c92f5d3b55def1e216f95cfa74a5d8ef6ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe

Filesize
184KB

MD5
f329cac4eac1799d04f6528c042e3537

SHA1
90aaea5517ffdc5b3aab8fff04514b026b4fe6d4

SHA256
f1c0139eabaa00bb9283c47fe556f8e2bedc52653aa6cc9d343beddd7aa9252b

SHA512
94048b7a52510922c0d6dfa2abd260ceda7946ad88241822dd2c96026f8064ffcfc30130e999f5915a5b13dc85bc304beec6a0b07511cabcfbbb339ada1b589d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe

Filesize
184KB

MD5
c160e1f827258f01a58f36115800f61d

SHA1
cf7e15082b71db9f9d0d19f61333fb7fa0754755

SHA256
28f20f4a7d44f1dead743336c3fb6833627b4936b437dc476773aa1137a8b488

SHA512
e8b7cb5adb40b4d6472a0f6d70df0d54d367d85e6b4832e3236bf648901006800fdecee020dc57fc2f88dd680090b8992e7dbd983934526e926a83110ab5a249

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe

Filesize
184KB

MD5
d195ad8020c01b9a299772e2d6f323a7

SHA1
291fe9eca8463011f8ecfe30b933a3142ae985ef

SHA256
d9a77b2730c20a49096ff535d08eb068b939056f81da76831a0791af70101efe

SHA512
a6e472c7fbf080209771e95b040f5650a24197d0afa3958fb80a7005947b0444fc8de762ce04dac1896d1dd98fc67b7c19ea3fc8aa83a6a5517ce2fa3caeb161

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe

Filesize
184KB

MD5
533fd0ddad39221ff7efcce182c8cf07

SHA1
c942babfc31c8280cc01efc70fc11bbd97eef8d3

SHA256
46dff97d80e5c533b40c1e26b5047a22c4519f5477976a63014aedc364fda6a2

SHA512
c0cb125ebb6c190f203931b347743b07d509752f6c710a45a6e2a958a4e0fd5fa991c7513c7b87ff08dee550069666843ff7d878e89f76eeeed057918925842e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe

Filesize
184KB

MD5
3c3af618784da17bffed4396d2885285

SHA1
ec7f7b77b7f86cfe0288ba21156ba4ce27356129

SHA256
cc46c6dd1822e867ee3b589fe3e973e87ead1ce4c2ae68a37b77a7bc1df9deb4

SHA512
186a836e071689bcdf8b074447def842e7290fcd881dc1ccd0554ffb04bd6d2f635925a4696ea3de846a96866dadf94d6140449b9a2a3c2f9187729810ec4c42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe

Filesize
184KB

MD5
02fc4e1787f8f1afb6f80d60f6c3c2a8

SHA1
fb1a68b586894dcf219b053f957c3327bcbd5013

SHA256
097bfa4d87807c67a05179e153cb2cfa22f4169581272ca421cd5cfc4bd944c0

SHA512
984223c224df4426e26292b0d1e629ee9645d7da9861ad192c3b5e7e07feecfc9f93896675903ee3930d553b29b2781c0e42c950184fc246b8d5547795691ef9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe

Filesize
184KB

MD5
42e499ccceebcb48f9d8643cac87c9ad

SHA1
1ef17930da3e2f5d73a369e12588275cd042c4f0

SHA256
643b51578553d1f47adeaca5b0fc9e0aebc4c988a2d746f1b5093166e708530a

SHA512
d5aa7161fbee8558763ef34a76ad0e803f0f155f67ebc99fb108abd01ae694c955c7152a4ce81f44456e0775021c0ae633f18d585c0928dcdf7b372b01b758e0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads