0e99d124060b1c03ba59c41b785925a0e45b50064f0dc5ceb60fca12bbf87029

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eca07c8ebdcb1623b6ef485f19b667ee.exe
Size

184KB
MD5

eca07c8ebdcb1623b6ef485f19b667ee
SHA1

5ed0afcc6c18765630e831571c95538ff277f892
SHA256

0e99d124060b1c03ba59c41b785925a0e45b50064f0dc5ceb60fca12bbf87029
SHA512

90d832896c481de6ad0ebb9daa889574293f83dae47f581e4c5eca75003af25bf66d6c00e0c03ff89ee35647d22fc5cb84557c4e57dd64afaa97cb832b6ed9f9
SSDEEP

3072:VNW8ol85QKAGVUjP8tvKr863L566epfbRO+x8rIj1/dPvpFk:VNloj/GVe85Kr8zzqa/dPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1920	Unicorn-51034.exe
2160	Unicorn-36940.exe
1260	Unicorn-33602.exe
2476	Unicorn-53873.exe
2580	Unicorn-25839.exe
1392	Unicorn-40163.exe
2772	Unicorn-47625.exe
1812	Unicorn-7106.exe
2812	Unicorn-33204.exe
2928	Unicorn-21698.exe
1124	Unicorn-9275.exe
1852	Unicorn-46779.exe
2252	Unicorn-3157.exe
1980	Unicorn-16540.exe
1296	Unicorn-60033.exe
2276	Unicorn-18809.exe
2144	Unicorn-39975.exe
1880	Unicorn-2472.exe
920	Unicorn-54299.exe
2908	Unicorn-1761.exe
2884	Unicorn-37963.exe
2668	Unicorn-62275.exe
892	Unicorn-17905.exe
1972	Unicorn-37771.exe
1584	Unicorn-52690.exe
2020	Unicorn-64387.exe
2220	Unicorn-47859.exe
2524	Unicorn-3489.exe
2468	Unicorn-27268.exe
2464	Unicorn-53204.exe
3020	Unicorn-27076.exe
1740	Unicorn-29188.exe
896	Unicorn-962.exe
1168	Unicorn-20828.exe
2824	Unicorn-13043.exe
1636	Unicorn-26042.exe
2972	Unicorn-12851.exe
2312	Unicorn-1346.exe
2732	Unicorn-45716.exe
2944	Unicorn-3723.exe
1232	Unicorn-60900.exe
1900	Unicorn-49203.exe
2404	Unicorn-44564.exe
2400	Unicorn-49779.exe
1128	Unicorn-25462.exe
1816	Unicorn-36356.exe
1804	Unicorn-31718.exe
2704	Unicorn-43756.exe
2608	Unicorn-54385.exe
2452	Unicorn-63622.exe
956	Unicorn-9823.exe
2428	Unicorn-13352.exe
1648	Unicorn-13736.exe
1708	Unicorn-7680.exe
1628	Unicorn-36631.exe
2248	Unicorn-32377.exe
1776	Unicorn-48713.exe
1196	Unicorn-7872.exe
2384	Unicorn-27695.exe
1140	Unicorn-64089.exe
2040	Unicorn-23118.exe
1728	Unicorn-42984.exe
2820	Unicorn-41566.exe
2440	Unicorn-44712.exe

Loads dropped DLL 64 IoCs

pid	Process
2348	eca07c8ebdcb1623b6ef485f19b667ee.exe
2348	eca07c8ebdcb1623b6ef485f19b667ee.exe
1920	Unicorn-51034.exe
1920	Unicorn-51034.exe
2348	eca07c8ebdcb1623b6ef485f19b667ee.exe
2348	eca07c8ebdcb1623b6ef485f19b667ee.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2160	Unicorn-36940.exe
2160	Unicorn-36940.exe
1920	Unicorn-51034.exe
1920	Unicorn-51034.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2476	Unicorn-53873.exe
2476	Unicorn-53873.exe
2160	Unicorn-36940.exe
2160	Unicorn-36940.exe
2580	Unicorn-25839.exe
2580	Unicorn-25839.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
1392	Unicorn-40163.exe
1392	Unicorn-40163.exe
2476	Unicorn-53873.exe
2476	Unicorn-53873.exe
2772	Unicorn-47625.exe
2772	Unicorn-47625.exe
2580	Unicorn-25839.exe
2580	Unicorn-25839.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
1476	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2652	1260	WerFault.exe	30
2724	1920	WerFault.exe	28
840	2160	WerFault.exe	29
1544	1812	WerFault.exe	37
1308	2348	WerFault.exe	1
564	2476	WerFault.exe	32
1476	2580	WerFault.exe	33
972	1392	WerFault.exe	35
1028	2772	WerFault.exe	36
2920	2812	WerFault.exe	43
2268	2928	WerFault.exe	39
2456	1124	WerFault.exe	40
2968	1852	WerFault.exe	41
1772	2252	WerFault.exe	47
1820	1980	WerFault.exe	49
2896	1296	WerFault.exe	48
1540	2276	WerFault.exe	50
1156	2144	WerFault.exe	52
2644	1880	WerFault.exe	51
2600	1140	WerFault.exe	106
2068	920	WerFault.exe	57
1212	2668	WerFault.exe	63
1612	2908	WerFault.exe	55
2672	892	WerFault.exe	60
2816	2524	WerFault.exe	64
2756	1584	WerFault.exe	59
612	2468	WerFault.exe	67
3112	2464	WerFault.exe	69
3148	3020	WerFault.exe	70
3236	2020	WerFault.exe	61
3300	2884	WerFault.exe	56
3544	2400	WerFault.exe	83
3556	2404	WerFault.exe	82
3668	2972	WerFault.exe	77
3676	1740	WerFault.exe	72
3884	956	WerFault.exe	97
3932	1168	WerFault.exe	74
3976	2944	WerFault.exe	80
4020	2608	WerFault.exe	95
4068	2220	WerFault.exe	62
4092	1972	WerFault.exe	58
3188	1128	WerFault.exe	87
3500	1816	WerFault.exe	90
3596	1900	WerFault.exe	84
3684	2428	WerFault.exe	98
3756	1636	WerFault.exe	75
3900	1648	WerFault.exe	99
3080	2824	WerFault.exe	73
3804	2452	WerFault.exe	96
3912	1232	WerFault.exe	81
4116	1708	WerFault.exe	100
4152	1628	WerFault.exe	101
4168	2732	WerFault.exe	78
4388	896	WerFault.exe	76
4420	1196	WerFault.exe	104
4480	2384	WerFault.exe	105
4568	1256	WerFault.exe	123
4592	2040	WerFault.exe	107
4696	1804	WerFault.exe	92
4428	2704	WerFault.exe	94
4460	1728	WerFault.exe	108
4452	2976	WerFault.exe	117
4512	2440	WerFault.exe	111
4496	2312	WerFault.exe	79

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2348	eca07c8ebdcb1623b6ef485f19b667ee.exe
1920	Unicorn-51034.exe
2160	Unicorn-36940.exe
1260	Unicorn-33602.exe
2476	Unicorn-53873.exe
2580	Unicorn-25839.exe
1392	Unicorn-40163.exe
2772	Unicorn-47625.exe
1812	Unicorn-7106.exe
2812	Unicorn-33204.exe
2928	Unicorn-21698.exe
1124	Unicorn-9275.exe
1852	Unicorn-46779.exe
2252	Unicorn-3157.exe
1980	Unicorn-16540.exe
1296	Unicorn-60033.exe
2276	Unicorn-18809.exe
2144	Unicorn-39975.exe
1880	Unicorn-2472.exe
920	Unicorn-54299.exe
2908	Unicorn-1761.exe
2884	Unicorn-37963.exe
892	Unicorn-17905.exe
2668	Unicorn-62275.exe
1972	Unicorn-37771.exe
1584	Unicorn-52690.exe
2020	Unicorn-64387.exe
2220	Unicorn-47859.exe
2524	Unicorn-3489.exe
2468	Unicorn-27268.exe
2464	Unicorn-53204.exe
3020	Unicorn-27076.exe
1740	Unicorn-29188.exe
1168	Unicorn-20828.exe
896	Unicorn-962.exe
2824	Unicorn-13043.exe
1636	Unicorn-26042.exe
2312	Unicorn-1346.exe
2972	Unicorn-12851.exe
1232	Unicorn-60900.exe
2732	Unicorn-45716.exe
2944	Unicorn-3723.exe
2404	Unicorn-44564.exe
1900	Unicorn-49203.exe
2400	Unicorn-49779.exe
1128	Unicorn-25462.exe
1816	Unicorn-36356.exe
1804	Unicorn-31718.exe
2704	Unicorn-43756.exe
2452	Unicorn-63622.exe
2608	Unicorn-54385.exe
956	Unicorn-9823.exe
2428	Unicorn-13352.exe
1648	Unicorn-13736.exe
1708	Unicorn-7680.exe
1628	Unicorn-36631.exe
2248	Unicorn-32377.exe
1776	Unicorn-48713.exe
1196	Unicorn-7872.exe
2384	Unicorn-27695.exe
1140	Unicorn-64089.exe
1728	Unicorn-42984.exe
2040	Unicorn-23118.exe
2820	Unicorn-41566.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1920	2348	eca07c8ebdcb1623b6ef485f19b667ee.exe	28
PID 2348 wrote to memory of 1920	2348	eca07c8ebdcb1623b6ef485f19b667ee.exe	28
PID 2348 wrote to memory of 1920	2348	eca07c8ebdcb1623b6ef485f19b667ee.exe	28
PID 2348 wrote to memory of 1920	2348	eca07c8ebdcb1623b6ef485f19b667ee.exe	28
PID 1920 wrote to memory of 2160	1920	Unicorn-51034.exe	29
PID 1920 wrote to memory of 2160	1920	Unicorn-51034.exe	29
PID 1920 wrote to memory of 2160	1920	Unicorn-51034.exe	29
PID 1920 wrote to memory of 2160	1920	Unicorn-51034.exe	29
PID 2348 wrote to memory of 1260	2348	eca07c8ebdcb1623b6ef485f19b667ee.exe	30
PID 2348 wrote to memory of 1260	2348	eca07c8ebdcb1623b6ef485f19b667ee.exe	30
PID 2348 wrote to memory of 1260	2348	eca07c8ebdcb1623b6ef485f19b667ee.exe	30
PID 2348 wrote to memory of 1260	2348	eca07c8ebdcb1623b6ef485f19b667ee.exe	30
PID 1260 wrote to memory of 2652	1260	Unicorn-33602.exe	31
PID 1260 wrote to memory of 2652	1260	Unicorn-33602.exe	31
PID 1260 wrote to memory of 2652	1260	Unicorn-33602.exe	31
PID 1260 wrote to memory of 2652	1260	Unicorn-33602.exe	31
PID 2160 wrote to memory of 2476	2160	Unicorn-36940.exe	32
PID 2160 wrote to memory of 2476	2160	Unicorn-36940.exe	32
PID 2160 wrote to memory of 2476	2160	Unicorn-36940.exe	32
PID 2160 wrote to memory of 2476	2160	Unicorn-36940.exe	32
PID 1920 wrote to memory of 2580	1920	Unicorn-51034.exe	33
PID 1920 wrote to memory of 2580	1920	Unicorn-51034.exe	33
PID 1920 wrote to memory of 2580	1920	Unicorn-51034.exe	33
PID 1920 wrote to memory of 2580	1920	Unicorn-51034.exe	33
PID 1920 wrote to memory of 2724	1920	Unicorn-51034.exe	34
PID 1920 wrote to memory of 2724	1920	Unicorn-51034.exe	34
PID 1920 wrote to memory of 2724	1920	Unicorn-51034.exe	34
PID 1920 wrote to memory of 2724	1920	Unicorn-51034.exe	34
PID 2476 wrote to memory of 1392	2476	Unicorn-53873.exe	35
PID 2476 wrote to memory of 1392	2476	Unicorn-53873.exe	35
PID 2476 wrote to memory of 1392	2476	Unicorn-53873.exe	35
PID 2476 wrote to memory of 1392	2476	Unicorn-53873.exe	35
PID 2160 wrote to memory of 2772	2160	Unicorn-36940.exe	36
PID 2160 wrote to memory of 2772	2160	Unicorn-36940.exe	36
PID 2160 wrote to memory of 2772	2160	Unicorn-36940.exe	36
PID 2160 wrote to memory of 2772	2160	Unicorn-36940.exe	36
PID 2580 wrote to memory of 1812	2580	Unicorn-25839.exe	37
PID 2580 wrote to memory of 1812	2580	Unicorn-25839.exe	37
PID 2580 wrote to memory of 1812	2580	Unicorn-25839.exe	37
PID 2580 wrote to memory of 1812	2580	Unicorn-25839.exe	37
PID 2160 wrote to memory of 840	2160	Unicorn-36940.exe	38
PID 2160 wrote to memory of 840	2160	Unicorn-36940.exe	38
PID 2160 wrote to memory of 840	2160	Unicorn-36940.exe	38
PID 2160 wrote to memory of 840	2160	Unicorn-36940.exe	38
PID 1392 wrote to memory of 2812	1392	Unicorn-40163.exe	43
PID 1392 wrote to memory of 2812	1392	Unicorn-40163.exe	43
PID 1392 wrote to memory of 2812	1392	Unicorn-40163.exe	43
PID 1392 wrote to memory of 2812	1392	Unicorn-40163.exe	43
PID 2476 wrote to memory of 2928	2476	Unicorn-53873.exe	39
PID 2476 wrote to memory of 2928	2476	Unicorn-53873.exe	39
PID 2476 wrote to memory of 2928	2476	Unicorn-53873.exe	39
PID 2476 wrote to memory of 2928	2476	Unicorn-53873.exe	39
PID 2772 wrote to memory of 1124	2772	Unicorn-47625.exe	40
PID 2772 wrote to memory of 1124	2772	Unicorn-47625.exe	40
PID 2772 wrote to memory of 1124	2772	Unicorn-47625.exe	40
PID 2772 wrote to memory of 1124	2772	Unicorn-47625.exe	40
PID 1812 wrote to memory of 1544	1812	Unicorn-7106.exe	42
PID 1812 wrote to memory of 1544	1812	Unicorn-7106.exe	42
PID 1812 wrote to memory of 1544	1812	Unicorn-7106.exe	42
PID 1812 wrote to memory of 1544	1812	Unicorn-7106.exe	42
PID 2580 wrote to memory of 1852	2580	Unicorn-25839.exe	41
PID 2580 wrote to memory of 1852	2580	Unicorn-25839.exe	41
PID 2580 wrote to memory of 1852	2580	Unicorn-25839.exe	41
PID 2580 wrote to memory of 1852	2580	Unicorn-25839.exe	41

C:\Users\Admin\AppData\Local\Temp\eca07c8ebdcb1623b6ef485f19b667ee.exe
"C:\Users\Admin\AppData\Local\Temp\eca07c8ebdcb1623b6ef485f19b667ee.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
        11⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        12⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        13⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 380
        13⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 376
        12⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 376
        11⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49242.exe
        10⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        11⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        12⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        13⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
        14⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 376
        13⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 376
        12⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 388
        11⤵
        Program crash
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 380
        10⤵
        Program crash
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
        11⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        12⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 380
        12⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 376
        11⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 380
        10⤵
        Program crash
        
        PID:3500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 376
        9⤵
        Program crash
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        11⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
        12⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        13⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 376
        12⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 376
        11⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 376
        10⤵
        Program crash
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 376
        9⤵
        Program crash
        
        PID:3112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 376
        8⤵
        Program crash
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        11⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
        12⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 376
        12⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 376
        11⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 376
        10⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 376
        9⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41345.exe
        10⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        11⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        12⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 376
        11⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 376
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 376
        9⤵
        Program crash
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 368
        8⤵
        Program crash
        
        PID:1612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 380
        7⤵
        Program crash
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29188.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        10⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        11⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        12⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        13⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 376
        13⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 376
        12⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 376
        11⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 380
        10⤵
        Program crash
        
        PID:4460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 380
        9⤵
        Program crash
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17951.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        10⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        11⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 380
        11⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 376
        10⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 376
        9⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 376
        8⤵
        Program crash
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        10⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        11⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 376
        11⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 376
        10⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 376
        9⤵
        Program crash
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        9⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 380
        9⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 376
        8⤵
        Program crash
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 376
        7⤵
        Program crash
        
        PID:1820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 380
        6⤵
        Program crash
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54385.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        10⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        11⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        12⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 376
        12⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 376
        11⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 376
        10⤵
        Program crash
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
        9⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        10⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        11⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 376
        11⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 376
        10⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 376
        9⤵
        Program crash
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        9⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44375.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        11⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 376
        11⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 376
        10⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 368
        9⤵
        Program crash
        
        PID:3884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 376
        8⤵
        Program crash
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        11⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 376
        11⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 376
        10⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 376
        9⤵
        Program crash
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        10⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 376
        10⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 376
        9⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 376
        8⤵
        Program crash
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 376
        7⤵
        Program crash
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17905.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45716.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        10⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        11⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        12⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 376
        11⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 368
        10⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 376
        9⤵
        Program crash
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        8⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 376
        10⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 376
        9⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 376
        8⤵
        Program crash
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36631.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14857.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        10⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
        11⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 376
        10⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 376
        9⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 376
        8⤵
        Program crash
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 372
        7⤵
        Program crash
        
        PID:2672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 380
        6⤵
        Program crash
        
        PID:2268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 380
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        9⤵
        Executes dropped EXE
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        10⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61272.exe
        11⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4974.exe
        12⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 376
        12⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 376
        11⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 380
        10⤵
        Program crash
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 368
        9⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33590.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2457.exe
        10⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 376
        10⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 380
        9⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 376
        8⤵
        Program crash
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
        10⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
        11⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 380
        11⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 376
        10⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 380
        9⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 376
        8⤵
        Program crash
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 376
        7⤵
        Program crash
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        9⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36990.exe
        10⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 376
        10⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 376
        9⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 376
        8⤵
        Program crash
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        10⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        11⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        12⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 376
        11⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 356
        10⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 380
        9⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 376
        8⤵
        Program crash
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 376
        7⤵
        Program crash
        
        PID:2756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 376
        6⤵
        Program crash
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3723.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
        10⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        11⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 376
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 376
        9⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 376
        8⤵
        Program crash
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42956.exe
        10⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 376
        10⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 380
        9⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 376
        8⤵
        Program crash
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 380
        7⤵
        Program crash
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 188
        8⤵
        Program crash
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 376
        7⤵
        Program crash
        
        PID:3596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 380
        6⤵
        Program crash
        
        PID:1156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 376
        5⤵
        Program crash
        
        PID:1028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        11⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 376
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 376
        10⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 380
        9⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 376
        8⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53498.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
        9⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 376
        9⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 380
        8⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 372
        7⤵
        Program crash
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        9⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 376
        9⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 376
        8⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 380
        7⤵
        Program crash
        
        PID:4496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 368
        6⤵
        Program crash
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        9⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        10⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 376
        10⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 376
        9⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 376
        8⤵
        Program crash
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        9⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 376
        9⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 376
        8⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 376
        7⤵
        Program crash
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15516.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        9⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 376
        9⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 376
        8⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 376
        7⤵
        Program crash
        
        PID:4592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 368
        6⤵
        Program crash
        
        PID:2816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 380
        5⤵
        Program crash
        
        PID:2968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:1476
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 200
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2652
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 380
  2⤵
  - Program crash
  PID:1308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe

Filesize
93KB

MD5
dcbfa383b5b3fd8340a1af06203e3cd4

SHA1
8bdafa9f1955d1016f6c4b1b330d6825ac67e565

SHA256
c51f80aa2e71f351554c31a40a22780936fcd904cd1845fc13dd62b807277a51

SHA512
07b55b19870fe723dae6a1abe378311ba4373dc514d646ba20f33f2c245433add6e17ff03913bc2a7911ef5dd0eefefe8dac5abb2a22b89d9fc380c1b74e7b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe

Filesize
184KB

MD5
6979523ff33afa9811c0b32d4d07bea4

SHA1
f03da7c0d960716f53d462e589f7565bc6479870

SHA256
7e090ec95d40eeb4dd3aee9265e5f6afba7ab21b86bdfad859a05ad571590afc

SHA512
1254d417b10046e492deb7042c0a4f68a0718befcb2f8ba8d0d0db00c45ef80a98bcd7ae446cf81ea4b37b203d7a4967608ed2aa5a8275808c8bbb9ef85a62d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe

Filesize
93KB

MD5
f1bba42009e2b42fb7b1e2e141c5b842

SHA1
33a285563f7e0557c683feaad787ac333aed4085

SHA256
dcf1496bf8ee09c760a008449b3882efda3fc4fb985bc211d968510ec638b703

SHA512
259764d9bd8ccbcd8744917c25ed44cc2c053116345ae50594269a066fe38128fd2ca9ba124527035ce8f0a4f7a422532de161eca22d8587bde9b08c2a82865f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe

Filesize
184KB

MD5
9065c0b8942db5f8828a10946b43d960

SHA1
8d8acdda75907fcf473297c2f9a2510e38719ba9

SHA256
92cff918be1f9b7e4705cd1a3d6160796f5511cd8211516aa0ea4527ea54cdae

SHA512
04cd7f5297c05d64cdc02b4d6ecd2893778972f7c631aef35bd47fd917129e809c5c06aa504028e033e03f87e79a8f3bf81763307d33ce738b05b061170bb6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe

Filesize
92KB

MD5
39a280e31a83250beae795e1e131e647

SHA1
18465009267f4a6b84bdfeb0515b29ae6c13d3ad

SHA256
217a3021959133fb555053688def7b973389320748599241874b0d04ee35bbd8

SHA512
828bfa9e0591a3a1c4056f4911dffeda79f4e6fd9efac532b9f53ef28a89067aae63f90de9e7e7bf3db504c790d2850ec6b02688749b989facb41900312c5186

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe

Filesize
79KB

MD5
cbb66c503066b77888bcfa2c879717f1

SHA1
c75599d0862371b7d67f1235238c9607c36ea6a4

SHA256
7cf94b2edc3907b77716c1bdbde07fc3bc78dcbaec4ed7b44b815b5df51798c9

SHA512
f4ca2b7fcd471f76c07d6baac8fdb92652d69a50969e865160f3a34b28ef9dacaedbbb9fe4b68105adc072a866c92171b49c59371a77b9d21d3a177ef3956bf8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe

Filesize
184KB

MD5
10c0c3dd4313e54d77d783e137b8e9cb

SHA1
646cc98f74bd4446e7bde940eca3b08fb3bd9f00

SHA256
6cf464262ec47e4b967e54deb9cf7cd108deef2b6fdb8e3598a1489be5013f5b

SHA512
2fa9ec0a7b642bf2d25b0948dbe1e52d24a5ad76539cb8ec392ccccb83019a8299bcee4434d30b149a23904d5c18028f9459561991de9f41b9c8fc577e061d50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe

Filesize
103KB

MD5
285274439d9bb2328888c7e28c0f3bd8

SHA1
6a9229c502ce4c62891095d55ec9363ef7d858ae

SHA256
b3e80d84d842e5a712e16291fa6b9c05db54a8e2d8554285d9c9be05d5c363e1

SHA512
2f3468e850daeb68f26c6eeb158cbaae84c2e5c6864d34a49cc036951bf715a5c7103ef25a05e11837d11fe31670dd8fa3a3bbcaedd5955239631b6fa93870f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe

Filesize
184KB

MD5
c5a3c980b664b36f1e69e6d85aa6f407

SHA1
030dca1543f9b9685a4643f7b8d9f68dace4270f

SHA256
0b6f85b08f759e8fb3db501c44619cc76bba1c13f029ab41ee6c43a27e8f3a13

SHA512
1b3ea7e623ee68dc0bdf353faaaad8ef4ad1a4ba7ce6ac51f895fa7ddec0f9e2e30d2da19bcf664b6533deeb0f3c7d68051b5575515bb7a3398144fd68d4181f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe

Filesize
184KB

MD5
094472bdfbb25da47203273b27ee6a81

SHA1
eccae1112a89208226083d25b8059e3db6e84d6d

SHA256
a9fb87bbaa21f72fe6581a08d3d0e3421d713c1e5446aaa596bc800c2f12833e

SHA512
59fd9e390aaa1fc1c571caee2995b82ca5af41f500214110b4edb0895c3c29539d23adcfa2f8653d11af466d9e1d3c38e85b6afa6adfc08921c3f5017fd49e2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe

Filesize
184KB

MD5
3fc2f834800bc21644227fdd2e67ee73

SHA1
917ad07a65e44a9ff6d4663b364d9600a6498c3e

SHA256
33b06c7c84c2efeaa86f74a9624c509e14ddba65bf98202e3f491a0b22aeaeb6

SHA512
ef6e0e26c830048f3e44fcf574e75bd5ea6b9bcecfe2a5dca28a4a1540d1e405410a3a770fe7996d680496af3263f71b5e8b9be85115630e0626211e505f301e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe

Filesize
184KB

MD5
bad5a7e141b3962310c5a4fa9dc1c9a2

SHA1
15af24f75a4324f04bb82169973c55223ec7dacf

SHA256
87bed2afda761a61cc201db41049e718c97d8abd727ffd24c2ec3beb21ab9153

SHA512
297dd5b10aff0ddc3dc1545a812176f47653ffbae32ff124d4e2945a0486635f1e39673cf60466f26daf6f14b60ed996a0b41f1f8e736413c69a63768a6d2774

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe

Filesize
184KB

MD5
8123674709ee7cd3144e4526b5c9d70b

SHA1
b96375b665ad34beeb262734e994ab3062ca7fca

SHA256
79037716d165c601f4452836647e72e77776a360b28b4bc8a573894b5d2d2f07

SHA512
92d4bdc6fc6fa1ac460384a4f571907f38d7a9c7198c7837e1c8bfd4b4327b8d1a1da44a28234917f955ea66917b458fe602a8296ab438037dbbfbc09d3fac24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe

Filesize
184KB

MD5
ba5269014e7478f6879ccdb88c760293

SHA1
15396becc4e2d0a2cae009a04b9e1bc82285e729

SHA256
d8930c646f3a1a66762a96775f66060c19512f6481f81c9978db1f78c1c8c79a

SHA512
3728fc9ea9e7bdd2d6fcc964f4e3ebe5e9500867c66e764c30898ad6152211ef9d1530518493abdb5d5e4f973a2700dd030756b4c05b23b7d5c40fc45a1a70a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe

Filesize
184KB

MD5
b7a53673d1fc7d26fb7ebbaf3c987b3b

SHA1
cb5233ec914ea83bdb48645d16b92e0e4840f108

SHA256
e2d71f07c5aa854ff1c605b36575b02d9446e2b7bbe8ea6038924a01ea2dd454

SHA512
ca868449827cd9a6ad7be75001a9b0808fe422e47a5658882200d90cc92566bef26497c44b8e6092844f8894c1e971ab6cf6e4fc72d6ff1df58ac244a4ed18b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe

Filesize
92KB

MD5
e40a724d26fd190caaed3ebef1c45a4e

SHA1
57dbeed45af92f5937e6f9db0b147d4ba0cf1aa9

SHA256
ead8b8d0d6bc929d6bed0a988c3ebea0257fbb13754b766f01c79d36b17de9a9

SHA512
ddcd4b90772b8d19d80118a1a6dfa11eeca20d24f55ab1bddcc85c56134d50d765290dec5514f30160717068124f88f7f529c2f04d3ec076bb54bc39c056d20c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads