7231ba7a89930a52aeda12981b602a4de8a366e9fb48202295660edbc210d303

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 09:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

96d54e2c5fa8235e68249e46c3a8b4cf.exe
Size

184KB
MD5

96d54e2c5fa8235e68249e46c3a8b4cf
SHA1

e12db484a0b1e4eb92cd43ccc35b36d2b0ce4eab
SHA256

7231ba7a89930a52aeda12981b602a4de8a366e9fb48202295660edbc210d303
SHA512

f1427bc490ac94d8903af439c2b12feb5df62b0964f43668a6d4a56fd8f363da2351d05708fb8b3631aebd4fe2c41e3089832720d2ba10b934d39e443cef8da8
SSDEEP

3072:F6LsomgtJIs9SbYvWmBmCmhoO+vsJYjuy0Kr9fBo5xlPWFm:F6woT19SwRYCmhcKgixlPWF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2768	Unicorn-50781.exe
2832	Unicorn-64268.exe
2840	Unicorn-52571.exe
2748	Unicorn-61227.exe
2580	Unicorn-45446.exe
2652	Unicorn-64242.exe
2668	Unicorn-40745.exe
2620	Unicorn-267.exe
2244	Unicorn-25753.exe
2236	Unicorn-58425.exe
2556	Unicorn-38559.exe
1708	Unicorn-58316.exe
1820	Unicorn-35710.exe
1624	Unicorn-55384.exe
2128	Unicorn-10822.exe
2952	Unicorn-63360.exe
1784	Unicorn-4922.exe
2304	Unicorn-50594.exe
2388	Unicorn-38664.exe
1684	Unicorn-3682.exe
1324	Unicorn-61606.exe
2536	Unicorn-48607.exe
960	Unicorn-35094.exe
1748	Unicorn-47901.exe
2088	Unicorn-18566.exe
1216	Unicorn-48498.exe
2072	Unicorn-65389.exe
2180	Unicorn-40138.exe
1584	Unicorn-64642.exe
2264	Unicorn-44777.exe
2432	Unicorn-31778.exe
2708	Unicorn-52753.exe
2772	Unicorn-20185.exe
1940	Unicorn-61025.exe
2644	Unicorn-57496.exe
3068	Unicorn-60833.exe
3044	Unicorn-5363.exe
700	Unicorn-29313.exe
800	Unicorn-50288.exe
2232	Unicorn-12784.exe
1704	Unicorn-45457.exe
1836	Unicorn-895.exe
1480	Unicorn-65493.exe
1732	Unicorn-61684.exe
1612	Unicorn-8954.exe
1604	Unicorn-41072.exe
1512	Unicorn-20460.exe
3008	Unicorn-44964.exe
1408	Unicorn-49603.exe
836	Unicorn-33074.exe
1868	Unicorn-52940.exe
400	Unicorn-59115.exe
2160	Unicorn-50008.exe
1508	Unicorn-13614.exe
2488	Unicorn-29204.exe
1648	Unicorn-51715.exe
2120	Unicorn-9743.exe
1720	Unicorn-29649.exe
1852	Unicorn-21804.exe
2712	Unicorn-58991.exe
2112	Unicorn-47102.exe
2172	Unicorn-30019.exe
2704	Unicorn-54523.exe
2032	Unicorn-5877.exe

Loads dropped DLL 64 IoCs

pid	Process
2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe
2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe
2768	Unicorn-50781.exe
2768	Unicorn-50781.exe
2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe
2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe
2832	Unicorn-64268.exe
2832	Unicorn-64268.exe
2768	Unicorn-50781.exe
2768	Unicorn-50781.exe
2840	Unicorn-52571.exe
2840	Unicorn-52571.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
2652	Unicorn-64242.exe
2652	Unicorn-64242.exe
2840	Unicorn-52571.exe
2840	Unicorn-52571.exe
2748	Unicorn-61227.exe
2748	Unicorn-61227.exe
2580	Unicorn-45446.exe
2580	Unicorn-45446.exe
2832	Unicorn-64268.exe
2832	Unicorn-64268.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
2668	Unicorn-40745.exe
2668	Unicorn-40745.exe
2652	Unicorn-64242.exe
2652	Unicorn-64242.exe
2244	Unicorn-25753.exe
2244	Unicorn-25753.exe
2748	Unicorn-61227.exe
2748	Unicorn-61227.exe
2236	Unicorn-58425.exe
2236	Unicorn-58425.exe
2580	Unicorn-45446.exe
2556	Unicorn-38559.exe
2580	Unicorn-45446.exe
2556	Unicorn-38559.exe
2620	Unicorn-267.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2884	2332	WerFault.exe	27
1080	2768	WerFault.exe	28
564	2832	WerFault.exe	29
572	2840	WerFault.exe	30
2340	2652	WerFault.exe	33
2548	2748	WerFault.exe	32
996	2580	WerFault.exe	34
2916	2668	WerFault.exe	36
2124	2244	WerFault.exe	38
3064	2236	WerFault.exe	39
2560	2556	WerFault.exe	40
2816	2620	WerFault.exe	37
1984	1708	WerFault.exe	43
1872	1820	WerFault.exe	44
1756	2128	WerFault.exe	46
832	1784	WerFault.exe	49
2692	2388	WerFault.exe	50
2104	2952	WerFault.exe	47
1776	2264	WerFault.exe	64
240	2304	WerFault.exe	48
1876	1624	WerFault.exe	45
1276	2708	WerFault.exe	66
2912	1748	WerFault.exe	58
2736	2072	WerFault.exe	61
2716	2232	WerFault.exe	79
1472	2432	WerFault.exe	65
2880	2180	WerFault.exe	62
1232	2644	WerFault.exe	71
1432	1216	WerFault.exe	60
1500	1584	WerFault.exe	63
3012	3068	WerFault.exe	72
2136	1732	WerFault.exe	84
652	3044	WerFault.exe	76
3024	960	WerFault.exe	57
1192	1480	WerFault.exe	82
2612	2772	WerFault.exe	68
596	1684	WerFault.exe	54
1144	700	WerFault.exe	77
2176	1324	WerFault.exe	55
3092	2088	WerFault.exe	59
3112	1836	WerFault.exe	81
3120	2536	WerFault.exe	56
3148	1612	WerFault.exe	85
3156	1604	WerFault.exe	86
3236	328	WerFault.exe	83
3296	2488	WerFault.exe	98
3372	1940	WerFault.exe	70
3408	400	WerFault.exe	92
3592	836	WerFault.exe	90
3616	800	WerFault.exe	78
3648	2060	WerFault.exe	117
3680	556	WerFault.exe	122
3696	2120	WerFault.exe	101
3704	1704	WerFault.exe	80
3712	1408	WerFault.exe	89
3780	812	WerFault.exe	110
3788	2032	WerFault.exe	109
3804	3008	WerFault.exe	88
3864	2172	WerFault.exe	107
4044	2160	WerFault.exe	95
4060	2112	WerFault.exe	106
4068	1852	WerFault.exe	103
4052	2704	WerFault.exe	108
4088	1868	WerFault.exe	91

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe
2768	Unicorn-50781.exe
2832	Unicorn-64268.exe
2840	Unicorn-52571.exe
2748	Unicorn-61227.exe
2652	Unicorn-64242.exe
2580	Unicorn-45446.exe
2668	Unicorn-40745.exe
2620	Unicorn-267.exe
2244	Unicorn-25753.exe
2556	Unicorn-38559.exe
2236	Unicorn-58425.exe
1708	Unicorn-58316.exe
1820	Unicorn-35710.exe
1624	Unicorn-55384.exe
2128	Unicorn-10822.exe
2952	Unicorn-63360.exe
1784	Unicorn-4922.exe
2304	Unicorn-50594.exe
2388	Unicorn-38664.exe
1684	Unicorn-3682.exe
1324	Unicorn-61606.exe
2536	Unicorn-48607.exe
960	Unicorn-35094.exe
1748	Unicorn-47901.exe
2088	Unicorn-18566.exe
1216	Unicorn-48498.exe
2072	Unicorn-65389.exe
2432	Unicorn-31778.exe
2180	Unicorn-40138.exe
1584	Unicorn-64642.exe
2708	Unicorn-52753.exe
2772	Unicorn-20185.exe
1940	Unicorn-61025.exe
2644	Unicorn-57496.exe
3068	Unicorn-60833.exe
3044	Unicorn-5363.exe
700	Unicorn-29313.exe
800	Unicorn-50288.exe
2232	Unicorn-12784.exe
1704	Unicorn-45457.exe
1836	Unicorn-895.exe
1480	Unicorn-65493.exe
328	Unicorn-53241.exe
1732	Unicorn-61684.exe
1612	Unicorn-8954.exe
1604	Unicorn-41072.exe
1512	Unicorn-20460.exe
1868	Unicorn-52940.exe
3008	Unicorn-44964.exe
836	Unicorn-33074.exe
1408	Unicorn-49603.exe
400	Unicorn-59115.exe
2160	Unicorn-50008.exe
1508	Unicorn-13614.exe
2488	Unicorn-29204.exe
1648	Unicorn-51715.exe
2120	Unicorn-9743.exe
1720	Unicorn-29649.exe
2712	Unicorn-58991.exe
1852	Unicorn-21804.exe
2172	Unicorn-30019.exe
2112	Unicorn-47102.exe
2704	Unicorn-54523.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2768	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	28
PID 2332 wrote to memory of 2768	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	28
PID 2332 wrote to memory of 2768	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	28
PID 2332 wrote to memory of 2768	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	28
PID 2768 wrote to memory of 2832	2768	Unicorn-50781.exe	29
PID 2768 wrote to memory of 2832	2768	Unicorn-50781.exe	29
PID 2768 wrote to memory of 2832	2768	Unicorn-50781.exe	29
PID 2768 wrote to memory of 2832	2768	Unicorn-50781.exe	29
PID 2332 wrote to memory of 2840	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	30
PID 2332 wrote to memory of 2840	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	30
PID 2332 wrote to memory of 2840	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	30
PID 2332 wrote to memory of 2840	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	30
PID 2332 wrote to memory of 2884	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	31
PID 2332 wrote to memory of 2884	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	31
PID 2332 wrote to memory of 2884	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	31
PID 2332 wrote to memory of 2884	2332	96d54e2c5fa8235e68249e46c3a8b4cf.exe	31
PID 2832 wrote to memory of 2748	2832	Unicorn-64268.exe	32
PID 2832 wrote to memory of 2748	2832	Unicorn-64268.exe	32
PID 2832 wrote to memory of 2748	2832	Unicorn-64268.exe	32
PID 2832 wrote to memory of 2748	2832	Unicorn-64268.exe	32
PID 2768 wrote to memory of 2580	2768	Unicorn-50781.exe	34
PID 2768 wrote to memory of 2580	2768	Unicorn-50781.exe	34
PID 2768 wrote to memory of 2580	2768	Unicorn-50781.exe	34
PID 2768 wrote to memory of 2580	2768	Unicorn-50781.exe	34
PID 2840 wrote to memory of 2652	2840	Unicorn-52571.exe	33
PID 2840 wrote to memory of 2652	2840	Unicorn-52571.exe	33
PID 2840 wrote to memory of 2652	2840	Unicorn-52571.exe	33
PID 2840 wrote to memory of 2652	2840	Unicorn-52571.exe	33
PID 2768 wrote to memory of 1080	2768	Unicorn-50781.exe	35
PID 2768 wrote to memory of 1080	2768	Unicorn-50781.exe	35
PID 2768 wrote to memory of 1080	2768	Unicorn-50781.exe	35
PID 2768 wrote to memory of 1080	2768	Unicorn-50781.exe	35
PID 2652 wrote to memory of 2668	2652	Unicorn-64242.exe	36
PID 2652 wrote to memory of 2668	2652	Unicorn-64242.exe	36
PID 2652 wrote to memory of 2668	2652	Unicorn-64242.exe	36
PID 2652 wrote to memory of 2668	2652	Unicorn-64242.exe	36
PID 2840 wrote to memory of 2620	2840	Unicorn-52571.exe	37
PID 2840 wrote to memory of 2620	2840	Unicorn-52571.exe	37
PID 2840 wrote to memory of 2620	2840	Unicorn-52571.exe	37
PID 2840 wrote to memory of 2620	2840	Unicorn-52571.exe	37
PID 2748 wrote to memory of 2244	2748	Unicorn-61227.exe	38
PID 2748 wrote to memory of 2244	2748	Unicorn-61227.exe	38
PID 2748 wrote to memory of 2244	2748	Unicorn-61227.exe	38
PID 2748 wrote to memory of 2244	2748	Unicorn-61227.exe	38
PID 2580 wrote to memory of 2236	2580	Unicorn-45446.exe	39
PID 2580 wrote to memory of 2236	2580	Unicorn-45446.exe	39
PID 2580 wrote to memory of 2236	2580	Unicorn-45446.exe	39
PID 2580 wrote to memory of 2236	2580	Unicorn-45446.exe	39
PID 2832 wrote to memory of 2556	2832	Unicorn-64268.exe	40
PID 2832 wrote to memory of 2556	2832	Unicorn-64268.exe	40
PID 2832 wrote to memory of 2556	2832	Unicorn-64268.exe	40
PID 2832 wrote to memory of 2556	2832	Unicorn-64268.exe	40
PID 2832 wrote to memory of 564	2832	Unicorn-64268.exe	41
PID 2832 wrote to memory of 564	2832	Unicorn-64268.exe	41
PID 2832 wrote to memory of 564	2832	Unicorn-64268.exe	41
PID 2832 wrote to memory of 564	2832	Unicorn-64268.exe	41
PID 2840 wrote to memory of 572	2840	Unicorn-52571.exe	42
PID 2840 wrote to memory of 572	2840	Unicorn-52571.exe	42
PID 2840 wrote to memory of 572	2840	Unicorn-52571.exe	42
PID 2840 wrote to memory of 572	2840	Unicorn-52571.exe	42
PID 2668 wrote to memory of 1708	2668	Unicorn-40745.exe	43
PID 2668 wrote to memory of 1708	2668	Unicorn-40745.exe	43
PID 2668 wrote to memory of 1708	2668	Unicorn-40745.exe	43
PID 2668 wrote to memory of 1708	2668	Unicorn-40745.exe	43

C:\Users\Admin\AppData\Local\Temp\96d54e2c5fa8235e68249e46c3a8b4cf.exe
"C:\Users\Admin\AppData\Local\Temp\96d54e2c5fa8235e68249e46c3a8b4cf.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
        10⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        11⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        12⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        13⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        13⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 236
        12⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        11⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        10⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 216
        9⤵
        Program crash
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
        10⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
        11⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        11⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        10⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        9⤵
        Program crash
        
        PID:4060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        8⤵
        Program crash
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50288.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11876.exe
        8⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        11⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 236
        11⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        10⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
        9⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
        8⤵
        Program crash
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        7⤵
        Program crash
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
        8⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exe
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        10⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        9⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 216
        8⤵
        Program crash
        
        PID:3704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        7⤵
        Program crash
        
        PID:2912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        6⤵
        Program crash
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9743.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        10⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        11⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        12⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 236
        12⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
        11⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        10⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
        9⤵
        Program crash
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        8⤵
        Program crash
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21369.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        10⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        10⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        9⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
        8⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        7⤵
        Program crash
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        10⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 236
        10⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
        9⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
        8⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
        7⤵
        Program crash
        
        PID:3112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        6⤵
        Program crash
        
        PID:1756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        5⤵
        Program crash
        
        PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        8⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        10⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
        11⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        11⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 236
        10⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        9⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        8⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
        7⤵
        Program crash
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
        10⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        10⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        9⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        8⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        7⤵
        Program crash
        
        PID:3592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        6⤵
        Program crash
        
        PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        5⤵
        Executes dropped EXE
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26029.exe
        9⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        10⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        11⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        11⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 236
        10⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        9⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
        8⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
        7⤵
        Program crash
        
        PID:3236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        6⤵
        Program crash
        
        PID:1776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        5⤵
        Program crash
        
        PID:2560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        10⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
        10⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        9⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        8⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
        7⤵
        Program crash
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        7⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28104.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 220
        10⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
        9⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 236
        8⤵
        Program crash
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16214.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        8⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        10⤵
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 236
        10⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 236
        9⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        8⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
        7⤵
        Program crash
        
        PID:3712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        Program crash
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 224
        7⤵
        Program crash
        
        PID:1192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        6⤵
        Program crash
        
        PID:2736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        5⤵
        Program crash
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
        10⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 236
        9⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
        8⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
        7⤵
        Program crash
        
        PID:4088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        6⤵
        Program crash
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        6⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        8⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        8⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        7⤵
        
        PID:4488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 216
        6⤵
        Program crash
        
        PID:3408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        5⤵
        Program crash
        
        PID:240
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
      4⤵
      Program crash
      PID:996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
        11⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        11⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        10⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        9⤵
        Program crash
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        8⤵
        Program crash
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22261.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 220
        10⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        9⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 216
        8⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        7⤵
        Program crash
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
        11⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        12⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        12⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        11⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        10⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        9⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        Program crash
        
        PID:3864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        7⤵
        Program crash
        
        PID:1232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        6⤵
        Program crash
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29204.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        11⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        11⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        10⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
        9⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
        8⤵
        Program crash
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
        9⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
        9⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
        8⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        7⤵
        Program crash
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2951.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        9⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        8⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
        7⤵
        
        PID:3448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        6⤵
        Program crash
        
        PID:2176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        5⤵
        Program crash
        
        PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35710.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        11⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 236
        11⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        9⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        8⤵
        Program crash
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        7⤵
        Program crash
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43593.exe
        6⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        11⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        11⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        10⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        9⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        8⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        7⤵
        
        PID:5040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        6⤵
        Program crash
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21040.exe
        9⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        9⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        8⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 216
        7⤵
        Program crash
        
        PID:4068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        6⤵
        Program crash
        
        PID:652
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        5⤵
        Program crash
        
        PID:1872
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
      4⤵
      Program crash
      PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        10⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        10⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
        9⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
        8⤵
        Program crash
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        7⤵
        Program crash
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        6⤵
        Executes dropped EXE
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37309.exe
        11⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        11⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        10⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        9⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
        8⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        7⤵
        Program crash
        
        PID:3788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        6⤵
        Program crash
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        6⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        10⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 236
        10⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
        9⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
        8⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
        7⤵
        
        PID:3740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        6⤵
        Program crash
        
        PID:3148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        5⤵
        Program crash
        
        PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        6⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        8⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
        8⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        7⤵
        
        PID:5064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
        6⤵
        Program crash
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        6⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        7⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
        7⤵
        
        PID:4832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        6⤵
        Program crash
        
        PID:3648
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        5⤵
        Program crash
        
        PID:1276
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
      4⤵
      Program crash
      PID:2816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:572
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
  2⤵
  - Program crash
  PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe

Filesize
184KB

MD5
05f92a0b54c08269df3690df9eb019e0

SHA1
1b1ca297c48cfa27836b87ec4ea0315cf08cf2b9

SHA256
6cc0837486180738133f82f45ddcbbd89ca38cb2cec54c028aeec653d8bb65da

SHA512
7caf83261c698e74644c87c52efc5010a562345fa2ddcb7ff9d7aa47a142ab0079d62bc4c3c4f47f56e7a813eb987737e5725927a7e2ef689f7a51572aa4ea25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe

Filesize
184KB

MD5
397d3ee916e8937c3f814a18b7383991

SHA1
43e074826e6286074010852169eb9590065528e0

SHA256
3975d47e5f77cf10810d74f655c7c7f8676cee9a72294031bc87588253029119

SHA512
d3bef677da43a019429d9633fa1af308b81e910e3a71fae048042bbdcbb974d0d3e3640dc2973ea3b61b2ddc50b3eb22559024b6a6e33b308601dd3a25ba4390

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe

Filesize
184KB

MD5
53b624d0fe29df5a1a7b5bdbee0e40cb

SHA1
129bea4a669b6589dffa052343d336883b6695b0

SHA256
c4b900fade474024ca7dc71705236ed297b9474509d04f3fd248206f402d5d9d

SHA512
3b269bf9d1ad8de2a81b1b174b0a225024b375037682b344aec7c7865e0f5fb3e0a982fb869f1197f8a87d8f4b8024c27da3db635f011765eb3383d0e85ed437

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe

Filesize
184KB

MD5
21ddf7681eaec51b3dd704ced5d43ed8

SHA1
7e91a16c745d62b42e070bfdf85048202106ff2d

SHA256
e5958df0221d6e2702a749930e04fc3fffb99409db87c1bcc0ad0f49fa4649c4

SHA512
b9c7161ae1ef5a567e75bb3339853db462915ef489358f34f10370fd4a99205255b1ef483bc75229e2de682efebda12d6cc920ce7ac7794b5878c5203d7d6579

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe

Filesize
184KB

MD5
6eb5e43e2f36f32402ca6628d1aaec2e

SHA1
dadf8feb2cc879e754b416d41dbdb19b82dea532

SHA256
677f120db5c8c257495522238c0c5c8a44f876c94d18c6d17e5b5b4a0bb67bed

SHA512
178b946a139831a483471b4d745e9dfdf4010d1e0f52a550dd1b040497a6c8b70e4e33534b812acddc289cc0de8b6e9b6d27f7ac7990014acddc1cfc023c8a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe

Filesize
184KB

MD5
e09648c7d44988ea7698ba3ae5093d5f

SHA1
72766616dbcb12039789611e27792e4ab123203f

SHA256
de19261587cd6c59a0dfc33d64e01e58effaea412314615321113feff5078d54

SHA512
d4121ba6c1d18a4756d9aea8131baaf9c6c9e912c2dd0790b5ad78e22f87b31195bd31ae421f5ac72ee93a0959dadb8d50895512fd6a771a07f9765768a156ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9743.exe

Filesize
184KB

MD5
ebd0a952de6c84636172c92f9fde0389

SHA1
ca62c1f6fec2b194e4fcca95e6eb080ed0e218d1

SHA256
5a75d2be158d3060bad3ecd674581be8fcf8508811a123a16de2ae5edcf60257

SHA512
8b727c68979617fbd6b97969626bdf2568506d68dae546ced4a74c37596455b4d73f7c771b9f444f036b174c16511bcf98d73262f5959d2d7acbbd1ad5326ba3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe

Filesize
184KB

MD5
a448854085b5b5f2fe021cc2a1340c0f

SHA1
14e96e36d2c995ae60b98559f2b335151d0812ca

SHA256
2e1bb979f426e78e3d102baa68586e1b31c8be999191e18c351b08b95f571ab4

SHA512
a506c71dd45c04e23cb3ee4b3a964b39325cd2d2ad1047b2256a6ad22f9f3f54ae0db7ebc5ac8f86ee6dc274dde69f43b7b16d1f9a7bb45a69eb40032f2176f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-267.exe

Filesize
184KB

MD5
b50ec8b7853773f26e61d4b39e6c8550

SHA1
2b6d875f88db750aa7a3eb7f37418ed956190d62

SHA256
9e7bfc9901aa9decd412207ec8f5dd832e7405750a2b3af6f1168fa648d8235f

SHA512
21e1653205b9c8109276c7173b17ebd5f874f995dc52f2ca9ab9e66f0fed20576215c5d8862789846a16dfaea7827727e9abc2788f778f5e5eff0649c6e83e83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe

Filesize
184KB

MD5
4653fe9b382573a3ffa920ca25916a75

SHA1
b2e95aa9b6d94e04e88ff906d5bcbffa5dc88da3

SHA256
dd443f89376b5aba1f685b5cb0bfe44c27ee259e5aa7495b438cbc32a6d35460

SHA512
b4a127a755dfc37983b7c7154aa944d4f91cf4728aa0347e5674943fef8d8a62a355f3433c678e244a9fbc00cb0ae4d571ce0f3a2dce511283ea67125c47a817

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe

Filesize
184KB

MD5
93a5f8176474046f638df505a13cf293

SHA1
04d95b5c652320340a069762a5d767b9f9a2dc50

SHA256
29831698d620f0cca68396997f15d907c13a797209e1324a11c9483bd1bf4e6f

SHA512
2898e93bb733a2dda5ebed1167a8e903609fabc27655ee85c9bc446fcf65bdf5482e3f94d819747b12aef89cc211a095f94291b6781a5eaeb15b8e7d3fb852fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe

Filesize
184KB

MD5
757fd72b76eb513344670d8567e94f81

SHA1
eb105a537e01a7674ece34fff3a11c121344697b

SHA256
065d120485642fb2d290581adbceeb57b5d1f3354ab2f977b8ca94ac38f29caf

SHA512
af4f95f547dd9be424dbc46c9a24be7c0e4e9c5da7ef6b6b8f7be74d2eef1a7fabbfbe6bcc0a3e48c80375cb3eee401ceb792060cd147e454c33d694bc429510

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe

Filesize
64KB

MD5
dc6a46c1da33b7572ce39c3c25ed659d

SHA1
4fee1612702627fe820f214ef036727c795777d8

SHA256
3a6683dd590adf3d28dcc5584923adf0a2421b7dc52e6187520ba38555e24feb

SHA512
0c8d1aa27e8094877c77edf436d7f8f8a864aea075af0e271ef2732b96f4a435656c649a946c4b55b7b493368ff478ec23c1b48589767d6b2ccd74f91172f189

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe

Filesize
184KB

MD5
3dbbd5c4ac06db771b7d08a97848bba0

SHA1
902bc8f768cf3e3ae012472dc96b35c707b701a8

SHA256
faa4ef70e191e0f13ce060fb89fb734c1d18419c50d655e59418f2ed6f11d406

SHA512
407ec26c20e489ef5f19dce5cbd7f0d2ace4d154ec31a26120b26940a8e16dd3d4117f52358fcbd57180a2dae2bc75b32a5cc647f4bbf1d1d7946bf1a89d5ad3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe

Filesize
184KB

MD5
897398956163fec4457c3793c38e1959

SHA1
c50b5472498046eb58aae1c23723b0077796ef37

SHA256
6faff9454553e378eb97844239cb1b7513715f279271f75fe795feceb333709d

SHA512
a1d523ee4c2dd3b401ff84e5cb99b453120bb5db9106a34d1877f7906a3cae6537c006bde5d621b3b33e1dcc2652f7f95497325d7b3c872ae2fad345548c0427

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe

Filesize
184KB

MD5
dd2d1bcc30514491d322e07bffd3d2b4

SHA1
1494cfc0f95527b1c9358fca2b4960975baad6b3

SHA256
f5d23d3739fe026ed96461755eead031261f08b9f3fe6f66efe0d1dbb2dde147

SHA512
cbc0fa7cabaa46c971662995ec9b789629ac032f8e1435d779d21abf37b353bcfdb79e7287b7962ac78872668f7a66e2f5bb26489a47690343cb2587f314e977

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads