4c7417c1bffbd15b33ccf80f00de5cde0ee29839e18827769fa1bf990d15593d

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 08:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ab66f60bc78599a2d397eceebc91b2c2.exe
Size

184KB
MD5

ab66f60bc78599a2d397eceebc91b2c2
SHA1

14647bb8f902a86235402305bf331aa62a1f0d9e
SHA256

4c7417c1bffbd15b33ccf80f00de5cde0ee29839e18827769fa1bf990d15593d
SHA512

19dd99e3646f2527a1794a4a339df87913d3f04784969dd5aa6ed6f1e9b963b4bec6b9801852b6c2114cbd24e95124483ca2830a279da7ed4f06569076549e7b
SSDEEP

3072:a2DQoz+5fhA0ryjAdl20w8Fs25d6ZyfhMcUx8HIu0NlPvpFB:a2UoUO0rvdE0w8rJ3gNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2228	Unicorn-55062.exe
2944	Unicorn-42517.exe
2536	Unicorn-47348.exe
2692	Unicorn-39641.exe
2732	Unicorn-44048.exe
2428	Unicorn-19544.exe
640	Unicorn-38734.exe
2740	Unicorn-45750.exe
2984	Unicorn-34759.exe
1944	Unicorn-14893.exe
776	Unicorn-26268.exe
2084	Unicorn-244.exe
1220	Unicorn-2740.exe
324	Unicorn-36674.exe
2972	Unicorn-54276.exe
2828	Unicorn-53010.exe
2960	Unicorn-48220.exe
1100	Unicorn-16808.exe
1016	Unicorn-49637.exe
2040	Unicorn-50073.exe
1112	Unicorn-61728.exe
864	Unicorn-24225.exe
1000	Unicorn-4551.exe
1740	Unicorn-32585.exe
2940	Unicorn-40945.exe
1776	Unicorn-40945.exe
2236	Unicorn-12911.exe
2164	Unicorn-43383.exe
240	Unicorn-6264.exe
292	Unicorn-14432.exe
320	Unicorn-20332.exe
2448	Unicorn-6430.exe
1976	Unicorn-4162.exe
1584	Unicorn-41215.exe
892	Unicorn-63643.exe
2328	Unicorn-9035.exe
1044	Unicorn-9035.exe
1592	Unicorn-22549.exe
2260	Unicorn-57660.exe
2312	Unicorn-8651.exe
2028	Unicorn-45429.exe
1924	Unicorn-30053.exe
584	Unicorn-10187.exe
1832	Unicorn-40747.exe
1296	Unicorn-23338.exe
2840	Unicorn-5657.exe
308	Unicorn-43352.exe
2208	Unicorn-65330.exe
2564	Unicorn-49186.exe
632	Unicorn-29320.exe
2880	Unicorn-20515.exe
2324	Unicorn-41873.exe
1664	Unicorn-12730.exe
2172	Unicorn-42065.exe
2476	Unicorn-38387.exe
1556	Unicorn-18521.exe
2820	Unicorn-43217.exe
2196	Unicorn-55216.exe
764	Unicorn-50831.exe
1548	Unicorn-20920.exe
1540	Unicorn-29088.exe
1772	Unicorn-21880.exe
1248	Unicorn-40991.exe
540	Unicorn-27609.exe

Loads dropped DLL 64 IoCs

pid	Process
1900	ab66f60bc78599a2d397eceebc91b2c2.exe
1900	ab66f60bc78599a2d397eceebc91b2c2.exe
2228	Unicorn-55062.exe
1900	ab66f60bc78599a2d397eceebc91b2c2.exe
2228	Unicorn-55062.exe
1900	ab66f60bc78599a2d397eceebc91b2c2.exe
2228	Unicorn-55062.exe
2944	Unicorn-42517.exe
2228	Unicorn-55062.exe
2944	Unicorn-42517.exe
2536	Unicorn-47348.exe
2536	Unicorn-47348.exe
1356	WerFault.exe
1356	WerFault.exe
1356	WerFault.exe
1356	WerFault.exe
1356	WerFault.exe
1356	WerFault.exe
1356	WerFault.exe
1356	WerFault.exe
1356	WerFault.exe
2692	Unicorn-39641.exe
2692	Unicorn-39641.exe
2732	Unicorn-44048.exe
2732	Unicorn-44048.exe
2428	Unicorn-19544.exe
2944	Unicorn-42517.exe
2428	Unicorn-19544.exe
2944	Unicorn-42517.exe
2536	Unicorn-47348.exe
2536	Unicorn-47348.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
640	Unicorn-38734.exe
776	Unicorn-26268.exe
640	Unicorn-38734.exe
776	Unicorn-26268.exe
1944	Unicorn-14893.exe
1944	Unicorn-14893.exe
2692	Unicorn-39641.exe
2732	Unicorn-44048.exe
2692	Unicorn-39641.exe
2732	Unicorn-44048.exe
2984	Unicorn-34759.exe
2984	Unicorn-34759.exe
2428	Unicorn-19544.exe
2428	Unicorn-19544.exe
2740	Unicorn-45750.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2600	1900	WerFault.exe	27
1356	2228	WerFault.exe	28
2384	2944	WerFault.exe	29
1512	2536	WerFault.exe	30
1628	2692	WerFault.exe	32
1680	2732	WerFault.exe	33
1808	2428	WerFault.exe	34
1696	2084	WerFault.exe	43
2404	2740	WerFault.exe	37
2064	640	WerFault.exe	36
1120	1944	WerFault.exe	38
1920	2984	WerFault.exe	39
2672	776	WerFault.exe	40
2796	2972	WerFault.exe	50
2988	1016	WerFault.exe	46
2104	2828	WerFault.exe	48
2108	1100	WerFault.exe	47
2212	864	WerFault.exe	57
2612	324	WerFault.exe	45
2712	1776	WerFault.exe	60
1912	240	WerFault.exe	64
784	2040	WerFault.exe	54
1960	892	WerFault.exe	77
2760	2448	WerFault.exe	74
2020	1976	WerFault.exe	75
2616	1220	WerFault.exe	44
3100	1740	WerFault.exe	59
3276	320	WerFault.exe	65
3268	2960	WerFault.exe	49
3260	2328	WerFault.exe	78
3284	1112	WerFault.exe	56
3468	292	WerFault.exe	66
3652	2164	WerFault.exe	63
3836	1000	WerFault.exe	58
3828	1592	WerFault.exe	80
3820	2028	WerFault.exe	83
3860	2312	WerFault.exe	82
3868	2236	WerFault.exe	61
3948	2940	WerFault.exe	62
3972	2840	WerFault.exe	89
3964	1044	WerFault.exe	79
3996	308	WerFault.exe	91
4032	1584	WerFault.exe	76
3096	2880	WerFault.exe	96
3128	2324	WerFault.exe	97
3156	2260	WerFault.exe	81
3216	1832	WerFault.exe	84
888	1664	WerFault.exe	98
3352	1556	WerFault.exe	101
3376	2172	WerFault.exe	99
3728	632	WerFault.exe	94
3960	584	WerFault.exe	86
4104	2208	WerFault.exe	92
4148	2820	WerFault.exe	102
4320	1924	WerFault.exe	85
4360	2564	WerFault.exe	95
4368	1296	WerFault.exe	87
4420	2476	WerFault.exe	100
4532	2196	WerFault.exe	104
4748	3076	WerFault.exe	136
4168	1956	WerFault.exe	130
4584	1772	WerFault.exe	108
4824	1492	WerFault.exe	124
4884	1640	WerFault.exe	127

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1900	ab66f60bc78599a2d397eceebc91b2c2.exe
2228	Unicorn-55062.exe
2944	Unicorn-42517.exe
2536	Unicorn-47348.exe
2692	Unicorn-39641.exe
2732	Unicorn-44048.exe
2428	Unicorn-19544.exe
640	Unicorn-38734.exe
2740	Unicorn-45750.exe
1944	Unicorn-14893.exe
776	Unicorn-26268.exe
2984	Unicorn-34759.exe
2084	Unicorn-244.exe
1100	Unicorn-16808.exe
2960	Unicorn-48220.exe
2972	Unicorn-54276.exe
324	Unicorn-36674.exe
1220	Unicorn-2740.exe
1016	Unicorn-49637.exe
2828	Unicorn-53010.exe
2040	Unicorn-50073.exe
864	Unicorn-24225.exe
1112	Unicorn-61728.exe
1000	Unicorn-4551.exe
1740	Unicorn-32585.exe
1776	Unicorn-40945.exe
2236	Unicorn-12911.exe
2164	Unicorn-43383.exe
2940	Unicorn-40945.exe
240	Unicorn-6264.exe
320	Unicorn-20332.exe
292	Unicorn-14432.exe
2448	Unicorn-6430.exe
1976	Unicorn-4162.exe
1584	Unicorn-41215.exe
892	Unicorn-63643.exe
2328	Unicorn-9035.exe
1044	Unicorn-9035.exe
1592	Unicorn-22549.exe
2260	Unicorn-57660.exe
2312	Unicorn-8651.exe
2028	Unicorn-45429.exe
584	Unicorn-10187.exe
1832	Unicorn-40747.exe
1924	Unicorn-30053.exe
1296	Unicorn-23338.exe
2840	Unicorn-5657.exe
308	Unicorn-43352.exe
2208	Unicorn-65330.exe
632	Unicorn-29320.exe
2564	Unicorn-49186.exe
2880	Unicorn-20515.exe
2324	Unicorn-41873.exe
1664	Unicorn-12730.exe
2172	Unicorn-42065.exe
1556	Unicorn-18521.exe
2476	Unicorn-38387.exe
2820	Unicorn-43217.exe
764	Unicorn-50831.exe
1540	Unicorn-29088.exe
1548	Unicorn-20920.exe
2196	Unicorn-55216.exe
1772	Unicorn-21880.exe
1248	Unicorn-40991.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2228	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	28
PID 1900 wrote to memory of 2228	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	28
PID 1900 wrote to memory of 2228	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	28
PID 1900 wrote to memory of 2228	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	28
PID 2228 wrote to memory of 2944	2228	Unicorn-55062.exe	29
PID 2228 wrote to memory of 2944	2228	Unicorn-55062.exe	29
PID 2228 wrote to memory of 2944	2228	Unicorn-55062.exe	29
PID 2228 wrote to memory of 2944	2228	Unicorn-55062.exe	29
PID 1900 wrote to memory of 2536	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	30
PID 1900 wrote to memory of 2536	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	30
PID 1900 wrote to memory of 2536	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	30
PID 1900 wrote to memory of 2536	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	30
PID 1900 wrote to memory of 2600	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	31
PID 1900 wrote to memory of 2600	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	31
PID 1900 wrote to memory of 2600	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	31
PID 1900 wrote to memory of 2600	1900	ab66f60bc78599a2d397eceebc91b2c2.exe	31
PID 2228 wrote to memory of 2692	2228	Unicorn-55062.exe	32
PID 2228 wrote to memory of 2692	2228	Unicorn-55062.exe	32
PID 2228 wrote to memory of 2692	2228	Unicorn-55062.exe	32
PID 2228 wrote to memory of 2692	2228	Unicorn-55062.exe	32
PID 2944 wrote to memory of 2732	2944	Unicorn-42517.exe	33
PID 2944 wrote to memory of 2732	2944	Unicorn-42517.exe	33
PID 2944 wrote to memory of 2732	2944	Unicorn-42517.exe	33
PID 2944 wrote to memory of 2732	2944	Unicorn-42517.exe	33
PID 2536 wrote to memory of 2428	2536	Unicorn-47348.exe	34
PID 2536 wrote to memory of 2428	2536	Unicorn-47348.exe	34
PID 2536 wrote to memory of 2428	2536	Unicorn-47348.exe	34
PID 2536 wrote to memory of 2428	2536	Unicorn-47348.exe	34
PID 2228 wrote to memory of 1356	2228	Unicorn-55062.exe	35
PID 2228 wrote to memory of 1356	2228	Unicorn-55062.exe	35
PID 2228 wrote to memory of 1356	2228	Unicorn-55062.exe	35
PID 2228 wrote to memory of 1356	2228	Unicorn-55062.exe	35
PID 2692 wrote to memory of 640	2692	Unicorn-39641.exe	36
PID 2692 wrote to memory of 640	2692	Unicorn-39641.exe	36
PID 2692 wrote to memory of 640	2692	Unicorn-39641.exe	36
PID 2692 wrote to memory of 640	2692	Unicorn-39641.exe	36
PID 2732 wrote to memory of 2740	2732	Unicorn-44048.exe	37
PID 2732 wrote to memory of 2740	2732	Unicorn-44048.exe	37
PID 2732 wrote to memory of 2740	2732	Unicorn-44048.exe	37
PID 2732 wrote to memory of 2740	2732	Unicorn-44048.exe	37
PID 2428 wrote to memory of 2984	2428	Unicorn-19544.exe	39
PID 2428 wrote to memory of 2984	2428	Unicorn-19544.exe	39
PID 2428 wrote to memory of 2984	2428	Unicorn-19544.exe	39
PID 2428 wrote to memory of 2984	2428	Unicorn-19544.exe	39
PID 2944 wrote to memory of 1944	2944	Unicorn-42517.exe	38
PID 2944 wrote to memory of 1944	2944	Unicorn-42517.exe	38
PID 2944 wrote to memory of 1944	2944	Unicorn-42517.exe	38
PID 2944 wrote to memory of 1944	2944	Unicorn-42517.exe	38
PID 2536 wrote to memory of 776	2536	Unicorn-47348.exe	40
PID 2536 wrote to memory of 776	2536	Unicorn-47348.exe	40
PID 2536 wrote to memory of 776	2536	Unicorn-47348.exe	40
PID 2536 wrote to memory of 776	2536	Unicorn-47348.exe	40
PID 2944 wrote to memory of 2384	2944	Unicorn-42517.exe	41
PID 2944 wrote to memory of 2384	2944	Unicorn-42517.exe	41
PID 2944 wrote to memory of 2384	2944	Unicorn-42517.exe	41
PID 2944 wrote to memory of 2384	2944	Unicorn-42517.exe	41
PID 2536 wrote to memory of 1512	2536	Unicorn-47348.exe	42
PID 2536 wrote to memory of 1512	2536	Unicorn-47348.exe	42
PID 2536 wrote to memory of 1512	2536	Unicorn-47348.exe	42
PID 2536 wrote to memory of 1512	2536	Unicorn-47348.exe	42
PID 640 wrote to memory of 2084	640	Unicorn-38734.exe	43
PID 640 wrote to memory of 2084	640	Unicorn-38734.exe	43
PID 640 wrote to memory of 2084	640	Unicorn-38734.exe	43
PID 640 wrote to memory of 2084	640	Unicorn-38734.exe	43

C:\Users\Admin\AppData\Local\Temp\ab66f60bc78599a2d397eceebc91b2c2.exe
"C:\Users\Admin\AppData\Local\Temp\ab66f60bc78599a2d397eceebc91b2c2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49637.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        10⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        11⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        12⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 376
        13⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 376
        12⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 376
        11⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 376
        10⤵
        Program crash
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42636.exe
        9⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        10⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
        11⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 376
        11⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 376
        10⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 372
        9⤵
        Program crash
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        10⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        11⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        12⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 376
        11⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 376
        10⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 376
        9⤵
        Program crash
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 380
        8⤵
        Program crash
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63643.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        9⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        10⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        11⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-764.exe
        12⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        13⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 376
        12⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        11⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        12⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 376
        12⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 376
        11⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 376
        10⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 376
        9⤵
        Program crash
        
        PID:888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 376
        8⤵
        Program crash
        
        PID:1960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 376
        7⤵
        Program crash
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7280.exe
        9⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        10⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 376
        10⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 372
        9⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 376
        8⤵
        Program crash
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        9⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 376
        8⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 376
        7⤵
        Program crash
        
        PID:3836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 368
        6⤵
        Program crash
        
        PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27609.exe
        8⤵
        Executes dropped EXE
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
        9⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        10⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 376
        10⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 376
        9⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 376
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60317.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
        9⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 376
        9⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 376
        8⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 376
        7⤵
        Program crash
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43352.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
        8⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 376
        8⤵
        Program crash
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 380
        7⤵
        Program crash
        
        PID:3996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 376
        6⤵
        Program crash
        
        PID:3268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 376
        5⤵
        Program crash
        
        PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        10⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
        11⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 376
        11⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 376
        10⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 376
        9⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 376
        8⤵
        Program crash
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 376
        7⤵
        Program crash
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6393.exe
        9⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 376
        9⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 368
        8⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 368
        7⤵
        Program crash
        
        PID:3156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 380
        6⤵
        Program crash
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21880.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        9⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9970.exe
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        11⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 376
        11⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 376
        10⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        9⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        10⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 376
        9⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 376
        8⤵
        Program crash
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 376
        7⤵
        Program crash
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
        9⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 368
        9⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 372
        8⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 376
        7⤵
        Program crash
        
        PID:4532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 376
        6⤵
        Program crash
        
        PID:3652
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 376
        5⤵
        Program crash
        
        PID:1120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 372
      4⤵
      Loads dropped DLL
      Program crash
      PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        6⤵
        Program crash
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10883.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35354.exe
        9⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 376
        10⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 376
        9⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 376
        8⤵
        Program crash
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 376
        7⤵
        Program crash
        
        PID:3376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 376
        6⤵
        Program crash
        
        PID:3284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 376
        5⤵
        Program crash
        
        PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        10⤵
        
        PID:948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 368
        10⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 376
        9⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 376
        8⤵
        Program crash
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 380
        7⤵
        Program crash
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35354.exe
        9⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 376
        9⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 376
        8⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 380
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 380
        6⤵
        Program crash
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
        9⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 376
        9⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 368
        8⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 376
        7⤵
        Program crash
        
        PID:4360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 376
        6⤵
        Program crash
        
        PID:2020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 376
        5⤵
        Program crash
        
        PID:2796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 376
      4⤵
      Program crash
      PID:1628
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 384
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12803.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        11⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 368
        11⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 376
        10⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 376
        9⤵
        Program crash
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 376
        8⤵
        Program crash
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47062.exe
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        10⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 376
        10⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 376
        9⤵
        Program crash
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 376
        8⤵
        Program crash
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 376
        7⤵
        Program crash
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8651.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 376
        9⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 376
        8⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 380
        7⤵
        Program crash
        
        PID:3860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 368
        6⤵
        Program crash
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        8⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        9⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 376
        8⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 376
        7⤵
        
        PID:5144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 376
        6⤵
        Program crash
        
        PID:3868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 376
        5⤵
        Program crash
        
        PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18521.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31227.exe
        9⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46710.exe
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 368
        9⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 376
        8⤵
        Program crash
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 376
        7⤵
        Program crash
        
        PID:3352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 376
        6⤵
        Program crash
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        8⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 376
        8⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 376
        7⤵
        
        PID:5440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 380
        6⤵
        Program crash
        
        PID:3216
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 376
        5⤵
        Program crash
        
        PID:2108
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 372
      4⤵
      Program crash
      PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14432.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
        10⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 376
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 380
        9⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 368
        8⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 376
        7⤵
        Program crash
        
        PID:4320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 368
        6⤵
        Program crash
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10187.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        6⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        8⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 376
        8⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 376
        7⤵
        
        PID:5964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 380
        6⤵
        Program crash
        
        PID:3960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 376
        5⤵
        Program crash
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20332.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44996.exe
        8⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        9⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 376
        8⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 376
        7⤵
        
        PID:5508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 376
        6⤵
        Program crash
        
        PID:4368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 368
        5⤵
        Program crash
        
        PID:3276
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 376
      4⤵
      Program crash
      PID:2672
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 372
  2⤵
  - Program crash
  PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe

Filesize
184KB

MD5
9135c99f0c064ebea75f1e1ebcef53e3

SHA1
76d32bf7047f21562aaa9c2998a07bc324328b35

SHA256
47e1a178f3b9d8e421ce7e633468346291366062678a9d18108cc8e4b0db9576

SHA512
9a013ec9189e7dbbb66e4828f45c5ece8cb2b431769f7ff678c4e132456813289e214a39c899121267c5f36b540ab7fb0261c66b87ea335ed40068e6a30b8fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe

Filesize
184KB

MD5
fde08c6a11cbfea799da2030a5c41b87

SHA1
3d5440984c58ba28a8d3fd01ba80735a2ca58856

SHA256
d4948777a07b90be0a68bed69b24807bca5f8af2e7ba6e2c81cb800f07770795

SHA512
cce575025256ccd2d7bc1f1bfaba12265936b3c6cad99bbe025445990ed79a313ed8a4863ac791c70799191aad771606da22d91c71ff96210f6ec3950e7d1fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe

Filesize
184KB

MD5
ef9c7c36a0a11d34cf60baa4ce94c7d9

SHA1
cba916b4d3dcc55b21957972333a62f0176b09a6

SHA256
1ff4e39eaee40bce826c12e0917bc5d3422a6523028a41b6e9dfd7348825917a

SHA512
8bb9facb01cce87556168003d329a7f719857f3dacc99f80fd7b09c73840933bfa86307e90fce1eb6272585ef14b5aaa43f00aa18cdbb892446ce62e8744183c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe

Filesize
184KB

MD5
e0e83b1a6abc830aeedd4a0104854d2a

SHA1
19e1666851830132d647f1252c59601478300bc5

SHA256
80bea50ae37613ae90010d84e3bdca38fd69b8e035cf84eb2afa19919e70136f

SHA512
f243cac5ad75a4aa52c18247d1e1e78d3dff30771e2e31f42ffb9f04df110db2da3b65d43024902c2130a1d344ff153d5c4f357f7c757d3cd2bf4cbd45a14e24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe

Filesize
184KB

MD5
daaee52ec907e0d88a64dbfe05621f53

SHA1
507a55d36cea4ee78db45fb423a087b050c78962

SHA256
2c5e011bce556b033267b83760c321861a0fa6e68ccc222d4c0e5159c0c6e5a2

SHA512
3ff92b2e98503d5812f30d3f29197f80c1cfffc6a0946e5a8d701f050ea5132a00509a29b2075d49bd875302698943bbfd2a962bdbb08b17cb126b8371140748

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe

Filesize
184KB

MD5
58c75c43017dfe8dda1550818083119e

SHA1
95753edb105b952e6302e53d0e187192df6c78b2

SHA256
07dd9f68cdb2217e11a422473ef61e6bcead1b0d9c2039c6140accd115112cff

SHA512
32363dafe21aeaa89ae8de665b544093f66fa137b614b377b597b342fa72b073e4a07931bd349614b13b4851c9373a7cd6a999c394916e9fb6fc5160682e25a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47062.exe

Filesize
184KB

MD5
2f40da88d3a6a4de0ec506c68f1b9b6d

SHA1
2e9a6595e49bd5c977384a9b5ee5f3aa75264060

SHA256
be37929933975eca93a251b886e1c56cc30c2e915c236d6241e40021e3382374

SHA512
98fcaa85b8df068a2e07c097c52e446c7281aff7dda924cf982febdf391af6aad1c3cfedc07fe5a84d4018f9dae9f1b0c93b8fb5fe1ad95184fcae0ae5c047a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe

Filesize
184KB

MD5
e95fc2e02ffef70113cc2a6c8110b222

SHA1
ee509b27ea94c261b6a31883a197ec5839b6215e

SHA256
6567bdb200d6303d8a087020985b3aff242979086a388132e781315b55826a50

SHA512
c6803ab6c43a877582b2b7e9db2c7995d6cf79098daa23d2c6112bf75e17c427b0eda83d97084e7124a5abdaeaf62c48d2b1bd8364495b3221abfc70fc72a4ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe

Filesize
184KB

MD5
b34d494cc9ad4f16088d66a273728bd1

SHA1
b4e8adac0c98c5ec1678b01fe16711e0463834b7

SHA256
075b5864c442a7a5bd618406693058587dfac9ff2749c612e191bd79a496ae8f

SHA512
da94d28e0235a09478d35c8b75e7e5b9735364673575e5f1964bd83d675961ed13ba9fd7692c5e67c782aa622b9c6c8c6178218e0a8ea4e245e51feb49727c0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe

Filesize
184KB

MD5
4991353a36409acaa88c1b31a2bff855

SHA1
b98557735c0e1e8685b2b66e00ebe309d7d0fc54

SHA256
44f8da0c08c1362589391cad540762ced619b0e55f8e26f3dcdc95c882f69aac

SHA512
5beacbffb0a02862574adaa486cfece55ad9379fee03dcdd015c1225c699f1f41f2f7dfe942dbcff88f6153753994c1f77b6dc4501de80850f2e3764a9d491ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe

Filesize
184KB

MD5
41e36456c9fb99ecb6c62d698367fd96

SHA1
e77e20d36f8273b6f67374343e455f7c8ac40350

SHA256
b6e19bfe4344708eb17fe1e54bf4a65ef3fbf63f03950f42e2ff93b425ba1a9d

SHA512
175db080b1e6c70ee7cc19d33af332b13b240f83afa5e15bb8da1279f98166bf4c5dfbe8901b4be7c4b81d6834ce98326d2221f2cc344bb80b6606340ed2bef2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe

Filesize
184KB

MD5
a0980becf6988f6eb5efdc7da5c485c5

SHA1
cf508f3a17cf1c1447392777aa97fd3522db3d63

SHA256
88479b80f0c5b8c98674c3de19ca51c2d3256e6d726686e0b4a72c8e55e01068

SHA512
aea9fd17ab45124377c99689c964f84d78910a15461dd1ca71be3aa918b5cee390d97e498bcde73e0ac1bd6a1ea3215923eb3e89da84873f14068df329d6523d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe

Filesize
184KB

MD5
f2f7c2745a7e64cf8347bf8479132529

SHA1
c7b653afb682da2baaeee97046eb516cdd466fc0

SHA256
25fc9eb3c118b49998f72c9e806ef87c4a0b5a4d3b7441de6bdf4b0337b7ed48

SHA512
0eec1018e464cb558f59d9da25e3a764100d2baff4a77a9fd6cd23449f7b6c2ec110961530a608288fa0fc26593bd1be9febd66bdf6b2ee1afbcde9f57bafdca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe

Filesize
184KB

MD5
a5a8e2a6b3b3697d4e478d6b5a0e96ab

SHA1
d90bcf530599be45e1ce36ea19bfaef59c3289c3

SHA256
4b4d29106cdcf8ef60b14fdcf49bce34d4f56909297518444f50f3b32115aba6

SHA512
763478a8c28fad0383e4c29f7bf39b27c8f9dedf3a47f5c2dc46e8b2a194083238eb7ac3f0b0dff334d0040bc9ef10e1fbc0bab29cd22e883a805057177f73a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe

Filesize
184KB

MD5
78e8a4e442bbd7277f5bc0d33b375edc

SHA1
6e876744f7a5ee0f56d4f5aead605404170ed4da

SHA256
5b3af3d700232b6a4d74dd72ad6936e8476cca5a25fd1510c388833ef0c4ebb1

SHA512
29bbb9567d75e937f9d02690c818c0880ccbe1c22a93d4b8429231a9d36fd5d4ba10d07e3979400abb200e383f3a6538fb3b751139898dce87816bfa49a2468f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads