3592cf1e534de413d302f0ddb5598618fc55165f26db42db465eb9a81fa12846

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b48d8b7db46c8e323bd4749aeb1a7806.exe
Size

184KB
MD5

b48d8b7db46c8e323bd4749aeb1a7806
SHA1

d98a41f142ce9dda8db22b43d368babcbe4aea8a
SHA256

3592cf1e534de413d302f0ddb5598618fc55165f26db42db465eb9a81fa12846
SHA512

dd54b9f79b83e7226552510ddedddfc7c8cc357f64dfdfd85339acb2a26c08cd931550c5b037e086ded2f08364f217de2407a1c94af7a30ef1b26b7b1faa857c
SSDEEP

3072:a2+go7/0VuApryjidKi0wZFp35m64PfFS8uxbHIEkNlPvpFB:a29oqjprxdZ0wZQN0mNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2336	Unicorn-37286.exe
2608	Unicorn-3710.exe
2960	Unicorn-45106.exe
2572	Unicorn-35480.exe
2876	Unicorn-4239.exe
2524	Unicorn-10783.exe
2772	Unicorn-29759.exe
1748	Unicorn-17315.exe
1736	Unicorn-5062.exe
1984	Unicorn-50734.exe
612	Unicorn-13785.exe
2248	Unicorn-38778.exe
2452	Unicorn-43416.exe
2096	Unicorn-21181.exe
2596	Unicorn-15425.exe
2300	Unicorn-60542.exe
552	Unicorn-60905.exe
1780	Unicorn-60905.exe
940	Unicorn-31809.exe
2172	Unicorn-35378.exe
1812	Unicorn-36168.exe
576	Unicorn-53251.exe
2816	Unicorn-60480.exe
2972	Unicorn-65119.exe
880	Unicorn-56204.exe
2932	Unicorn-52120.exe
1600	Unicorn-11087.exe
1232	Unicorn-17070.exe
2540	Unicorn-21067.exe
2476	Unicorn-25705.exe
1956	Unicorn-57823.exe
2728	Unicorn-9177.exe
2736	Unicorn-20683.exe
2032	Unicorn-4346.exe
2008	Unicorn-17153.exe
2760	Unicorn-5498.exe
684	Unicorn-38171.exe
2856	Unicorn-25404.exe
2400	Unicorn-50231.exe
368	Unicorn-9198.exe
1344	Unicorn-54870.exe
2104	Unicorn-62483.exe
2100	Unicorn-4600.exe
1408	Unicorn-37272.exe
2276	Unicorn-53054.exe
984	Unicorn-26386.exe
2840	Unicorn-55337.exe
1668	Unicorn-236.exe
456	Unicorn-34963.exe
1888	Unicorn-26049.exe
2228	Unicorn-30687.exe
2720	Unicorn-34025.exe
2348	Unicorn-42555.exe
1092	Unicorn-2312.exe
1296	Unicorn-55405.exe
904	Unicorn-55405.exe
1652	Unicorn-31263.exe
1556	Unicorn-22903.exe
2864	Unicorn-30517.exe
1868	Unicorn-30517.exe
844	Unicorn-34876.exe
1920	Unicorn-27947.exe
840	Unicorn-27393.exe
1008	Unicorn-27393.exe

Loads dropped DLL 64 IoCs

pid	Process
2352	b48d8b7db46c8e323bd4749aeb1a7806.exe
2352	b48d8b7db46c8e323bd4749aeb1a7806.exe
2336	Unicorn-37286.exe
2336	Unicorn-37286.exe
2352	b48d8b7db46c8e323bd4749aeb1a7806.exe
2352	b48d8b7db46c8e323bd4749aeb1a7806.exe
2608	Unicorn-3710.exe
2608	Unicorn-3710.exe
2336	Unicorn-37286.exe
2336	Unicorn-37286.exe
2960	Unicorn-45106.exe
2960	Unicorn-45106.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2876	Unicorn-4239.exe
2876	Unicorn-4239.exe
2572	Unicorn-35480.exe
2572	Unicorn-35480.exe
2524	Unicorn-10783.exe
2608	Unicorn-3710.exe
2524	Unicorn-10783.exe
2608	Unicorn-3710.exe
2960	Unicorn-45106.exe
2960	Unicorn-45106.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
560	WerFault.exe
1748	Unicorn-17315.exe
1748	Unicorn-17315.exe
2572	Unicorn-35480.exe
2572	Unicorn-35480.exe
1984	Unicorn-50734.exe
1984	Unicorn-50734.exe
612	Unicorn-13785.exe
612	Unicorn-13785.exe
1736	Unicorn-5062.exe
1736	Unicorn-5062.exe
2524	Unicorn-10783.exe
2876	Unicorn-4239.exe
2876	Unicorn-4239.exe
2524	Unicorn-10783.exe
3048	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2536	2352	WerFault.exe	27
2900	2336	WerFault.exe	28
560	2608	WerFault.exe	29
2236	2960	WerFault.exe	30
3048	2876	WerFault.exe	33
1068	2572	WerFault.exe	32
1708	2524	WerFault.exe	34
752	1748	WerFault.exe	37
2964	1984	WerFault.exe	39
2632	612	WerFault.exe	40
2412	1736	WerFault.exe	38
2416	2772	WerFault.exe	36
1932	2096	WerFault.exe	45
3040	2300	WerFault.exe	47
2164	2596	WerFault.exe	46
1656	2248	WerFault.exe	43
2992	2452	WerFault.exe	44
2380	552	WerFault.exe	49
2776	1232	WerFault.exe	62
2028	880	WerFault.exe	60
268	2172	WerFault.exe	54
1688	1780	WerFault.exe	48
1816	2032	WerFault.exe	73
624	2736	WerFault.exe	72
988	576	WerFault.exe	56
2660	2540	WerFault.exe	66
1728	1600	WerFault.exe	61
1916	1812	WerFault.exe	55
3188	2100	WerFault.exe	82
3196	2932	WerFault.exe	59
3304	2400	WerFault.exe	78
3376	1344	WerFault.exe	80
3424	2816	WerFault.exe	57
3460	940	WerFault.exe	53
3504	2476	WerFault.exe	69
3576	2276	WerFault.exe	84
3624	1956	WerFault.exe	70
3716	684	WerFault.exe	76
3756	2728	WerFault.exe	71
3784	2972	WerFault.exe	58
3096	368	WerFault.exe	79
3440	2856	WerFault.exe	77
3632	2008	WerFault.exe	74
3684	2228	WerFault.exe	96
3124	904	WerFault.exe	101
3140	2104	WerFault.exe	81
3688	1888	WerFault.exe	93
4148	2760	WerFault.exe	75
4200	984	WerFault.exe	85
4228	2348	WerFault.exe	98
4236	1668	WerFault.exe	90
4244	1408	WerFault.exe	83
4372	1356	WerFault.exe	112
4440	1652	WerFault.exe	102
4492	456	WerFault.exe	92
4616	1008	WerFault.exe	109
4640	844	WerFault.exe	106
4632	1296	WerFault.exe	100
4624	1868	WerFault.exe	105
4760	2720	WerFault.exe	97
4752	2840	WerFault.exe	88
4780	2864	WerFault.exe	104
4788	1920	WerFault.exe	107
4796	2872	WerFault.exe	111

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2352	b48d8b7db46c8e323bd4749aeb1a7806.exe
2336	Unicorn-37286.exe
2608	Unicorn-3710.exe
2960	Unicorn-45106.exe
2572	Unicorn-35480.exe
2876	Unicorn-4239.exe
2524	Unicorn-10783.exe
1748	Unicorn-17315.exe
2772	Unicorn-29759.exe
612	Unicorn-13785.exe
1984	Unicorn-50734.exe
1736	Unicorn-5062.exe
2248	Unicorn-38778.exe
2452	Unicorn-43416.exe
2096	Unicorn-21181.exe
2596	Unicorn-15425.exe
2300	Unicorn-60542.exe
552	Unicorn-60905.exe
1780	Unicorn-60905.exe
940	Unicorn-31809.exe
2172	Unicorn-35378.exe
576	Unicorn-53251.exe
1812	Unicorn-36168.exe
2816	Unicorn-60480.exe
2972	Unicorn-65119.exe
2932	Unicorn-52120.exe
880	Unicorn-56204.exe
1600	Unicorn-11087.exe
1232	Unicorn-17070.exe
2540	Unicorn-21067.exe
2476	Unicorn-25705.exe
1956	Unicorn-57823.exe
2736	Unicorn-20683.exe
2728	Unicorn-9177.exe
2032	Unicorn-4346.exe
2008	Unicorn-17153.exe
2760	Unicorn-5498.exe
684	Unicorn-38171.exe
2856	Unicorn-25404.exe
2400	Unicorn-50231.exe
368	Unicorn-9198.exe
1344	Unicorn-54870.exe
2104	Unicorn-62483.exe
1408	Unicorn-37272.exe
2100	Unicorn-4600.exe
2276	Unicorn-53054.exe
984	Unicorn-26386.exe
2840	Unicorn-55337.exe
1668	Unicorn-236.exe
1888	Unicorn-26049.exe
456	Unicorn-34963.exe
2228	Unicorn-30687.exe
2720	Unicorn-34025.exe
2348	Unicorn-42555.exe
1092	Unicorn-2312.exe
1296	Unicorn-55405.exe
904	Unicorn-55405.exe
1652	Unicorn-31263.exe
1556	Unicorn-22903.exe
1868	Unicorn-30517.exe
2864	Unicorn-30517.exe
844	Unicorn-34876.exe
1008	Unicorn-27393.exe
1920	Unicorn-27947.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2336	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	28
PID 2352 wrote to memory of 2336	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	28
PID 2352 wrote to memory of 2336	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	28
PID 2352 wrote to memory of 2336	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	28
PID 2336 wrote to memory of 2608	2336	Unicorn-37286.exe	29
PID 2336 wrote to memory of 2608	2336	Unicorn-37286.exe	29
PID 2336 wrote to memory of 2608	2336	Unicorn-37286.exe	29
PID 2336 wrote to memory of 2608	2336	Unicorn-37286.exe	29
PID 2352 wrote to memory of 2960	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	30
PID 2352 wrote to memory of 2960	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	30
PID 2352 wrote to memory of 2960	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	30
PID 2352 wrote to memory of 2960	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	30
PID 2352 wrote to memory of 2536	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	31
PID 2352 wrote to memory of 2536	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	31
PID 2352 wrote to memory of 2536	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	31
PID 2352 wrote to memory of 2536	2352	b48d8b7db46c8e323bd4749aeb1a7806.exe	31
PID 2608 wrote to memory of 2572	2608	Unicorn-3710.exe	32
PID 2608 wrote to memory of 2572	2608	Unicorn-3710.exe	32
PID 2608 wrote to memory of 2572	2608	Unicorn-3710.exe	32
PID 2608 wrote to memory of 2572	2608	Unicorn-3710.exe	32
PID 2336 wrote to memory of 2876	2336	Unicorn-37286.exe	33
PID 2336 wrote to memory of 2876	2336	Unicorn-37286.exe	33
PID 2336 wrote to memory of 2876	2336	Unicorn-37286.exe	33
PID 2336 wrote to memory of 2876	2336	Unicorn-37286.exe	33
PID 2960 wrote to memory of 2524	2960	Unicorn-45106.exe	34
PID 2960 wrote to memory of 2524	2960	Unicorn-45106.exe	34
PID 2960 wrote to memory of 2524	2960	Unicorn-45106.exe	34
PID 2960 wrote to memory of 2524	2960	Unicorn-45106.exe	34
PID 2336 wrote to memory of 2900	2336	Unicorn-37286.exe	35
PID 2336 wrote to memory of 2900	2336	Unicorn-37286.exe	35
PID 2336 wrote to memory of 2900	2336	Unicorn-37286.exe	35
PID 2336 wrote to memory of 2900	2336	Unicorn-37286.exe	35
PID 2876 wrote to memory of 2772	2876	Unicorn-4239.exe	36
PID 2876 wrote to memory of 2772	2876	Unicorn-4239.exe	36
PID 2876 wrote to memory of 2772	2876	Unicorn-4239.exe	36
PID 2876 wrote to memory of 2772	2876	Unicorn-4239.exe	36
PID 2572 wrote to memory of 1748	2572	Unicorn-35480.exe	37
PID 2572 wrote to memory of 1748	2572	Unicorn-35480.exe	37
PID 2572 wrote to memory of 1748	2572	Unicorn-35480.exe	37
PID 2572 wrote to memory of 1748	2572	Unicorn-35480.exe	37
PID 2524 wrote to memory of 1736	2524	Unicorn-10783.exe	38
PID 2524 wrote to memory of 1736	2524	Unicorn-10783.exe	38
PID 2524 wrote to memory of 1736	2524	Unicorn-10783.exe	38
PID 2524 wrote to memory of 1736	2524	Unicorn-10783.exe	38
PID 2608 wrote to memory of 1984	2608	Unicorn-3710.exe	39
PID 2608 wrote to memory of 1984	2608	Unicorn-3710.exe	39
PID 2608 wrote to memory of 1984	2608	Unicorn-3710.exe	39
PID 2608 wrote to memory of 1984	2608	Unicorn-3710.exe	39
PID 2960 wrote to memory of 612	2960	Unicorn-45106.exe	40
PID 2960 wrote to memory of 612	2960	Unicorn-45106.exe	40
PID 2960 wrote to memory of 612	2960	Unicorn-45106.exe	40
PID 2960 wrote to memory of 612	2960	Unicorn-45106.exe	40
PID 2608 wrote to memory of 560	2608	Unicorn-3710.exe	41
PID 2608 wrote to memory of 560	2608	Unicorn-3710.exe	41
PID 2608 wrote to memory of 560	2608	Unicorn-3710.exe	41
PID 2608 wrote to memory of 560	2608	Unicorn-3710.exe	41
PID 2960 wrote to memory of 2236	2960	Unicorn-45106.exe	42
PID 2960 wrote to memory of 2236	2960	Unicorn-45106.exe	42
PID 2960 wrote to memory of 2236	2960	Unicorn-45106.exe	42
PID 2960 wrote to memory of 2236	2960	Unicorn-45106.exe	42
PID 1748 wrote to memory of 2248	1748	Unicorn-17315.exe	43
PID 1748 wrote to memory of 2248	1748	Unicorn-17315.exe	43
PID 1748 wrote to memory of 2248	1748	Unicorn-17315.exe	43
PID 1748 wrote to memory of 2248	1748	Unicorn-17315.exe	43

C:\Users\Admin\AppData\Local\Temp\b48d8b7db46c8e323bd4749aeb1a7806.exe
"C:\Users\Admin\AppData\Local\Temp\b48d8b7db46c8e323bd4749aeb1a7806.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38778.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        10⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        11⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        12⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        13⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3046.exe
        14⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 376
        13⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 376
        12⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40101.exe
        11⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        12⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        13⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 376
        12⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 376
        11⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 376
        10⤵
        Program crash
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 376
        9⤵
        Program crash
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        11⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        12⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 376
        11⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 368
        10⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 376
        9⤵
        Program crash
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 380
        8⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
        9⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49173.exe
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
        11⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        12⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 376
        12⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 376
        11⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 376
        10⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 376
        9⤵
        Program crash
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 380
        8⤵
        Program crash
        
        PID:3504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 380
        7⤵
        Program crash
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
        11⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        12⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        13⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        14⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 368
        13⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 376
        12⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 376
        11⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 380
        10⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 376
        9⤵
        Program crash
        
        PID:3688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 380
        8⤵
        Program crash
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55819.exe
        10⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        11⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 376
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 368
        10⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 376
        9⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 376
        8⤵
        Program crash
        
        PID:3684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 376
        7⤵
        Program crash
        
        PID:268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 380
        6⤵
        Program crash
        
        PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        11⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
        12⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 236
        12⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        11⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 376
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 376
        9⤵
        Program crash
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 380
        8⤵
        Program crash
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        9⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
        10⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        11⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
        12⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 376
        11⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        10⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 376
        10⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 368
        9⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 376
        8⤵
        Program crash
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 380
        7⤵
        Program crash
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
        7⤵
        Executes dropped EXE
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        9⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        10⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 376
        10⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 376
        9⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 376
        8⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 376
        7⤵
        Program crash
        
        PID:3632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 376
        6⤵
        Program crash
        
        PID:2992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 376
        5⤵
        Program crash
        
        PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21181.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 380
        7⤵
        Program crash
        
        PID:3756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 376
        6⤵
        Program crash
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        8⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 376
        9⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 376
        8⤵
        Program crash
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 376
        7⤵
        Program crash
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        9⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        11⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 376
        10⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        9⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 376
        9⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 372
        8⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 368
        7⤵
        Program crash
        
        PID:4788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 376
        6⤵
        Program crash
        
        PID:3784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 380
        5⤵
        Program crash
        
        PID:2964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51264.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32837.exe
        9⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        10⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 376
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 376
        9⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 376
        8⤵
        Program crash
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 376
        7⤵
        Program crash
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        9⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 236
        9⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        8⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 376
        7⤵
        Program crash
        
        PID:4228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 380
        6⤵
        Program crash
        
        PID:988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 372
        5⤵
        Program crash
        
        PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        10⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        11⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        12⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        13⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 376
        12⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 376
        11⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 380
        10⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 376
        9⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 376
        8⤵
        Program crash
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-677.exe
        7⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        8⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 220
        9⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 380
        8⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 376
        7⤵
        Program crash
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        10⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2052.exe
        11⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 376
        11⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 376
        10⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 376
        9⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 376
        8⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 376
        7⤵
        Program crash
        
        PID:4440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 368
        6⤵
        Program crash
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        6⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        9⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        9⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 376
        8⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 376
        7⤵
        
        PID:3812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 376
        6⤵
        Program crash
        
        PID:3440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 380
        5⤵
        Program crash
        
        PID:2380
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:3048
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
        11⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        12⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 376
        12⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 376
        11⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 376
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 380
        9⤵
        Program crash
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 376
        8⤵
        Program crash
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        8⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 376
        8⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 376
        7⤵
        Program crash
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
        9⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        10⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 376
        10⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 376
        9⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 376
        8⤵
        Program crash
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 376
        7⤵
        Program crash
        
        PID:3376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 380
        6⤵
        Program crash
        
        PID:3040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 376
        5⤵
        Program crash
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62483.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15306.exe
        7⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        8⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 376
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 376
        8⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 376
        7⤵
        Program crash
        
        PID:3140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 376
        6⤵
        Program crash
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        9⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 376
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        8⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        9⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 376
        8⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 388
        7⤵
        
        PID:6204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 376
        6⤵
        Program crash
        
        PID:4244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 376
        5⤵
        Program crash
        
        PID:1688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 376
      4⤵
      Program crash
      PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        9⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        11⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 376
        10⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 376
        9⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 376
        8⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 376
        7⤵
        Program crash
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        6⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
        9⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        10⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12031.exe
        11⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 376
        11⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 376
        10⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 380
        9⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 376
        8⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 376
        7⤵
        Program crash
        
        PID:4372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 372
        6⤵
        Program crash
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
        9⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        10⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 380
        10⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        9⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 376
        8⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 376
        7⤵
        Program crash
        
        PID:4780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 380
        6⤵
        Program crash
        
        PID:3188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 376
        5⤵
        Program crash
        
        PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        9⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        11⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 236
        11⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 236
        10⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 236
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 368
        8⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 376
        7⤵
        Program crash
        
        PID:4796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 376
        6⤵
        Program crash
        
        PID:3576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 376
        5⤵
        Program crash
        
        PID:2776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 368
      4⤵
      Program crash
      PID:2632
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 380
  2⤵
  - Program crash
  PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe

Filesize
184KB

MD5
92694336468f63fa659c5ab32df1e8f8

SHA1
94edb9ce98f69623852373fed92cd6aacea156ad

SHA256
70c319a2911e4e6eb8466cda7e1e1281e95fceaa52072b781e57cd16c00cac0b

SHA512
63a47fdaa1d50211f016aec61ad6e1f1f4656485c4c7139247b20911f96522534965f32f8ae5020c83b00c6e1b89d94ac155c92830c0e0a6a596905121a8accb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe

Filesize
184KB

MD5
a3f3f83b8a7b7f84f4e40022f4081270

SHA1
cd7f8f2cd40f5d4bc428e9fcd744676b6a7ba2d8

SHA256
842aaac5830b2fcd367dd1db31e24a936553cd11e0444cd76d4563827a6e1012

SHA512
8df00f39754653ce947a642599912aac78723453c45dbcf27a698db94a7ef18fa2e1dfa0777a83455513c5a2e6a8860834989581cc0b704fb4b8ef55c7a75ef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe

Filesize
184KB

MD5
229c38030b0f556631599ee648a81419

SHA1
93e23b39a3d40a2377f92c5b7ce0bf2ca87e3c9a

SHA256
03af89ee36898a901bf6f05c09af3a2e04d9580e543ec3065486c2ecea095595

SHA512
9d2dae42d961dd52ed0735dd9887702d145306dbea9025b1f1097e546fae433e6ab435a0c644824b186f714b5aa53312038fa76dcec01102906f655c843642d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe

Filesize
184KB

MD5
6d969a270c3f82f825a84d2a39d750bf

SHA1
afe56cf7b18b14dac4edd31de3390e689c1fcba6

SHA256
dc5f59dbc8b3470eea067b91ee0f8fef856222f8a350a5c84f5fdc25b3ece84f

SHA512
68b02c1c1bcb48370f70eb69967837152c1f34547d713803926794e97bdd44f57ef2fef9641f29e9719c6933f5f3b09343d0a00b6d9f9d74733d0874bf8c7c75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe

Filesize
184KB

MD5
956f1e0965dcf0aef09e7a418f975038

SHA1
73792ad140a3661383464a3914174a51fbd28a05

SHA256
d33ea19d3968c135892c1f8475dae2bd1233a0afe8e2fe6d61b671d97f36b49e

SHA512
0527a39377a0bf06452a1e9cb5234cc789ed9b2bbc6319483d035a14210834ae8d48229629b74c7554715bb9d8b6972461394e988182a8263aa961d9f51b3ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe

Filesize
184KB

MD5
e1a898ef4c0db0a47cf6eb1f6113bae6

SHA1
92b6742c4e1c56b66a45775cf3710dd33007d45f

SHA256
989fb1c2690ecf46eff4f6e842986ed9c777a9db11c1dfcbb7ba17d49a466a8c

SHA512
aaf01c4c7d46c1b6089a52bcceb0a3fe5aebdc51dd7d88c7d77d10a9f0565606c5500e083545b7a8fccaa0c03791c576360ea61a3a29db779663fdd2f0d2e9b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe

Filesize
184KB

MD5
e2670e9de9bf51bf5886fe607c6d3a3f

SHA1
d9f7c8ba165a1c2d61f0d771655c6015f60802c6

SHA256
0ca72d79963441a3f115afdca748687408b79cf059e31284d79a6160144e7037

SHA512
ca0698a24471d47b1e053c47342fa82775947092bf941246a95923e4d7f06eda6cb81d9ccc5b0d2730c949ae3ed05daf82fdfffc7a0379a444b0c82997870fe4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe

Filesize
184KB

MD5
f358ee460f864f25439bf21864fcf095

SHA1
88317812016d081d6656de3a078761107b9dd497

SHA256
fed7d0c024916818b28574fbccfc2560a2f87ea0f34d318e3cb28eb36a1895cd

SHA512
8b2f735390899027475209c847dd8a34f10df6f808fac81aff32e5bf86b80a04ed9d151868d8b8d261b5d7f019c9a23b3cf3d218d4ef78938cb46d6d8bbb5d12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe

Filesize
184KB

MD5
bfe20445837e9c272855c579006dec3c

SHA1
e7fbeab864f03fd8e5e5745ca304c130dfd6cd20

SHA256
3178d934839ec98e16ea4776b5eac920b929bc2468a47d51b59b5e58e88ed026

SHA512
dd91a139dd015d1221f0ef05c0d9329ffec9c3735b65be1b7ef684a9dfa83e42770abbd7eaf433a3f473bcffc73dc64cf924dd81db3a24e3418b16589f61118a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe

Filesize
184KB

MD5
65b5fd3b05a5190e479c41ff8f81ee38

SHA1
8202db206dc67bfa68f136a52fb50ed7241cc461

SHA256
7e3e7f965b079f1b6583b5060b60b6cb39b543d7471c5e59f5ca50e1fbfc67b0

SHA512
c3a381820769d63837355b8e2e97f6d85f3120a813b4c8641e405e96d7c6af72fc709ce30e697a336991a139662932ba740e43bc424b1827b1ae00b0cbed20b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe

Filesize
184KB

MD5
f835b1c280507b9f90785a4cc152f021

SHA1
6938622ad1189fc409920de3ebd7d69f6fd5559a

SHA256
5081172d8a861f20bf900ccf22a8ea69b5acda32d5faa40873f82004a09af9fd

SHA512
2cc17639c6ae3093f4b4e5691f099ed0e17d1c091defc2042f7f4d83c09a98cb5303dedb70e17be3e3dc0abbb49b416effefa932f5bd84a03ff26a8be36caf71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe

Filesize
184KB

MD5
0b52e8c3fdb4fcfcdd7bcc309a82393c

SHA1
423428b7c08d093ca3aa65bc5f754037ec43ef48

SHA256
afae41f82cb4901ddddca6b2cff6ace44ad288103a013c8872608eea84647cf1

SHA512
c5e224ecfd1c8f69f01722c4eae7189076ccdb496e3aa9618322648e77c3b0193ea5788f91b37ae2ac3fcdd4144502b17bb6a32193eb36713e66644388055152

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe

Filesize
184KB

MD5
fc31c2ab2d9c56c4be35102c42a413bf

SHA1
5428ee1ad354545fde7618883f6fcfca7b8ce98d

SHA256
7bd37fe0356a851c1c364b1ecd0d507035e6fabe3f428c1c3c588955fe497175

SHA512
2231fbfb61dadf0b87d24de42b10ca66ac65a82cd92a9d11dbc9375ce23d6bf4bc172f18e28caffff4c4887b9c4a105be341a97ade04108da1ae2fb37c83bde5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe

Filesize
184KB

MD5
50a786f2cd47325837e2d6df7a1a12e3

SHA1
45e55e5772cea13f1fa20309eba0956c2fa1865c

SHA256
2d11cc771c11ec5ffc797b78733cce8ef48d3a2441f0fbfa745e717a912f9f41

SHA512
8a84a79b6a55538a07ef1184215bd4c2a2888a30689e0d4342e2b56524c61820c8dd21305085121783b0c9ad2de773f934b472e9dead01dd9388c0e60517b8e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe

Filesize
184KB

MD5
def870fccbcbbdb1efb19fb179121c1c

SHA1
3cebbe5aea35a27a07adc8625c3bd14baef59b68

SHA256
6da92ec4730765435a488b5f7df7f551613d0dd17a35397aa7ab8a5fed161df8

SHA512
a8cd81db29bc21b2042ebbe889119eb1acd3efc178200701d8ebac207d5704d02732089fc1256ce5684dae3667a5800cf85dd0b274466cdce9f28452bf0e9e28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe

Filesize
184KB

MD5
b6c6b6868e7321a87eb17fb928d9b368

SHA1
35212c2a10ea4955912d3c1199a329228d0329f1

SHA256
3453f3014212ece394557a3d81a0e3e0c8b238bd9547e1c798adc96092355905

SHA512
6cfa3a49f507802ab55182ddaf8a5b77c3eb7e74964f99c13178ae1995c06e4a76d32c026f00267261d7fa0b458b11ee8f4d2532b60cfba69f41df08204b0a23

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads