c5d860c34c49f86e5fa4878c1a35d0e83f3e0f3b0662b98c8966d44a28b69f05

Analysis

max time kernel
150s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 17:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c3f628e63d4dda1e066b8324274fad9d.exe
Size

184KB
MD5

c3f628e63d4dda1e066b8324274fad9d
SHA1

8f9acd0e909d6f25f1bf95c1edc369ef4e404150
SHA256

c5d860c34c49f86e5fa4878c1a35d0e83f3e0f3b0662b98c8966d44a28b69f05
SHA512

f55f96dc2f4341f9b54d81b922519d7d97f942684d6331b6a4b18d69b1bbc1af803431a013e08443c7da8b743044f5f9f3277414d6eab64c9c21819175408b1e
SSDEEP

3072:Ff1ZobVk3aGVINYcMgdSb8azjlvZYDX3I8xXVBjJNlPvOFQ:FfXo2VVIdMkSb8/rTZNlPvOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1544	Unicorn-40002.exe
1916	Unicorn-61320.exe
2592	Unicorn-21034.exe
2720	Unicorn-42881.exe
2604	Unicorn-5378.exe
2576	Unicorn-718.exe
2204	Unicorn-63645.exe
2000	Unicorn-53017.exe
1832	Unicorn-39141.exe
2208	Unicorn-2384.exe
592	Unicorn-23551.exe
2736	Unicorn-7703.exe
2796	Unicorn-56883.exe
2952	Unicorn-3043.exe
2112	Unicorn-48352.exe
2192	Unicorn-12150.exe
1580	Unicorn-32016.exe
1852	Unicorn-12363.exe
400	Unicorn-41698.exe
1356	Unicorn-25467.exe
1636	Unicorn-45866.exe
2988	Unicorn-37143.exe
2092	Unicorn-61839.exe
2360	Unicorn-9301.exe
2824	Unicorn-38259.exe
2392	Unicorn-51258.exe
1524	Unicorn-13645.exe
2260	Unicorn-5477.exe
2964	Unicorn-25876.exe
1280	Unicorn-17154.exe
1972	Unicorn-45934.exe
2152	Unicorn-58933.exe
2716	Unicorn-45825.exe
2472	Unicorn-63676.exe
2712	Unicorn-63121.exe
2464	Unicorn-10583.exe
2380	Unicorn-10028.exe
772	Unicorn-10028.exe
2760	Unicorn-59208.exe
1764	Unicorn-9452.exe
1040	Unicorn-30065.exe
280	Unicorn-30065.exe
552	Unicorn-2991.exe
2520	Unicorn-47361.exe
1504	Unicorn-39084.exe
2764	Unicorn-44792.exe
1528	Unicorn-27901.exe
3064	Unicorn-35746.exe
2540	Unicorn-31108.exe
1436	Unicorn-27002.exe
2084	Unicorn-22364.exe
2356	Unicorn-14942.exe
2292	Unicorn-52296.exe
952	Unicorn-31854.exe
1516	Unicorn-60080.exe
2868	Unicorn-57511.exe
3036	Unicorn-36536.exe
1612	Unicorn-24284.exe
2408	Unicorn-23385.exe
1464	Unicorn-43251.exe
1316	Unicorn-61403.exe
2664	Unicorn-55695.exe
1172	Unicorn-40379.exe
2624	Unicorn-28127.exe

Loads dropped DLL 64 IoCs

pid	Process
2156	c3f628e63d4dda1e066b8324274fad9d.exe
2156	c3f628e63d4dda1e066b8324274fad9d.exe
1544	Unicorn-40002.exe
1544	Unicorn-40002.exe
2156	c3f628e63d4dda1e066b8324274fad9d.exe
2156	c3f628e63d4dda1e066b8324274fad9d.exe
1916	Unicorn-61320.exe
1544	Unicorn-40002.exe
1916	Unicorn-61320.exe
2592	Unicorn-21034.exe
1544	Unicorn-40002.exe
2592	Unicorn-21034.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2604	Unicorn-5378.exe
2604	Unicorn-5378.exe
1916	Unicorn-61320.exe
1916	Unicorn-61320.exe
2720	Unicorn-42881.exe
2720	Unicorn-42881.exe
2576	Unicorn-718.exe
2592	Unicorn-21034.exe
2576	Unicorn-718.exe
2592	Unicorn-21034.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
2204	Unicorn-63645.exe
2204	Unicorn-63645.exe
2604	Unicorn-5378.exe
2604	Unicorn-5378.exe
2000	Unicorn-53017.exe
2000	Unicorn-53017.exe
1832	Unicorn-39141.exe
1832	Unicorn-39141.exe
2720	Unicorn-42881.exe
2720	Unicorn-42881.exe
2208	Unicorn-2384.exe
2208	Unicorn-2384.exe
592	Unicorn-23551.exe
592	Unicorn-23551.exe
2576	Unicorn-718.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2504	2156	WerFault.exe	27
2452	1544	WerFault.exe	28
1072	1916	WerFault.exe	29
1700	2592	WerFault.exe	30
2348	2604	WerFault.exe	31
1796	2720	WerFault.exe	32
1132	2576	WerFault.exe	33
848	2204	WerFault.exe	36
1540	2000	WerFault.exe	37
2652	1832	WerFault.exe	38
1312	2208	WerFault.exe	39
2984	592	WerFault.exe	40
2312	2796	WerFault.exe	44
1368	2952	WerFault.exe	45
936	2736	WerFault.exe	43
2804	2112	WerFault.exe	46
2388	2988	WerFault.exe	56
2436	1636	WerFault.exe	55
1776	400	WerFault.exe	50
2948	1972	WerFault.exe	65
2064	1356	WerFault.exe	54
3012	2192	WerFault.exe	47
2252	2260	WerFault.exe	61
1300	1852	WerFault.exe	49
2620	1580	WerFault.exe	48
2636	2760	WerFault.exe	78
1272	2152	WerFault.exe	66
320	2392	WerFault.exe	60
1980	2712	WerFault.exe	74
380	280	WerFault.exe	81
2276	552	WerFault.exe	82
1996	1280	WerFault.exe	64
1616	2380	WerFault.exe	76
2508	2360	WerFault.exe	58
2888	1524	WerFault.exe	62
2456	2964	WerFault.exe	63
2288	2472	WerFault.exe	73
580	772	WerFault.exe	77
3132	1764	WerFault.exe	79
3140	2464	WerFault.exe	75
3224	2092	WerFault.exe	57
3320	1040	WerFault.exe	80
3348	2868	WerFault.exe	100
3564	2824	WerFault.exe	59
3592	2356	WerFault.exe	94
3600	2292	WerFault.exe	95
3584	2716	WerFault.exe	71
3704	1504	WerFault.exe	85
3772	1528	WerFault.exe	87
3844	3064	WerFault.exe	88
3864	952	WerFault.exe	98
3884	1436	WerFault.exe	91
3896	2520	WerFault.exe	83
3928	2516	WerFault.exe	111
3972	2664	WerFault.exe	106
3988	2624	WerFault.exe	108
4004	2764	WerFault.exe	86
4040	2540	WerFault.exe	89
4064	808	WerFault.exe	114
3096	2384	WerFault.exe	110
3112	2084	WerFault.exe	93
3268	1464	WerFault.exe	104
3276	2408	WerFault.exe	103
3660	3028	WerFault.exe	117

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2156	c3f628e63d4dda1e066b8324274fad9d.exe
1544	Unicorn-40002.exe
1916	Unicorn-61320.exe
2592	Unicorn-21034.exe
2604	Unicorn-5378.exe
2720	Unicorn-42881.exe
2576	Unicorn-718.exe
2204	Unicorn-63645.exe
2000	Unicorn-53017.exe
1832	Unicorn-39141.exe
592	Unicorn-23551.exe
2208	Unicorn-2384.exe
2736	Unicorn-7703.exe
2796	Unicorn-56883.exe
2952	Unicorn-3043.exe
2112	Unicorn-48352.exe
1580	Unicorn-32016.exe
2192	Unicorn-12150.exe
1852	Unicorn-12363.exe
400	Unicorn-41698.exe
1356	Unicorn-25467.exe
2988	Unicorn-37143.exe
1636	Unicorn-45866.exe
2092	Unicorn-61839.exe
2360	Unicorn-9301.exe
2824	Unicorn-38259.exe
2392	Unicorn-51258.exe
1524	Unicorn-13645.exe
2260	Unicorn-5477.exe
1280	Unicorn-17154.exe
1972	Unicorn-45934.exe
2152	Unicorn-58933.exe
2716	Unicorn-45825.exe
2472	Unicorn-63676.exe
2712	Unicorn-63121.exe
2464	Unicorn-10583.exe
772	Unicorn-10028.exe
2380	Unicorn-10028.exe
2760	Unicorn-59208.exe
280	Unicorn-30065.exe
1764	Unicorn-9452.exe
1040	Unicorn-30065.exe
552	Unicorn-2991.exe
1504	Unicorn-39084.exe
2520	Unicorn-47361.exe
1528	Unicorn-27901.exe
2540	Unicorn-31108.exe
1984	Unicorn-43085.exe
2764	Unicorn-44792.exe
2356	Unicorn-14942.exe
3064	Unicorn-35746.exe
1436	Unicorn-27002.exe
2084	Unicorn-22364.exe
2292	Unicorn-52296.exe
952	Unicorn-31854.exe
1516	Unicorn-60080.exe
2868	Unicorn-57511.exe
1612	Unicorn-24284.exe
3036	Unicorn-36536.exe
2408	Unicorn-23385.exe
1464	Unicorn-43251.exe
1316	Unicorn-61403.exe
2664	Unicorn-55695.exe
1172	Unicorn-40379.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 1544	2156	c3f628e63d4dda1e066b8324274fad9d.exe	28
PID 2156 wrote to memory of 1544	2156	c3f628e63d4dda1e066b8324274fad9d.exe	28
PID 2156 wrote to memory of 1544	2156	c3f628e63d4dda1e066b8324274fad9d.exe	28
PID 2156 wrote to memory of 1544	2156	c3f628e63d4dda1e066b8324274fad9d.exe	28
PID 1544 wrote to memory of 1916	1544	Unicorn-40002.exe	29
PID 1544 wrote to memory of 1916	1544	Unicorn-40002.exe	29
PID 1544 wrote to memory of 1916	1544	Unicorn-40002.exe	29
PID 1544 wrote to memory of 1916	1544	Unicorn-40002.exe	29
PID 2156 wrote to memory of 2592	2156	c3f628e63d4dda1e066b8324274fad9d.exe	30
PID 2156 wrote to memory of 2592	2156	c3f628e63d4dda1e066b8324274fad9d.exe	30
PID 2156 wrote to memory of 2592	2156	c3f628e63d4dda1e066b8324274fad9d.exe	30
PID 2156 wrote to memory of 2592	2156	c3f628e63d4dda1e066b8324274fad9d.exe	30
PID 1916 wrote to memory of 2604	1916	Unicorn-61320.exe	31
PID 1916 wrote to memory of 2604	1916	Unicorn-61320.exe	31
PID 1916 wrote to memory of 2604	1916	Unicorn-61320.exe	31
PID 1916 wrote to memory of 2604	1916	Unicorn-61320.exe	31
PID 1544 wrote to memory of 2720	1544	Unicorn-40002.exe	32
PID 1544 wrote to memory of 2720	1544	Unicorn-40002.exe	32
PID 1544 wrote to memory of 2720	1544	Unicorn-40002.exe	32
PID 1544 wrote to memory of 2720	1544	Unicorn-40002.exe	32
PID 2592 wrote to memory of 2576	2592	Unicorn-21034.exe	33
PID 2592 wrote to memory of 2576	2592	Unicorn-21034.exe	33
PID 2592 wrote to memory of 2576	2592	Unicorn-21034.exe	33
PID 2592 wrote to memory of 2576	2592	Unicorn-21034.exe	33
PID 2156 wrote to memory of 2504	2156	c3f628e63d4dda1e066b8324274fad9d.exe	34
PID 2156 wrote to memory of 2504	2156	c3f628e63d4dda1e066b8324274fad9d.exe	34
PID 2156 wrote to memory of 2504	2156	c3f628e63d4dda1e066b8324274fad9d.exe	34
PID 2156 wrote to memory of 2504	2156	c3f628e63d4dda1e066b8324274fad9d.exe	34
PID 1544 wrote to memory of 2452	1544	Unicorn-40002.exe	35
PID 1544 wrote to memory of 2452	1544	Unicorn-40002.exe	35
PID 1544 wrote to memory of 2452	1544	Unicorn-40002.exe	35
PID 1544 wrote to memory of 2452	1544	Unicorn-40002.exe	35
PID 2604 wrote to memory of 2204	2604	Unicorn-5378.exe	36
PID 2604 wrote to memory of 2204	2604	Unicorn-5378.exe	36
PID 2604 wrote to memory of 2204	2604	Unicorn-5378.exe	36
PID 2604 wrote to memory of 2204	2604	Unicorn-5378.exe	36
PID 1916 wrote to memory of 2000	1916	Unicorn-61320.exe	37
PID 1916 wrote to memory of 2000	1916	Unicorn-61320.exe	37
PID 1916 wrote to memory of 2000	1916	Unicorn-61320.exe	37
PID 1916 wrote to memory of 2000	1916	Unicorn-61320.exe	37
PID 2720 wrote to memory of 1832	2720	Unicorn-42881.exe	38
PID 2720 wrote to memory of 1832	2720	Unicorn-42881.exe	38
PID 2720 wrote to memory of 1832	2720	Unicorn-42881.exe	38
PID 2720 wrote to memory of 1832	2720	Unicorn-42881.exe	38
PID 2576 wrote to memory of 2208	2576	Unicorn-718.exe	39
PID 2576 wrote to memory of 2208	2576	Unicorn-718.exe	39
PID 2576 wrote to memory of 2208	2576	Unicorn-718.exe	39
PID 2576 wrote to memory of 2208	2576	Unicorn-718.exe	39
PID 2592 wrote to memory of 592	2592	Unicorn-21034.exe	40
PID 2592 wrote to memory of 592	2592	Unicorn-21034.exe	40
PID 2592 wrote to memory of 592	2592	Unicorn-21034.exe	40
PID 2592 wrote to memory of 592	2592	Unicorn-21034.exe	40
PID 1916 wrote to memory of 1072	1916	Unicorn-61320.exe	41
PID 1916 wrote to memory of 1072	1916	Unicorn-61320.exe	41
PID 1916 wrote to memory of 1072	1916	Unicorn-61320.exe	41
PID 1916 wrote to memory of 1072	1916	Unicorn-61320.exe	41
PID 2592 wrote to memory of 1700	2592	Unicorn-21034.exe	42
PID 2592 wrote to memory of 1700	2592	Unicorn-21034.exe	42
PID 2592 wrote to memory of 1700	2592	Unicorn-21034.exe	42
PID 2592 wrote to memory of 1700	2592	Unicorn-21034.exe	42
PID 2204 wrote to memory of 2736	2204	Unicorn-63645.exe	43
PID 2204 wrote to memory of 2736	2204	Unicorn-63645.exe	43
PID 2204 wrote to memory of 2736	2204	Unicorn-63645.exe	43
PID 2204 wrote to memory of 2736	2204	Unicorn-63645.exe	43

C:\Users\Admin\AppData\Local\Temp\c3f628e63d4dda1e066b8324274fad9d.exe
"C:\Users\Admin\AppData\Local\Temp\c3f628e63d4dda1e066b8324274fad9d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        11⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        12⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        13⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        12⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
        11⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        10⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        9⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        10⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        11⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        11⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 216
        10⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        9⤵
        Program crash
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        9⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        10⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        10⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 216
        9⤵
        Program crash
        
        PID:3864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
        8⤵
        Program crash
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2699.exe
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        11⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        12⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        12⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        11⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        10⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 216
        9⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        8⤵
        Program crash
        
        PID:2288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        7⤵
        Program crash
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45866.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        10⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
        10⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        9⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        8⤵
        Program crash
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        10⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        11⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        12⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        13⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        14⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 236
        14⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
        13⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        12⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        11⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        10⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        9⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        8⤵
        Program crash
        
        PID:3348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        7⤵
        Program crash
        
        PID:2436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        6⤵
        Program crash
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        8⤵
        Executes dropped EXE
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        10⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        10⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        9⤵
        Program crash
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        Program crash
        
        PID:1980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        7⤵
        Program crash
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2278.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        9⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        8⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        7⤵
        Program crash
        
        PID:3140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        6⤵
        Program crash
        
        PID:2312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        5⤵
        Program crash
        
        PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        10⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
        10⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
        9⤵
        Program crash
        
        PID:3268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        8⤵
        Program crash
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4992.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        9⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        9⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 216
        8⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        7⤵
        Program crash
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe
        8⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        9⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 216
        9⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        8⤵
        Program crash
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        7⤵
        Program crash
        
        PID:2636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        Program crash
        
        PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4992.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21828.exe
        9⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
        8⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
        7⤵
        Program crash
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe
        9⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        8⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        7⤵
        Program crash
        
        PID:3276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        6⤵
        Program crash
        
        PID:2508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        5⤵
        Program crash
        
        PID:1540
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38259.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        10⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
        10⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
        9⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 216
        8⤵
        Program crash
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
        7⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        9⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 236
        8⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        7⤵
        Program crash
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        11⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 236
        10⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
        9⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
        8⤵
        Program crash
        
        PID:3096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 216
        7⤵
        Program crash
        
        PID:2276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        6⤵
        Program crash
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15875.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe
        9⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        8⤵
        Program crash
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 216
        7⤵
        Program crash
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        6⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29648.exe
        8⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
        8⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 216
        7⤵
        Program crash
        
        PID:4064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        6⤵
        Program crash
        
        PID:320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        5⤵
        Program crash
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        10⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 220
        9⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 216
        8⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
        7⤵
        Program crash
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        8⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        8⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
        7⤵
        Program crash
        
        PID:3660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        6⤵
        Program crash
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        6⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        7⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        7⤵
        
        PID:5744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        6⤵
        Program crash
        
        PID:3844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        5⤵
        Program crash
        
        PID:3012
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
      4⤵
      Program crash
      PID:1796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-718.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        8⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        10⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        10⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
        9⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        8⤵
        Program crash
        
        PID:3896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        7⤵
        Program crash
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        9⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
        8⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        7⤵
        Program crash
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        6⤵
        Program crash
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        5⤵
        Executes dropped EXE
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52491.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        9⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        8⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 216
        7⤵
        
        PID:4016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        6⤵
        Program crash
        
        PID:2456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        5⤵
        Program crash
        
        PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11375.exe
        7⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        7⤵
        Program crash
        
        PID:3112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
        6⤵
        Program crash
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        6⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        8⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        8⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
        7⤵
        
        PID:5068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
        6⤵
        Program crash
        
        PID:3592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 240
        5⤵
        Program crash
        
        PID:1776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
      4⤵
      Program crash
      PID:1132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18993.exe
        9⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        8⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
        7⤵
        Program crash
        
        PID:3772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        6⤵
        Program crash
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
        6⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61760.exe
        7⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 236
        7⤵
        
        PID:5236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
        6⤵
        Program crash
        
        PID:3884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
        5⤵
        Program crash
        
        PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        6⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        8⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
        8⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        7⤵
        
        PID:5212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        6⤵
        Program crash
        
        PID:4040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        5⤵
        Program crash
        
        PID:1272
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
      4⤵
      Program crash
      PID:2984
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1700
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
  2⤵
  - Program crash
  PID:2504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe

Filesize
184KB

MD5
f3e6213a69db4772f1e6edd995e5d1dc

SHA1
c4039b748e5f2f4a44e7c3a9f410f9739b7575ff

SHA256
c05fcd4a439dca74383fcbcbf342b5cc4dddd2c7f8428d3d0b334b28368dcc0c

SHA512
086b8ba3dd84eea180a2e53c100824c15c11fb7bb427b5d89a07442ef439fa4ea4f373f15434d3cc35bda0c81e86933b6749f6e9f5fe2bb5c77abdd501724266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe

Filesize
184KB

MD5
d0bf6bace16790f7379068b9847ed9b7

SHA1
5d8959215393d1693344b320649166247058914c

SHA256
46b8a756f572c8c5716ab3aab6f8afcd1e91362c2bc28c93f84d9bad81745027

SHA512
da508f810ee133defef594209d82ed9d402ec08fc02c242e95c196d6a9a879bd8cd12b9701f14c7f8bb1aadde2e5a6151832e97ca9d524194791cfbbd188ab52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2699.exe

Filesize
184KB

MD5
f9703adac782a7bd172caa8051544819

SHA1
21fb7b1c17763ccee1d47fb5e248cd516c6b3c29

SHA256
93d3d01f577764efd0ddc8122cb2517103216a8e8ca420f1e66aa8c06301f8cb

SHA512
42e23a8e7484b9a9ec85f2dceb3c9c1cbbd6479333b9bfb6256f6e815bde2e65055b98cf0e0b0a79270c8a7c311cecf02f12f8904a33f3595224c2d3b74c0f85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe

Filesize
184KB

MD5
64f81242d72acbee3098d6f63d787103

SHA1
2a1bb66983f4d564d8e0d1f1622ba2599039bd76

SHA256
a72f015541ab0f1bb03645b7f87c99f04000d81573cf403a1e766f71ac4229fe

SHA512
d2bc099742a9264f595d60e2cf9536f4ce190ca809339eba6f955a3f8cfe4a49c21ee6fcd61f379ee49db8a409b613259902f5cbb8e2076d1e595804e03c6f91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe

Filesize
184KB

MD5
7c970364a98fd92b9f8c736d8e5f33fe

SHA1
21271d8c593a850dc0b6f3d045f049e89a865709

SHA256
5e1e42ed7e1fa19d472ab78d6502af11452cc0ab7cf1ed5c1ca046eb8abfb318

SHA512
00b10e73e5ef2c4cec50649f9a9310e02c36468025246a098e74ceccf890bc9eae080d0c0f067725890c8fa36efccfe4bcac874ae7031c72062442b8572fc496

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe

Filesize
184KB

MD5
2cfff39bf3019fccc2f8b19ffab64199

SHA1
0d8796bfc76579368498e63b1782e762549b7a94

SHA256
f77bcea2554e7e7791f2516ac3400a289a56118277868b97db2dda3bc68adef2

SHA512
30479d460a1d58393c7e165403ea57165b1bc40a2debab6fe886bad37f8cd78ca8a134084ea47abf3e083a7784960a126bfbd763d877531ead2b10e43da1f8ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe

Filesize
184KB

MD5
00ba2c0970812d2e8e1ec9dde1c6542d

SHA1
aab3b63b4f3d72ceb66bc40a7c9f02561874ac69

SHA256
2408a64154138ebc50dd01c81a3eb6ef9636697f83d265e4207fbf97c31fb36b

SHA512
92c9aab8805d3fdc08529afddbd85fff8598a882da14a91c1dfb95da22eb4113734064986f6759c8ad050a0cdae030fc19ab6d849451053a336b4a7277d45aca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe

Filesize
184KB

MD5
bb78a207aaccc32e1f328ef5b2b79f81

SHA1
a9a06186ae55b6126c005a6e435c689f9745d6df

SHA256
4ae1b127076ccd15b7301515e2944549a194578476d2064c9430db2af7a373a6

SHA512
2c8f21ab9f950055adbb6567f9d221bdda96e89b2477a369e55de1bec427bebd00c55becb4d98417ed74073dec728708bb21e06ffe9b28fe12ae23b6646d08a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe

Filesize
184KB

MD5
2e07ca6e9c1063026c248f4c78e3120a

SHA1
687827fe6579e1ca8e59df8f62beed0ad68205c2

SHA256
72c6a0feaa11c81c439d67e1fe50bbb53ce2601c12b43a76759421fd2afd4d02

SHA512
d30acdb5aa2935d31c8729990ed8d5d160c10b60b3694304d1c63e67a41d601007d6d50c4974445dad65a632355e6cf47f0b990ce0b48c6b7482656cc63a7575

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe

Filesize
184KB

MD5
82c2609b638e5bbf3e68d6a9ba208c3f

SHA1
58a1eab4f6b07ac2816f709abf3b87e1dfe586ca

SHA256
4305e1d5225a6f16890ddf0392c82970b1141bf3cf3a56c8fe375747087dd731

SHA512
0ebadbdc91f742eba4a0c332720e78dc1727cc1c202710f849151bdd96c9369ff6609f1d6ad0bf97e74a1b1f954cf0468a248dcf9a791bce59a0fd68a8496f55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe

Filesize
184KB

MD5
ee1d5da401952d029f7dde585035db31

SHA1
6d1b37c0edb2665a1e4044c6c6fbf3ef7967289c

SHA256
f2ff3045ddfa7962d4d2508f283eebed0093a29c692c0abdec95cf513e06f53a

SHA512
9a4359968e99f730b8a5e85e754d138beeb27a78fa61e5d263abf4521210697b7ba6c548cfb01a047dce0b117df9a5d24819c9b97583947e3dd699008775eb18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe

Filesize
184KB

MD5
5d388b1ca634e446c79b5b827fcb635c

SHA1
9761ef7da44ce5051d1126105b5e76396ec67a6f

SHA256
eb1dcf8bf15b0cc9f0dbc944ebf67909b3a8078d5f55f05b29bc038ca21d48db

SHA512
e8cceaea1a3d7244676936604da903838a696ffbcadc27bf8f3afc7bbe2431625af4b28da63119ae9c55117ad30de9f43148c626a2960291d276448d6c24b643

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe

Filesize
184KB

MD5
e0310a781835862ec973bf116f046257

SHA1
50759b2db98f6892107962f8e3728720856a8581

SHA256
e9fe1db48f5c0d222ac0c8a3fe806ba4d43cef6ae5fd76a6743e6751159c5175

SHA512
47febc5334f53c2b3a28837c7f5f1a95a370dc9b2cf5d6861b938602891fde0cca0dd75dec1edc2c380d708a35b92850aac06c7bd10179d842589fd813c04770

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe

Filesize
184KB

MD5
33138b51c8801cec8ae71863dbff87ab

SHA1
19f42976676d58e5d80aaec448fc3a6a96f563bd

SHA256
34c29276283e6095cff0e0f9e457173aaf442b585d558726d3068b734ff7b010

SHA512
db14a126b5fa9a443e7fcb818862b821e690222e587b20dbebce83756f19b1c572d4271c3e058f1793cac06724283d2ecc2796dd397035703573341ce281eb0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-718.exe

Filesize
184KB

MD5
8b6418fb278cb5cdac7bdc5702294532

SHA1
d1ed069ee98fc16b6182541765d98984d836b302

SHA256
a09cf37df031ddf477101697622bbe9aa19fa98b0df5bda08975f6e74cdd0e7b

SHA512
e05627d99fea6fc4e4d57c9697602f65e1331cc3656b88dbe297f7ec92d506f3a819621891899cf92343fe90d1dd3b80304f5e8c3f71b8cc0f7be09c1336b0ad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads