b7e0183eaa53d753483474f3079a688927b56ca923f0f10e0fd05a72157faf0f

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe
Size

192KB
MD5

145a3051e5e9924ad7abfe48f43d6b23
SHA1

ce6e28eb3b39eb2da4b0279c63e5f3e2d8591086
SHA256

b7e0183eaa53d753483474f3079a688927b56ca923f0f10e0fd05a72157faf0f
SHA512

608e539f93a1278f52c8d28234fea84a5c0e4f32714f96f470a1c9e9a586bd7a14ed547ad19665886d7b6a5229e3adca0237f9e8d1077e0c5f637ec1b132af9f
SSDEEP

3072:iG0oo5p5pA+MHyjYdn2/wAcku536v5fLqcUxR6Z4NNlNvpFl:iG7ojjMHHd2/wA3zIBNlNvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2772	Unicorn-19883.exe
2648	Unicorn-41442.exe
2536	Unicorn-21241.exe
2544	Unicorn-26948.exe
2400	Unicorn-8582.exe
2864	Unicorn-57902.exe
2960	Unicorn-53360.exe
2748	Unicorn-26822.exe
2696	Unicorn-6956.exe
2752	Unicorn-9224.exe
2316	Unicorn-55244.exe
2300	Unicorn-41413.exe
824	Unicorn-57090.exe
2812	Unicorn-29352.exe
2956	Unicorn-15175.exe
1704	Unicorn-40753.exe
2768	Unicorn-79.exe
1776	Unicorn-60619.exe
828	Unicorn-19945.exe
928	Unicorn-47068.exe
628	Unicorn-10181.exe
1476	Unicorn-47089.exe
2360	Unicorn-5293.exe
1524	Unicorn-24500.exe
980	Unicorn-52273.exe
1572	Unicorn-1401.exe
1272	Unicorn-26451.exe
2740	Unicorn-9014.exe
2992	Unicorn-10202.exe
2928	Unicorn-38145.exe
2500	Unicorn-24266.exe
2932	Unicorn-63793.exe
2252	Unicorn-22615.exe
2720	Unicorn-4692.exe
2328	Unicorn-23581.exe
3040	Unicorn-20548.exe
1056	Unicorn-48882.exe
2876	Unicorn-31093.exe
2204	Unicorn-5659.exe
2640	Unicorn-50994.exe
2420	Unicorn-62992.exe
1492	Unicorn-44596.exe
2312	Unicorn-23211.exe
896	Unicorn-56094.exe
2884	Unicorn-38340.exe
2580	Unicorn-36629.exe
2568	Unicorn-50915.exe
1496	Unicorn-5051.exe
1748	Unicorn-53795.exe
556	Unicorn-635.exe
2128	Unicorn-33142.exe
2868	Unicorn-53271.exe
2496	Unicorn-36214.exe
2832	Unicorn-44247.exe
2644	Unicorn-12088.exe
2104	Unicorn-14636.exe
1868	Unicorn-27801.exe
2208	Unicorn-33338.exe
3160	Unicorn-2667.exe
3192	Unicorn-50955.exe
3312	Unicorn-35896.exe
3368	Unicorn-7302.exe
3396	Unicorn-42881.exe
3440	Unicorn-9850.exe

Loads dropped DLL 64 IoCs

pid	Process
2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe
2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe
2772	Unicorn-19883.exe
2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe
2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe
2772	Unicorn-19883.exe
2648	Unicorn-41442.exe
2648	Unicorn-41442.exe
2536	Unicorn-21241.exe
2536	Unicorn-21241.exe
2772	Unicorn-19883.exe
2772	Unicorn-19883.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
2536	Unicorn-21241.exe
2544	Unicorn-26948.exe
2400	Unicorn-8582.exe
2648	Unicorn-41442.exe
2536	Unicorn-21241.exe
2400	Unicorn-8582.exe
2648	Unicorn-41442.exe
2544	Unicorn-26948.exe
2864	Unicorn-57902.exe
2864	Unicorn-57902.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
2960	Unicorn-53360.exe
2960	Unicorn-53360.exe
2748	Unicorn-26822.exe
2748	Unicorn-26822.exe
2544	Unicorn-26948.exe
2544	Unicorn-26948.exe
2752	Unicorn-9224.exe
2752	Unicorn-9224.exe
2864	Unicorn-57902.exe
2864	Unicorn-57902.exe
2400	Unicorn-8582.exe
2400	Unicorn-8582.exe
2696	Unicorn-6956.exe
2696	Unicorn-6956.exe
2316	Unicorn-55244.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2524	2200	WerFault.exe	27
472	2772	WerFault.exe	28
2272	2648	WerFault.exe	30
320	2536	WerFault.exe	29
1168	2400	WerFault.exe	33
1348	2544	WerFault.exe	32
1788	2864	WerFault.exe	34
3012	2960	WerFault.exe	39
1988	628	WerFault.exe	54
1280	2748	WerFault.exe	36
2376	2752	WerFault.exe	38
2356	824	WerFault.exe	44
1932	1704	WerFault.exe	47
1936	2812	WerFault.exe	45
368	2300	WerFault.exe	43
1756	828	WerFault.exe	50
2248	2768	WerFault.exe	48
1288	2956	WerFault.exe	46
2944	1776	WerFault.exe	49
1916	2696	WerFault.exe	37
2184	1272	WerFault.exe	61
1972	2316	WerFault.exe	40
2896	928	WerFault.exe	55
2448	980	WerFault.exe	58
2856	1572	WerFault.exe	63
2404	2500	WerFault.exe	66
2880	2360	WerFault.exe	56
1676	1476	WerFault.exe	57
1652	2420	WerFault.exe	94
2984	2932	WerFault.exe	64
2452	2928	WerFault.exe	68
3088	2992	WerFault.exe	69
3184	1524	WerFault.exe	59
3256	2740	WerFault.exe	65
3356	2720	WerFault.exe	70
3576	2252	WerFault.exe	62
3648	2496	WerFault.exe	111
3872	3040	WerFault.exe	83
3916	2876	WerFault.exe	86
4064	2640	WerFault.exe	89
3492	1492	WerFault.exe	95
3880	556	WerFault.exe	108
3848	1748	WerFault.exe	107
3944	2580	WerFault.exe	103
3988	2568	WerFault.exe	104
1872	2204	WerFault.exe	88
3500	2328	WerFault.exe	81
3596	2868	WerFault.exe	110
3324	1056	WerFault.exe	85
3204	2104	WerFault.exe	114
3676	2884	WerFault.exe	102
3832	2832	WerFault.exe	112
4124	3192	WerFault.exe	122
4324	896	WerFault.exe	99
4348	1868	WerFault.exe	115
4400	1496	WerFault.exe	105
4496	2208	WerFault.exe	116
4544	2312	WerFault.exe	96
4580	3476	WerFault.exe	129
4624	2644	WerFault.exe	113
4812	3160	WerFault.exe	120
4872	2128	WerFault.exe	109
4948	3688	WerFault.exe	135
5016	3756	WerFault.exe	136

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe
2772	Unicorn-19883.exe
2648	Unicorn-41442.exe
2536	Unicorn-21241.exe
2544	Unicorn-26948.exe
2400	Unicorn-8582.exe
2864	Unicorn-57902.exe
2748	Unicorn-26822.exe
2752	Unicorn-9224.exe
2960	Unicorn-53360.exe
2696	Unicorn-6956.exe
2316	Unicorn-55244.exe
2300	Unicorn-41413.exe
824	Unicorn-57090.exe
2812	Unicorn-29352.exe
1776	Unicorn-60619.exe
1704	Unicorn-40753.exe
2956	Unicorn-15175.exe
2768	Unicorn-79.exe
828	Unicorn-19945.exe
928	Unicorn-47068.exe
628	Unicorn-10181.exe
2360	Unicorn-5293.exe
1476	Unicorn-47089.exe
2740	Unicorn-9014.exe
2992	Unicorn-10202.exe
1524	Unicorn-24500.exe
2252	Unicorn-22615.exe
1272	Unicorn-26451.exe
2928	Unicorn-38145.exe
980	Unicorn-52273.exe
2500	Unicorn-24266.exe
1572	Unicorn-1401.exe
2720	Unicorn-4692.exe
2932	Unicorn-63793.exe
2328	Unicorn-23581.exe
3040	Unicorn-20548.exe
1056	Unicorn-48882.exe
2876	Unicorn-31093.exe
2204	Unicorn-5659.exe
2640	Unicorn-50994.exe
2420	Unicorn-62992.exe
1492	Unicorn-44596.exe
2312	Unicorn-23211.exe
896	Unicorn-56094.exe
2884	Unicorn-38340.exe
2580	Unicorn-36629.exe
2568	Unicorn-50915.exe
1496	Unicorn-5051.exe
1748	Unicorn-53795.exe
556	Unicorn-635.exe
2128	Unicorn-33142.exe
2496	Unicorn-36214.exe
2868	Unicorn-53271.exe
2832	Unicorn-44247.exe
2644	Unicorn-12088.exe
2104	Unicorn-14636.exe
1868	Unicorn-27801.exe
2208	Unicorn-33338.exe
3160	Unicorn-2667.exe
3192	Unicorn-50955.exe
3312	Unicorn-35896.exe
3396	Unicorn-42881.exe
3368	Unicorn-7302.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2772	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	28
PID 2200 wrote to memory of 2772	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	28
PID 2200 wrote to memory of 2772	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	28
PID 2200 wrote to memory of 2772	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	28
PID 2200 wrote to memory of 2648	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	30
PID 2200 wrote to memory of 2648	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	30
PID 2200 wrote to memory of 2648	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	30
PID 2200 wrote to memory of 2648	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	30
PID 2772 wrote to memory of 2536	2772	Unicorn-19883.exe	29
PID 2772 wrote to memory of 2536	2772	Unicorn-19883.exe	29
PID 2772 wrote to memory of 2536	2772	Unicorn-19883.exe	29
PID 2772 wrote to memory of 2536	2772	Unicorn-19883.exe	29
PID 2200 wrote to memory of 2524	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	31
PID 2200 wrote to memory of 2524	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	31
PID 2200 wrote to memory of 2524	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	31
PID 2200 wrote to memory of 2524	2200	145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe	31
PID 2648 wrote to memory of 2544	2648	Unicorn-41442.exe	32
PID 2648 wrote to memory of 2544	2648	Unicorn-41442.exe	32
PID 2648 wrote to memory of 2544	2648	Unicorn-41442.exe	32
PID 2648 wrote to memory of 2544	2648	Unicorn-41442.exe	32
PID 2536 wrote to memory of 2400	2536	Unicorn-21241.exe	33
PID 2536 wrote to memory of 2400	2536	Unicorn-21241.exe	33
PID 2536 wrote to memory of 2400	2536	Unicorn-21241.exe	33
PID 2536 wrote to memory of 2400	2536	Unicorn-21241.exe	33
PID 2772 wrote to memory of 2864	2772	Unicorn-19883.exe	34
PID 2772 wrote to memory of 2864	2772	Unicorn-19883.exe	34
PID 2772 wrote to memory of 2864	2772	Unicorn-19883.exe	34
PID 2772 wrote to memory of 2864	2772	Unicorn-19883.exe	34
PID 2772 wrote to memory of 472	2772	Unicorn-19883.exe	35
PID 2772 wrote to memory of 472	2772	Unicorn-19883.exe	35
PID 2772 wrote to memory of 472	2772	Unicorn-19883.exe	35
PID 2772 wrote to memory of 472	2772	Unicorn-19883.exe	35
PID 2536 wrote to memory of 2696	2536	Unicorn-21241.exe	37
PID 2536 wrote to memory of 2696	2536	Unicorn-21241.exe	37
PID 2536 wrote to memory of 2696	2536	Unicorn-21241.exe	37
PID 2536 wrote to memory of 2696	2536	Unicorn-21241.exe	37
PID 2400 wrote to memory of 2752	2400	Unicorn-8582.exe	38
PID 2400 wrote to memory of 2752	2400	Unicorn-8582.exe	38
PID 2400 wrote to memory of 2752	2400	Unicorn-8582.exe	38
PID 2400 wrote to memory of 2752	2400	Unicorn-8582.exe	38
PID 2648 wrote to memory of 2960	2648	Unicorn-41442.exe	39
PID 2648 wrote to memory of 2960	2648	Unicorn-41442.exe	39
PID 2648 wrote to memory of 2960	2648	Unicorn-41442.exe	39
PID 2648 wrote to memory of 2960	2648	Unicorn-41442.exe	39
PID 2544 wrote to memory of 2748	2544	Unicorn-26948.exe	36
PID 2544 wrote to memory of 2748	2544	Unicorn-26948.exe	36
PID 2544 wrote to memory of 2748	2544	Unicorn-26948.exe	36
PID 2544 wrote to memory of 2748	2544	Unicorn-26948.exe	36
PID 2864 wrote to memory of 2316	2864	Unicorn-57902.exe	40
PID 2864 wrote to memory of 2316	2864	Unicorn-57902.exe	40
PID 2864 wrote to memory of 2316	2864	Unicorn-57902.exe	40
PID 2864 wrote to memory of 2316	2864	Unicorn-57902.exe	40
PID 2648 wrote to memory of 2272	2648	Unicorn-41442.exe	41
PID 2648 wrote to memory of 2272	2648	Unicorn-41442.exe	41
PID 2648 wrote to memory of 2272	2648	Unicorn-41442.exe	41
PID 2648 wrote to memory of 2272	2648	Unicorn-41442.exe	41
PID 2536 wrote to memory of 320	2536	Unicorn-21241.exe	42
PID 2536 wrote to memory of 320	2536	Unicorn-21241.exe	42
PID 2536 wrote to memory of 320	2536	Unicorn-21241.exe	42
PID 2536 wrote to memory of 320	2536	Unicorn-21241.exe	42
PID 2960 wrote to memory of 2300	2960	Unicorn-53360.exe	43
PID 2960 wrote to memory of 2300	2960	Unicorn-53360.exe	43
PID 2960 wrote to memory of 2300	2960	Unicorn-53360.exe	43
PID 2960 wrote to memory of 2300	2960	Unicorn-53360.exe	43

C:\Users\Admin\AppData\Local\Temp\145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\145a3051e5e9924ad7abfe48f43d6b23_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47089.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        11⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 240
        12⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 376
        11⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 380
        10⤵
        Program crash
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        11⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe
        12⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        13⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        14⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 376
        13⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5040.exe
        12⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 376
        12⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 376
        11⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 368
        10⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 376
        9⤵
        Program crash
        
        PID:3500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 368
        8⤵
        Program crash
        
        PID:1676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 372
        7⤵
        Program crash
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9850.exe
        9⤵
        Executes dropped EXE
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
        11⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        12⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        13⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        14⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        15⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 376
        14⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        13⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 244
        14⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 376
        13⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 376
        12⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 380
        11⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 376
        10⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 376
        9⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        11⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        12⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        13⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        14⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 384
        14⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        13⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 384
        13⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 376
        12⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 376
        11⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 376
        10⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 376
        9⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 376
        8⤵
        Program crash
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-753.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39090.exe
        11⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34035.exe
        12⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        13⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
        14⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 240
        15⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 376
        14⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 380
        13⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 376
        12⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 368
        11⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 376
        10⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 380
        9⤵
        Program crash
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 368
        8⤵
        Program crash
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 376
        7⤵
        Program crash
        
        PID:3088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 368
        6⤵
        Program crash
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24500.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        11⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        12⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        13⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 244
        14⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 376
        13⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 376
        12⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 376
        11⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 376
        10⤵
        Program crash
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        10⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        11⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
        12⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        13⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        14⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 380
        14⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 380
        13⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 376
        12⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 376
        11⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 376
        10⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 376
        9⤵
        Program crash
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        10⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        11⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        12⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55299.exe
        13⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        14⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 384
        14⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 380
        13⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 380
        12⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 376
        11⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 376
        10⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 376
        9⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 376
        8⤵
        Program crash
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        10⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        11⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 224
        12⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 376
        11⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 380
        10⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 376
        9⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 376
        8⤵
        Program crash
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 380
        7⤵
        Program crash
        
        PID:3184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 380
        6⤵
        Program crash
        
        PID:2248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 372
        5⤵
        Program crash
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 220
        7⤵
        Program crash
        
        PID:2448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 376
        6⤵
        Program crash
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        6⤵
        Program crash
        
        PID:2856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 372
        5⤵
        Program crash
        
        PID:1916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        10⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
        11⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        12⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        13⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 372
        12⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 376
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 376
        10⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 376
        9⤵
        Program crash
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 376
        8⤵
        Program crash
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
        9⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 220
        10⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 376
        9⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 376
        8⤵
        Program crash
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 380
        7⤵
        Program crash
        
        PID:3256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 376
        6⤵
        Program crash
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        10⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
        11⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        12⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 376
        12⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 376
        11⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 376
        10⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 376
        9⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 376
        8⤵
        Program crash
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
        8⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 220
        9⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 380
        8⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 368
        7⤵
        Program crash
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        9⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63349.exe
        10⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        11⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 224
        12⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 368
        11⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 368
        10⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 376
        9⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 376
        8⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 376
        7⤵
        Program crash
        
        PID:4496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 380
        6⤵
        Program crash
        
        PID:3576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 376
        5⤵
        Program crash
        
        PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57030.exe
        10⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        11⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        12⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 244
        13⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 368
        12⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 368
        11⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 376
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 376
        9⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 376
        8⤵
        Program crash
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 376
        7⤵
        Program crash
        
        PID:3872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 360
        6⤵
        Program crash
        
        PID:2880
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 376
        5⤵
        Program crash
        
        PID:1932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 380
      4⤵
      Program crash
      PID:1788
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 372
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26948.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
        7⤵
        Program crash
        
        PID:2184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 380
        6⤵
        Program crash
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        10⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 220
        11⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 376
        10⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 376
        9⤵
        Program crash
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        10⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        11⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        12⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 368
        12⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 376
        11⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 380
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 376
        9⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 376
        8⤵
        Program crash
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2667.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        10⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        11⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
        12⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 244
        13⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 380
        12⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 376
        11⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 376
        10⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 376
        9⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 376
        8⤵
        Program crash
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 376
        7⤵
        Program crash
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        8⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21490.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        10⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
        11⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
        12⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 244
        13⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 376
        12⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 368
        11⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 376
        10⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 376
        9⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 376
        8⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 376
        7⤵
        Program crash
        
        PID:3676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 376
        6⤵
        Program crash
        
        PID:2984
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 376
        5⤵
        Program crash
        
        PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        6⤵
        Program crash
        
        PID:2404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 380
        5⤵
        Program crash
        
        PID:1936
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 376
      4⤵
      Program crash
      PID:1348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36214.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 220
        9⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-376.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
        10⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
        11⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        12⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 244
        13⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 376
        12⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 376
        11⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 376
        10⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 376
        9⤵
        Program crash
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 376
        8⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        9⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        10⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        12⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        13⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 372
        13⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 376
        12⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 376
        11⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 376
        10⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 376
        9⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 376
        8⤵
        Program crash
        
        PID:3832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 380
        7⤵
        Program crash
        
        PID:3356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 376
        6⤵
        Program crash
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 224
        7⤵
        Program crash
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53795.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        8⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 220
        9⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 376
        8⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 376
        7⤵
        Program crash
        
        PID:3848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 364
        6⤵
        Program crash
        
        PID:2452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 376
        5⤵
        Program crash
        
        PID:368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
        5⤵
        Program crash
        
        PID:1988
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 380
      4⤵
      Program crash
      PID:3012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2272
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 376
  2⤵
  - Program crash
  PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe

Filesize
192KB

MD5
073113773e68f1aa6b8d8cb97bda5fda

SHA1
2b626587152005b2fb1b1be2c0e4c91e361f9742

SHA256
07d5d02bc0ebbabec910f3fd4c8379d7dfefd886a314f6dd3bfb14b0558b4078

SHA512
090b50adf3fef138713b656c6e9980ab7e38da1b8bd03d56c252edb83447d275c3cb69f45a494f7f8a46e885db56f79bbdbcdc6ae60dc003c6c4a5ff49730aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe

Filesize
192KB

MD5
a043805ab7832874cc4f5d8ea44c795d

SHA1
004ad312b9d30608230a80243e0289387d959e07

SHA256
6f818b45bbe5b2ec1f06fec3fd53bdd72140ec1e39a18abc847a53983e98ff62

SHA512
1027c36dd946e6563a4590c9d80d9f6f693807e82ce3e9269a6e06e0ef30c0d027cc190ef3869a91677a1bec3486bb3e72ef44c179f7242c4334993d13c3702f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40753.exe

Filesize
192KB

MD5
e699f03ee2bedd15dabd2cb913caed5b

SHA1
79ac95ba8659007292c7c30076a69c812d8e646d

SHA256
014487a09692ff437ea0e8050e77f15a49dd01c850bf1c670459f505bd8609f3

SHA512
54ad97d1613d9f451661e7bc5683e0ccfb003762f3f5a40cf570b50bd9f63afc91138260a82c36c69869c6093852ac1a9a994075d69a6b3728690f31b8edfff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe

Filesize
192KB

MD5
07c87a84f4b6464a8e18177afd6b8ac4

SHA1
ccc1c71b28c843bce549ab95590205839dd0bdb1

SHA256
04cc1c014c5bd12d1d157cf1b9c7df3a25e9d8992b3d68f11f18f5120a78da9a

SHA512
8ee9eb88ea0d1d92362c843fb1dba31f90b7ed4f7cff2e29ed200a2a6d89d3957241ede78dd6b21b99e6e2ab921546d119001732594c9a998cb97411b6334920

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe

Filesize
192KB

MD5
6baa71c0851070bc884d1f9d35e31388

SHA1
4ace043e7243fdd1b649ec5268d4525d5d4fd523

SHA256
c1f231b36ea9c2e5d052861aaf9b9e63e3d6f1d7622057508e1a943ec50852c4

SHA512
9169ceaa0a95c8f9ed6b7a5969e4a95caf5bf54a1d1ec95c5df7fb980d7e78dc66be7818eda328fc73d95cce6fd4df68ce0c2f3858d73681226105c836b15e8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe

Filesize
192KB

MD5
0fb094491234b179b2fcf52de16311fb

SHA1
732b2dfe1f4c8ec21bf113254fe6b78c42fa7156

SHA256
555cd6717e3725e88d085a0f877cfd1874cd6f40abca0473e4a78e1f8523381f

SHA512
00752bc7df193b0fd92b4a2cad4876c8aefbc3c6dea1b441daeed7beb112eba8f09010d4c4356daf906bbc74cb6fd70f616d57244faefc90033e99d73f747383

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe

Filesize
192KB

MD5
e8f41742b10e94e0d6991bd90b2fad14

SHA1
6e3bd0227745fc15488273b8134048459cecff60

SHA256
45f2bbdaf7f96624e2a223bb8dcd23e1d2827246a20d8411532d627216a46e58

SHA512
eacbd2c451b6958d3cb5d22b2ecd5bea1c540cb064d4ae387e6ddcb8b00513e444cf116612b0bc55bd45933dacecabb9e3ad9554c54e5eefd99fc619936c3e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe

Filesize
192KB

MD5
4b9dbe44549f77778b597f3f7d357d0f

SHA1
9c260c4266200a03cdfb92d0fb2fcc1de17141cb

SHA256
7d6723fe63a194e4787362c6addaf251c653a2831d1bc3f68f487b98e7f21896

SHA512
e505a36ce915b642739859edd200e2f14c3fb83ffff383d2655d304a576f2d9861877284a9e7369925e599bb44d190826877ebb418169580fe74ca7a3d6b2aab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe

Filesize
192KB

MD5
e7b66d3d4a6625d5fdf59d96e0dedf7d

SHA1
d93fac8fe4c8f2e27231dc6dc6670f61cb6eef58

SHA256
6c9bfaf52f3743929fbe32b235160be2df54e97ba63e2ef8586b153e63f83932

SHA512
79310de3e6065e3743d97eed307e585531435d6f75a1eac2dac7b9b0e41b8ac2d3e9073af2beaa285bc16b0e41cfac16b04bbff47d68922bb21af4eb61078ad7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe

Filesize
192KB

MD5
6351e1151c8a69303f83f62b7fa6d6a1

SHA1
92abc1531c71e1f66253cf015d5a34651ee87591

SHA256
b377092c4d1af30172221eaf0d4ce7c17443800f1cbe870dfb75adf1fc081b6e

SHA512
b439bd110549af6c19c1616ffd1c40071092ab57bd6cfbff8077950465e1095915e11a9cfe69bd7f8d4560b9ef5c51c429e3b1ecf202e9f4f522324d23d8456d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe

Filesize
192KB

MD5
7a2548bc976ca1508a0a4582c1d2a17a

SHA1
bb7e4a1f3e48d44766b4f1877907f13c4e06d074

SHA256
0be06757805f66b7692582ee1a637546a874a509a1cdf979f48af21806913559

SHA512
8094000485a0071d56cbc16dbbdc914000745b295da5e235469061c17fc6bdd84845b1448a1c0929d47ea70da40d09334f1e3537661fd6b1add1b74fe0a651c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe

Filesize
192KB

MD5
7130f702f796c7687f281dce60beec00

SHA1
8d088198956a95977fb9c77313859b06bf082157

SHA256
5124850a796071b08ac1465d3aec5d19ee4adc4019e79cab61b3cd19da9d9260

SHA512
7770e4c7c02242fd3e8f3018a242da2c4f0e2a9cf2fa6115d8c93cc55411d737fe29114c37b2feea5e1ac3083842470e9a34cc0c867c73ef3f953b9418d2aa3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26948.exe

Filesize
192KB

MD5
98e976c5768ed8a671d754ad2006450a

SHA1
76e2587025111b2482e7ae7070da1a7018559d6d

SHA256
d747209f1c087a56fe6c23994db45a82fe84703e8395066837acc32fe2f0ff35

SHA512
f39be6e24da330ae81aa2e56565a85d6d28217e4f074ee81a90405cca17711423ade8355d913baf30cbe8fe205b56444e8d2ecb7a6b1655660b0c0bdfb0233ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe

Filesize
192KB

MD5
3ef902663be970ab5e50ed744dcb5caa

SHA1
852a4aea5b0750eb37abf3f0d04fb80f673ca84c

SHA256
3f1fcd1e7ed268c5d939cdc508f2132c79e48f159cc41d6657422afde40c37d0

SHA512
2542da00c3d1ce977e6be82859fe0a57a6c561ff5a40b03b4fddcdad3de28f08c1e03f0b231a6dd4cb2437e9926eab97eecb0e9b4cdd7509e82da16e6d05c65f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe

Filesize
192KB

MD5
a9770b9744819508fdc59076d4e609f0

SHA1
e5bcf9e8acf182f60508389a9dbb21555a797980

SHA256
229edb6ea09b0d22c635cbd68eec78df607fceaef8fe4cadf28563666166a743

SHA512
9355237c5699349ce9be91a9c36276d23839b955e150220020f574c9d7ac4f05d24afb681aeae5d1a251dd5869bfb01249a7fa924826904a4480b6dc0a0de53a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe

Filesize
192KB

MD5
74871167b314d9d0c3bf83c033da10ca

SHA1
daa970dc7779864d77c3140437db60b25472b8a1

SHA256
f5c70246ad294215faa60a2827bbce69251c3f0bf228579a10e07df70df6f8e2

SHA512
91fa5b6bf1d8ea0a19b49c3d39a57bee6fb83cced82a36b0f5bf60d8d282b6737110e9b8f3f040f43f1600a4715561500e53cc7bf1d67a8ef80ce42d754fcfc6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads