b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1

Analysis

max time kernel
35s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe
Size

184KB
MD5

033ade54297ee2be2a4f43321052b3a6
SHA1

7644bfbb85e28aad03a68200a5764ffc0dd0778e
SHA256

b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1
SHA512

ef3ca0963fd5bfbc3515d1c9099fc0e9e6d3ba61f5c0bc8962cf1202f1e958dc5d89813d544fb9bb26413eaeb833c3ee1508165516e1df17bde23fcb0521812f
SSDEEP

3072:T5fPiWoANmEsdRjYehsLpxJ/XKYYzn3KH+BgA5qmUlehlnVOFb:T5Po2YRjiLPJ/XneYwhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1276	Unicorn-49778.exe
2620	Unicorn-55261.exe
2564	Unicorn-33257.exe
2584	Unicorn-37462.exe
2632	Unicorn-37462.exe
2432	Unicorn-50269.exe
2712	Unicorn-60350.exe
2724	Unicorn-40484.exe
276	Unicorn-27678.exe
340	Unicorn-21325.exe
1572	Unicorn-41191.exe
1156	Unicorn-48140.exe
860	Unicorn-28274.exe
2232	Unicorn-15852.exe
2812	Unicorn-21882.exe
1996	Unicorn-17667.exe
804	Unicorn-52442.exe
1432	Unicorn-65249.exe
1420	Unicorn-19578.exe
2384	Unicorn-22443.exe
2088	Unicorn-20174.exe
780	Unicorn-55883.exe
1320	Unicorn-41000.exe
3004	Unicorn-56651.exe
960	Unicorn-45167.exe
3052	Unicorn-14762.exe
2352	Unicorn-1119.exe
3064	Unicorn-32360.exe
2140	Unicorn-1311.exe
2104	Unicorn-21177.exe
868	Unicorn-12686.exe
2608	Unicorn-3421.exe
2804	Unicorn-49093.exe
2420	Unicorn-19265.exe
2652	Unicorn-16996.exe
2128	Unicorn-36862.exe
2332	Unicorn-43681.exe
2448	Unicorn-23815.exe
2764	Unicorn-41412.exe
2880	Unicorn-29374.exe
2772	Unicorn-23021.exe
2184	Unicorn-7142.exe
1860	Unicorn-7012.exe
1888	Unicorn-7334.exe
1856	Unicorn-7334.exe
2400	Unicorn-7204.exe
2868	Unicorn-24932.exe
2240	Unicorn-40583.exe
2080	Unicorn-40068.exe
2248	Unicorn-59934.exe
916	Unicorn-7054.exe
1652	Unicorn-24652.exe
2596	Unicorn-4978.exe
1068	Unicorn-28818.exe
1796	Unicorn-48684.exe
2176	Unicorn-44278.exe
1580	Unicorn-48876.exe
1672	Unicorn-48876.exe
1448	Unicorn-18211.exe
1740	Unicorn-49452.exe
2496	Unicorn-49644.exe
2900	Unicorn-64911.exe
2624	Unicorn-62835.exe
2576	Unicorn-17164.exe

Loads dropped DLL 64 IoCs

pid	Process
1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe
1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe
1276	Unicorn-49778.exe
1276	Unicorn-49778.exe
1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe
1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe
2620	Unicorn-55261.exe
2564	Unicorn-33257.exe
2564	Unicorn-33257.exe
2620	Unicorn-55261.exe
1276	Unicorn-49778.exe
1276	Unicorn-49778.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2564	Unicorn-33257.exe
2584	Unicorn-37462.exe
2584	Unicorn-37462.exe
2564	Unicorn-33257.exe
2432	Unicorn-50269.exe
2432	Unicorn-50269.exe
2632	Unicorn-37462.exe
2632	Unicorn-37462.exe
2620	Unicorn-55261.exe
2620	Unicorn-55261.exe
1624	WerFault.exe
1624	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1624	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1624	WerFault.exe
1624	WerFault.exe
1588	WerFault.exe
2712	Unicorn-60350.exe
2584	Unicorn-37462.exe
2712	Unicorn-60350.exe
2584	Unicorn-37462.exe
2724	Unicorn-40484.exe
2724	Unicorn-40484.exe
276	Unicorn-27678.exe
276	Unicorn-27678.exe
2432	Unicorn-50269.exe
2432	Unicorn-50269.exe
340	Unicorn-21325.exe
340	Unicorn-21325.exe
2632	Unicorn-37462.exe
2632	Unicorn-37462.exe
1572	Unicorn-41191.exe
1572	Unicorn-41191.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2784	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2656	1296	WerFault.exe	27
2324	1276	WerFault.exe	28
1588	2564	WerFault.exe	30
1624	2620	WerFault.exe	29
1100	2584	WerFault.exe	33
2344	2432	WerFault.exe	34
2784	2632	WerFault.exe	32
1552	2712	WerFault.exe	36
2504	2724	WerFault.exe	37
2020	276	WerFault.exe	38
1912	340	WerFault.exe	40
2816	1156	WerFault.exe	43
580	1996	WerFault.exe	47
800	860	WerFault.exe	44
1104	2232	WerFault.exe	45
1612	2812	WerFault.exe	46
2312	804	WerFault.exe	48
944	1420	WerFault.exe	50
2188	2184	WerFault.exe	80
2212	2384	WerFault.exe	54
892	2088	WerFault.exe	55
2092	780	WerFault.exe	56
2532	3004	WerFault.exe	58
2892	1320	WerFault.exe	57
2588	3052	WerFault.exe	60
776	960	WerFault.exe	59
1028	3064	WerFault.exe	62
500	2140	WerFault.exe	64
2872	2104	WerFault.exe	63
2168	868	WerFault.exe	65
1900	2352	WerFault.exe	61
2912	2804	WerFault.exe	71
1012	2420	WerFault.exe	72
1036	2128	WerFault.exe	74
3096	2772	WerFault.exe	79
3180	2080	WerFault.exe	87
3172	1860	WerFault.exe	81
3164	2400	WerFault.exe	84
3156	2240	WerFault.exe	86
3148	2868	WerFault.exe	85
3140	1888	WerFault.exe	83
3132	1856	WerFault.exe	82
3712	2248	WerFault.exe	88
3864	2000	WerFault.exe	119
3972	2652	WerFault.exe	73
3964	1672	WerFault.exe	103
3980	2576	WerFault.exe	109
3956	2596	WerFault.exe	95
3948	2496	WerFault.exe	106
3940	2764	WerFault.exe	77
3932	2880	WerFault.exe	78
4040	2624	WerFault.exe	108
4032	2824	WerFault.exe	123
4024	1948	WerFault.exe	125
4016	1880	WerFault.exe	116
4008	2332	WerFault.exe	75
4000	2176	WerFault.exe	101
4088	1516	WerFault.exe	130
4080	1572	WerFault.exe	131
4072	916	WerFault.exe	92
3084	1492	WerFault.exe	141
3224	1368	WerFault.exe	117
3220	1580	WerFault.exe	102
2608	1796	WerFault.exe	98

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe
1276	Unicorn-49778.exe
2620	Unicorn-55261.exe
2564	Unicorn-33257.exe
2584	Unicorn-37462.exe
2632	Unicorn-37462.exe
2432	Unicorn-50269.exe
2712	Unicorn-60350.exe
2724	Unicorn-40484.exe
276	Unicorn-27678.exe
1572	Unicorn-41191.exe
340	Unicorn-21325.exe
1156	Unicorn-48140.exe
860	Unicorn-28274.exe
2812	Unicorn-21882.exe
2232	Unicorn-15852.exe
1996	Unicorn-17667.exe
804	Unicorn-52442.exe
1432	Unicorn-65249.exe
1420	Unicorn-19578.exe
2384	Unicorn-22443.exe
2088	Unicorn-20174.exe
780	Unicorn-55883.exe
1320	Unicorn-41000.exe
3004	Unicorn-56651.exe
960	Unicorn-45167.exe
3052	Unicorn-14762.exe
2352	Unicorn-1119.exe
3064	Unicorn-32360.exe
2140	Unicorn-1311.exe
2104	Unicorn-21177.exe
868	Unicorn-12686.exe
2608	Unicorn-3421.exe
2804	Unicorn-49093.exe
2420	Unicorn-19265.exe
2128	Unicorn-36862.exe
2652	Unicorn-16996.exe
2332	Unicorn-43681.exe
2448	Unicorn-23815.exe
2764	Unicorn-41412.exe
2880	Unicorn-29374.exe
2772	Unicorn-23021.exe
2184	Unicorn-7142.exe
1860	Unicorn-7012.exe
1888	Unicorn-7334.exe
1856	Unicorn-7334.exe
2400	Unicorn-7204.exe
2868	Unicorn-24932.exe
2248	Unicorn-59934.exe
2080	Unicorn-40068.exe
2240	Unicorn-40583.exe
916	Unicorn-7054.exe
1652	Unicorn-24652.exe
2596	Unicorn-4978.exe
1068	Unicorn-28818.exe
1796	Unicorn-48684.exe
2176	Unicorn-44278.exe
1580	Unicorn-48876.exe
1672	Unicorn-48876.exe
1448	Unicorn-18211.exe
1740	Unicorn-49452.exe
2900	Unicorn-64911.exe
2576	Unicorn-17164.exe
2624	Unicorn-62835.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 1276	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	28
PID 1296 wrote to memory of 1276	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	28
PID 1296 wrote to memory of 1276	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	28
PID 1296 wrote to memory of 1276	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	28
PID 1276 wrote to memory of 2620	1276	Unicorn-49778.exe	29
PID 1276 wrote to memory of 2620	1276	Unicorn-49778.exe	29
PID 1276 wrote to memory of 2620	1276	Unicorn-49778.exe	29
PID 1276 wrote to memory of 2620	1276	Unicorn-49778.exe	29
PID 1296 wrote to memory of 2564	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	30
PID 1296 wrote to memory of 2564	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	30
PID 1296 wrote to memory of 2564	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	30
PID 1296 wrote to memory of 2564	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	30
PID 1296 wrote to memory of 2656	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	31
PID 1296 wrote to memory of 2656	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	31
PID 1296 wrote to memory of 2656	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	31
PID 1296 wrote to memory of 2656	1296	b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe	31
PID 2564 wrote to memory of 2584	2564	Unicorn-33257.exe	33
PID 2564 wrote to memory of 2584	2564	Unicorn-33257.exe	33
PID 2564 wrote to memory of 2584	2564	Unicorn-33257.exe	33
PID 2564 wrote to memory of 2584	2564	Unicorn-33257.exe	33
PID 2620 wrote to memory of 2632	2620	Unicorn-55261.exe	32
PID 2620 wrote to memory of 2632	2620	Unicorn-55261.exe	32
PID 2620 wrote to memory of 2632	2620	Unicorn-55261.exe	32
PID 2620 wrote to memory of 2632	2620	Unicorn-55261.exe	32
PID 1276 wrote to memory of 2432	1276	Unicorn-49778.exe	34
PID 1276 wrote to memory of 2432	1276	Unicorn-49778.exe	34
PID 1276 wrote to memory of 2432	1276	Unicorn-49778.exe	34
PID 1276 wrote to memory of 2432	1276	Unicorn-49778.exe	34
PID 1276 wrote to memory of 2324	1276	Unicorn-49778.exe	35
PID 1276 wrote to memory of 2324	1276	Unicorn-49778.exe	35
PID 1276 wrote to memory of 2324	1276	Unicorn-49778.exe	35
PID 1276 wrote to memory of 2324	1276	Unicorn-49778.exe	35
PID 2584 wrote to memory of 2712	2584	Unicorn-37462.exe	36
PID 2584 wrote to memory of 2712	2584	Unicorn-37462.exe	36
PID 2584 wrote to memory of 2712	2584	Unicorn-37462.exe	36
PID 2584 wrote to memory of 2712	2584	Unicorn-37462.exe	36
PID 2564 wrote to memory of 2724	2564	Unicorn-33257.exe	37
PID 2564 wrote to memory of 2724	2564	Unicorn-33257.exe	37
PID 2564 wrote to memory of 2724	2564	Unicorn-33257.exe	37
PID 2564 wrote to memory of 2724	2564	Unicorn-33257.exe	37
PID 2432 wrote to memory of 276	2432	Unicorn-50269.exe	38
PID 2432 wrote to memory of 276	2432	Unicorn-50269.exe	38
PID 2432 wrote to memory of 276	2432	Unicorn-50269.exe	38
PID 2432 wrote to memory of 276	2432	Unicorn-50269.exe	38
PID 2632 wrote to memory of 1572	2632	Unicorn-37462.exe	39
PID 2632 wrote to memory of 1572	2632	Unicorn-37462.exe	39
PID 2632 wrote to memory of 1572	2632	Unicorn-37462.exe	39
PID 2632 wrote to memory of 1572	2632	Unicorn-37462.exe	39
PID 2620 wrote to memory of 340	2620	Unicorn-55261.exe	40
PID 2620 wrote to memory of 340	2620	Unicorn-55261.exe	40
PID 2620 wrote to memory of 340	2620	Unicorn-55261.exe	40
PID 2620 wrote to memory of 340	2620	Unicorn-55261.exe	40
PID 2564 wrote to memory of 1588	2564	Unicorn-33257.exe	42
PID 2564 wrote to memory of 1588	2564	Unicorn-33257.exe	42
PID 2564 wrote to memory of 1588	2564	Unicorn-33257.exe	42
PID 2564 wrote to memory of 1588	2564	Unicorn-33257.exe	42
PID 2620 wrote to memory of 1624	2620	Unicorn-55261.exe	41
PID 2620 wrote to memory of 1624	2620	Unicorn-55261.exe	41
PID 2620 wrote to memory of 1624	2620	Unicorn-55261.exe	41
PID 2620 wrote to memory of 1624	2620	Unicorn-55261.exe	41
PID 2712 wrote to memory of 1156	2712	Unicorn-60350.exe	43
PID 2712 wrote to memory of 1156	2712	Unicorn-60350.exe	43
PID 2712 wrote to memory of 1156	2712	Unicorn-60350.exe	43
PID 2712 wrote to memory of 1156	2712	Unicorn-60350.exe	43

C:\Users\Admin\AppData\Local\Temp\b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe
"C:\Users\Admin\AppData\Local\Temp\b38165610fc457a638b2c598c134db58abd83472b804020ec470845e0b7dcec1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49778.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49778.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        9⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        10⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
        11⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
        11⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        10⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 220
        10⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        10⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
        10⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 220
        9⤵
        Program crash
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        8⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        9⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        10⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 216
        10⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        9⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 220
        9⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        8⤵
        Program crash
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40068.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        10⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        10⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
        9⤵
        Program crash
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        9⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
        9⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        8⤵
        Program crash
        
        PID:3180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        7⤵
        Program crash
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        8⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        10⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        9⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        9⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        9⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        8⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        8⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        8⤵
        Program crash
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 240
        7⤵
        Program crash
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42268.exe
        9⤵
        
        PID:976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 236
        9⤵
        Program crash
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        8⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        9⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        9⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
        8⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
        7⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
        8⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        9⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        8⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 220
        8⤵
        Program crash
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 220
        7⤵
        Program crash
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39587.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        8⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        8⤵
        Program crash
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        8⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        8⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        7⤵
        Program crash
        
        PID:3164
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        7⤵
        Executes dropped EXE
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9429.exe
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        8⤵
        Program crash
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        8⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        
        PID:2448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
        6⤵
        Program crash
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        8⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        8⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        8⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        7⤵
        Program crash
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        6⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        7⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        8⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 216
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        7⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
        7⤵
        
        PID:3688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        6⤵
        Program crash
        
        PID:500
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
        5⤵
        Program crash
        
        PID:1912
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 244
        8⤵
        Program crash
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        8⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        8⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        7⤵
        Program crash
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        7⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38437.exe
        7⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        8⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 216
        8⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        7⤵
        Program crash
        
        PID:3172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        6⤵
        Program crash
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        8⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        7⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        7⤵
        
        PID:4600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
        6⤵
        Program crash
        
        PID:1900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
        5⤵
        Program crash
        
        PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
        8⤵
        Program crash
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        8⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        8⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        7⤵
        Program crash
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        7⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 216
        7⤵
        Program crash
        
        PID:4000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        6⤵
        Program crash
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33540.exe
        8⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        8⤵
        Program crash
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        7⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        7⤵
        Program crash
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        6⤵
        
        PID:2452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        6⤵
        Program crash
        
        PID:3972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        5⤵
        Program crash
        
        PID:580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2344
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        10⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        10⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        9⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4978.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        8⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        8⤵
        Program crash
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        7⤵
        Program crash
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        9⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        9⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
        8⤵
        
        PID:604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
        8⤵
        Program crash
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        8⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        8⤵
        Program crash
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        7⤵
        Program crash
        
        PID:2912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
        6⤵
        Program crash
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2299.exe
        8⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        8⤵
        Program crash
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
        7⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        8⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
        8⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        7⤵
        Program crash
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        8⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        7⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 220
        7⤵
        
        PID:3708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        6⤵
        Program crash
        
        PID:892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        5⤵
        Program crash
        
        PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        8⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        8⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
        7⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        7⤵
        Program crash
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59071.exe
        7⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        7⤵
        Program crash
        
        PID:4040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        6⤵
        Program crash
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        7⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
        7⤵
        
        PID:4276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        6⤵
        Program crash
        
        PID:3096
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
        5⤵
        Program crash
        
        PID:800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        9⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        8⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 220
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        7⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        7⤵
        Program crash
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        7⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        8⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        7⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
        7⤵
        
        PID:3496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        6⤵
        Program crash
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
        7⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
        6⤵
        
        PID:1832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        6⤵
        Program crash
        
        PID:3940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        5⤵
        Program crash
        
        PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        6⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        7⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 216
        7⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20681.exe
        7⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        7⤵
        
        PID:3428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        6⤵
        Program crash
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        5⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        6⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        7⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        7⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        6⤵
        
        PID:3456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 220
        6⤵
        
        PID:3564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        5⤵
        Program crash
        
        PID:776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 220
      4⤵
      Program crash
      PID:2504
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
  2⤵
  - Program crash
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe

Filesize
184KB

MD5
cadb58ab857be2b085cb25de4aa55c5a

SHA1
b2e3e5724a516b1dd8c5c291e6fb3bbddada9388

SHA256
ffb4cf4cca3d19e51260dcad8a40a30075c9bc4b2dd4f4f2de4e89562092826b

SHA512
da3665465fbd5d0dc5e88adb3f4fd732a59fed98206a9b0d11007d6cea94c893c167c3a9dd1e39d85ad9f1f9aeb5cc1f19e3bbfd3a99552494e67b4a047249a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40068.exe

Filesize
184KB

MD5
567d1511fef51c5a4be0f139bdf163a6

SHA1
2c93e23580b3c6061d97f5ac57159f75fd8bad8e

SHA256
a53401c6fd5aa20b3b2fc0efc6e1f21830c9ea7dc9c4e37b88b24c43216f6d0f

SHA512
82afa421fbcd9be631621389c05a9785475b59a221122d597c8b5f1168eb7e015c77b99d9bc67bd3e7f1aa25110092cb0115196d37b9864ce2dbb8805813dc75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe

Filesize
184KB

MD5
f241435cecbd0a123ddb298b045943fb

SHA1
9302ae46a82276d6c763599cb22aa0f5b65abe84

SHA256
eda42a23aeb81aebdd743bab2652fbb77453df252bb38154c231e2fdac422cd2

SHA512
ab8a09e975f9d5b1296ac730188983dea5ff10d253a591deb205f0c396bb7a42f29d4064804744c440ec8d8d67139a9a9d2aeb53e292267bc357a147448ae0d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe

Filesize
184KB

MD5
894f8c6d175aff27469b6de6c42dc4f8

SHA1
8f8d8bf25dc1c27f191425ab9819b0dc82e3e069

SHA256
8810537c2ca92778d40d1aca7fd59f11d11906070e3193b44bc19f2db97a9f7a

SHA512
0999e7461112e112630b67d90680368b1b8c3b34caca851da2d958ec7c3f3af5db8136ac99efc32237542c2a97305ba04a4e46a651aa4cc00cae65ae5201d037

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe

Filesize
184KB

MD5
1353d6014eacf211524ce6be7db20992

SHA1
2b65643efbc45ec5a4aba449831ed0cb3a197266

SHA256
1aa35e47a5e11244d450bd67389acbad0e5693974531fa84ec24674c65ef08ea

SHA512
ff8e9e5603a3be0990641958bab5fa3bdb17ca6b9a8c60cae446a986aa01e925b6510abaf64545e49f0f14c53a85e058f227a56ac815190aa276af4eccab6de4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe

Filesize
184KB

MD5
b9666abc25a827d2b81ebff7209a7786

SHA1
daa82f5beca730dd9467bda1d4ee7cd97332a02a

SHA256
0834cae37690be9cf0d6f3f7e089c7444a6033301dc89591098cf25ce35d2c34

SHA512
08586803aa94c85bf95bb576a3f7ba32442728b3f333a708d7da25de64c9d23d995ed7c24718756461e3f1dbe492a400bb4eff6742966a6a2f425e7492240542

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe

Filesize
184KB

MD5
d0d968750a9b72a29c95ef8b5748728b

SHA1
25f1465915ced2b4478d01daa4fab82467824fc7

SHA256
da695d0a9be6480fe2fca21dc462595cd6925cf768064c88c5af304ab44121a5

SHA512
b01cec012dfc464fb4c34e5411624534bed4420023910c8be5f48a92d477cddec136a05fc82364235e38cf493f89bf10fa729af3fddc8d5c825778588dd8e4cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe

Filesize
184KB

MD5
c8887b8091210a544ac2f7bab88fa24c

SHA1
d2907469205a2ab01bc786291e01cecf1219bd04

SHA256
3040277514d8f634f06fed23f2cf6fb305fba6e47d2168974a02c17d2961ee76

SHA512
d6489b754b56664f4ae86506f765f0722c5ecb77a65a0f33aff31132e8243d80923c3f2fd49c6c22e65e08116297a70af49673914928e43bcf5be7c89583e3a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe

Filesize
184KB

MD5
083ee9ebf8161e69b68d212bdf69fc9d

SHA1
225b864c344c4a8fccdc54944056a0ed3e10a3af

SHA256
4c53516856cf18ecc0fcd48871a6c5b6e35ebf30e6bbfe74b314499363751e3b

SHA512
3c64caf243bb7f78d69522bbe529fbe2f87039a4bc1d2a433716db20e11c4cf934bc7c2a8393cf95ac6334ba5e6c7810d847857cca3655bd12dbdbcbb8ebcd01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe

Filesize
184KB

MD5
78629255d365329c3980989a494ce43e

SHA1
6ebd88b2542dae4ee9052730c8adafdafa58874b

SHA256
ae6ca5fbcec9af24f31bfeec572b7da15fafe4f50bcc5be615a9163dd83b9e87

SHA512
e46f51b88ea2f2bf21a840c813bc4da5cd468660d7a2e4de1a8ab359d544c25ccb07fc2ab0d04b651791ca202fb6ef5d6cf220ebd82b825c83867c454cea3604

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe

Filesize
184KB

MD5
b98bd284c12dc9b5413aee8cbf5b6a44

SHA1
56a8b11e31e0be9fcb7bae1d3927e3055a20f27d

SHA256
36e78d902e500910a7237078c9948bdd130107ce4dddc7a6c515588c2b28ee13

SHA512
e192d51cdf612a1b7cd3f9ced8902336de833d4128b34b2e584e44b52002479faefd098c59314bff750a80e27de965df1aad23168e777201811f3e6afe1c98a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe

Filesize
184KB

MD5
80cd957c265db9c6e34968e8b333e25a

SHA1
c511fbde7fdaf2c6da8059bfae410c1aaf67f61b

SHA256
abf7eeef70a016d0d24993cc9b44092e44bce0c879ec8a8ebf449c0b6ed66a62

SHA512
b920f5d39c935cc5be588d3244ec009b994e179e064e248fe57296fb7cdedb2d67ba9b1e1d4c05064e6d64882a7df8cbcc4fb70159ebcca8df668ac8bc8abbf8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49778.exe

Filesize
184KB

MD5
6094a447da3d8889b8185df48aa02bd1

SHA1
d5f9789511cbadb23b21ef3ca41a214ee3cdec8d

SHA256
8d8f9e00a26c94539b12a2ec780b8d5048615fd622bc70d47e5d5c93fbd33c0b

SHA512
4ad401027d969ae2b5cd46f66baa89a4fb8a39909e44abb996fcd7c297b66329ef9cc6f8104538339d7f2c7611660caf2c449aed663c5949506420a078d8835c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe

Filesize
184KB

MD5
0b58121d2196053eb4bf87843696ed6d

SHA1
20b97a3b41729b8cfbed18780adfdf86b3d1fd8c

SHA256
a6361beb374c0ed6ebf55787b01ed7e3b65953c5d22afc41890fb8f2e79f7a4c

SHA512
e5b32761d77bc032118491459794930ab70ecf39608769e1ddab5dd920338a591deea27e5574a6e5daef705f76c5fdbad954114bac741d433888ebf3b000f959

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe

Filesize
184KB

MD5
cc89708f7a8337d333165c77c91f5c78

SHA1
0fdd0a2f0626cf278ca6706273a7cd7a4edd6cbb

SHA256
6db32a3cb25c497acdb1d074ba4b3a8efd8b68ba0013b35cee965080208628db

SHA512
7360f5b3ad85b11f4a66cd304052c2fbff1e52cc39d03b73677507d13c457bd64094b0503bb52d9ba024eeb568bcce736b5f7909a90f80cde370ba5c53baf65b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads