83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 23:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
Size

468KB
MD5

cae99a3bf6a47fd9dbd4f7c608f2f173
SHA1

b5edee0a453a366c3ea90a6153e5498d9d6836cc
SHA256

83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de
SHA512

6d703111b44892c8e70f7a508acc80b024be7c84c4f1990a95358c6e9027422859c0edd4fbb1b03c08bcbff496aaf9dd19d30ec50f903941527e26328fabd5fb
SSDEEP

3072:Xrz7og2xjz8UFbYWPz3yqf8/Eptj7PpgPmHx+lOvEln0RFo1SDlW:Xrfo5AUF1PDyqf/BtlEl0zo1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3056	Unicorn-30057.exe
1972	Unicorn-7389.exe
2480	Unicorn-65313.exe
2788	Unicorn-29995.exe
2576	Unicorn-30741.exe
2948	Unicorn-19881.exe
2736	Unicorn-26002.exe
2128	Unicorn-43591.exe
1124	Unicorn-3134.exe
2820	Unicorn-5251.exe
2816	Unicorn-27730.exe
2752	Unicorn-29777.exe
2120	Unicorn-48614.exe
1624	Unicorn-2942.exe
1536	Unicorn-42148.exe
2188	Unicorn-43674.exe
780	Unicorn-48889.exe
1176	Unicorn-58640.exe
2144	Unicorn-13523.exe
356	Unicorn-59195.exe
2248	Unicorn-15369.exe
2276	Unicorn-37836.exe
2240	Unicorn-49273.exe
344	Unicorn-50664.exe
1484	Unicorn-54648.exe
2360	Unicorn-51848.exe
1832	Unicorn-33871.exe
1220	Unicorn-34136.exe
2708	Unicorn-65417.exe
2776	Unicorn-43264.exe
2880	Unicorn-30497.exe
1052	Unicorn-35973.exe
2588	Unicorn-52885.exe
2508	Unicorn-46755.exe
1416	Unicorn-53632.exe
1872	Unicorn-36549.exe
1780	Unicorn-40441.exe
2840	Unicorn-40176.exe
2912	Unicorn-155.exe
2404	Unicorn-18459.exe
2108	Unicorn-49740.exe
2092	Unicorn-30711.exe
912	Unicorn-8899.exe
828	Unicorn-10674.exe
2256	Unicorn-10674.exe
1312	Unicorn-49569.exe
788	Unicorn-56975.exe
1428	Unicorn-3683.exe
1432	Unicorn-49661.exe
2412	Unicorn-37317.exe
2040	Unicorn-37317.exe
236	Unicorn-26910.exe
2500	Unicorn-13175.exe
1032	Unicorn-10793.exe
2544	Unicorn-4928.exe
2884	Unicorn-11058.exe
1580	Unicorn-11058.exe
2052	Unicorn-11058.exe
2696	Unicorn-42339.exe
3004	Unicorn-23311.exe
2116	Unicorn-3253.exe
1776	Unicorn-33425.exe
2936	Unicorn-15072.exe
2964	Unicorn-34938.exe

Loads dropped DLL 64 IoCs

pid	Process
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
3056	Unicorn-30057.exe
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
3056	Unicorn-30057.exe
1972	Unicorn-7389.exe
1972	Unicorn-7389.exe
3056	Unicorn-30057.exe
3056	Unicorn-30057.exe
2480	Unicorn-65313.exe
2480	Unicorn-65313.exe
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
2788	Unicorn-29995.exe
2788	Unicorn-29995.exe
1972	Unicorn-7389.exe
2576	Unicorn-30741.exe
1972	Unicorn-7389.exe
2576	Unicorn-30741.exe
3056	Unicorn-30057.exe
3056	Unicorn-30057.exe
2948	Unicorn-19881.exe
2948	Unicorn-19881.exe
2736	Unicorn-26002.exe
2480	Unicorn-65313.exe
2480	Unicorn-65313.exe
2736	Unicorn-26002.exe
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
2128	Unicorn-43591.exe
2128	Unicorn-43591.exe
2788	Unicorn-29995.exe
2788	Unicorn-29995.exe
1124	Unicorn-3134.exe
1124	Unicorn-3134.exe
2820	Unicorn-5251.exe
2820	Unicorn-5251.exe
2576	Unicorn-30741.exe
2576	Unicorn-30741.exe
1972	Unicorn-7389.exe
1972	Unicorn-7389.exe
2752	Unicorn-29777.exe
2752	Unicorn-29777.exe
2948	Unicorn-19881.exe
2948	Unicorn-19881.exe
2816	Unicorn-27730.exe
2816	Unicorn-27730.exe
2232	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
2132	WerFault.exe
2132	WerFault.exe
2132	WerFault.exe
2132	WerFault.exe
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
2480	Unicorn-65313.exe
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
2480	Unicorn-65313.exe
1624	Unicorn-2942.exe
3056	Unicorn-30057.exe
2736	Unicorn-26002.exe
1624	Unicorn-2942.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2232	1536	WerFault.exe	45
2132	2120	WerFault.exe	44
1896	2840	WerFault.exe	70
2556	2936	WerFault.exe	96
2456	912	WerFault.exe	75
1960	1732	WerFault.exe	118
3844	2880	WerFault.exe	63
3516	356	WerFault.exe	50
3548	2104	WerFault.exe	98
3596	1532	WerFault.exe	158
4000	3064	WerFault.exe	141
3964	2688	WerFault.exe	157
4140	536	WerFault.exe	116
4156	3004	WerFault.exe	92
4172	2412	WerFault.exe	82
4180	2328	WerFault.exe	124
4212	2092	WerFault.exe	74
4684	1016	WerFault.exe	148
5004	2804	WerFault.exe	121
4996	820	WerFault.exe	117
4980	1884	WerFault.exe	132
4960	1052	WerFault.exe	64
4948	2500	WerFault.exe	86
1468	2508	WerFault.exe	66
936	2596	WerFault.exe	153
5140	2876	WerFault.exe	151
5988	112	WerFault.exe	97
5980	2108	WerFault.exe	73
5972	2736	WerFault.exe	37
5964	348	WerFault.exe	143
5948	1872	WerFault.exe	68
5932	1032	WerFault.exe	87
5892	2972	WerFault.exe	139
5872	2544	WerFault.exe	85
5864	1548	WerFault.exe	149
5828	2812	WerFault.exe	145
5816	1440	WerFault.exe	160
5804	1584	WerFault.exe	147
5996	788	WerFault.exe	79
5388	2052	WerFault.exe	90
5376	1780	WerFault.exe	69
5404	2776	WerFault.exe	62
5420	2708	WerFault.exe	61
5356	2208	WerFault.exe	109
5344	2884	WerFault.exe	88
5428	1176	WerFault.exe	48
5332	2912	WerFault.exe	71
5324	2752	WerFault.exe	42
5316	2820	WerFault.exe	39
5284	1624	WerFault.exe	43
572	284	WerFault.exe	127
2464	2856	WerFault.exe	135
6940	2480	WerFault.exe	33
7008	2564	WerFault.exe	115
7216	2944	WerFault.exe	156
7228	376	WerFault.exe	144
7340	2240	WerFault.exe	53
8152	1428	WerFault.exe	80
8168	828	WerFault.exe	76
8184	660	WerFault.exe	102
7040	2372	WerFault.exe	106
7196	1540	WerFault.exe	126
7588	2204	WerFault.exe	110
7696	1560	WerFault.exe	130

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56418.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
3056	Unicorn-30057.exe
1972	Unicorn-7389.exe
2480	Unicorn-65313.exe
2788	Unicorn-29995.exe
2576	Unicorn-30741.exe
2948	Unicorn-19881.exe
2736	Unicorn-26002.exe
2128	Unicorn-43591.exe
1124	Unicorn-3134.exe
2820	Unicorn-5251.exe
2752	Unicorn-29777.exe
2120	Unicorn-48614.exe
2816	Unicorn-27730.exe
1536	Unicorn-42148.exe
1624	Unicorn-2942.exe
2188	Unicorn-43674.exe
356	Unicorn-59195.exe
2144	Unicorn-13523.exe
1176	Unicorn-58640.exe
2276	Unicorn-37836.exe
780	Unicorn-48889.exe
2248	Unicorn-15369.exe
344	Unicorn-50664.exe
2240	Unicorn-49273.exe
2360	Unicorn-51848.exe
1832	Unicorn-33871.exe
1220	Unicorn-34136.exe
1484	Unicorn-54648.exe
2708	Unicorn-65417.exe
2776	Unicorn-43264.exe
2880	Unicorn-30497.exe
1052	Unicorn-35973.exe
2508	Unicorn-46755.exe
1780	Unicorn-40441.exe
1872	Unicorn-36549.exe
2588	Unicorn-52885.exe
2840	Unicorn-40176.exe
1416	Unicorn-53632.exe
2912	Unicorn-155.exe
2404	Unicorn-18459.exe
2092	Unicorn-30711.exe
2108	Unicorn-49740.exe
912	Unicorn-8899.exe
828	Unicorn-10674.exe
2256	Unicorn-10674.exe
1312	Unicorn-49569.exe
788	Unicorn-56975.exe
2412	Unicorn-37317.exe
1580	Unicorn-11058.exe
2040	Unicorn-37317.exe
2884	Unicorn-11058.exe
1428	Unicorn-3683.exe
3004	Unicorn-23311.exe
1432	Unicorn-49661.exe
2544	Unicorn-4928.exe
2052	Unicorn-11058.exe
236	Unicorn-26910.exe
2500	Unicorn-13175.exe
2696	Unicorn-42339.exe
2116	Unicorn-3253.exe
1776	Unicorn-33425.exe
2936	Unicorn-15072.exe
2964	Unicorn-34938.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 3056	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	31
PID 3024 wrote to memory of 3056	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	31
PID 3024 wrote to memory of 3056	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	31
PID 3024 wrote to memory of 3056	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	31
PID 3024 wrote to memory of 2480	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	33
PID 3024 wrote to memory of 2480	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	33
PID 3024 wrote to memory of 2480	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	33
PID 3024 wrote to memory of 2480	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	33
PID 3056 wrote to memory of 1972	3056	Unicorn-30057.exe	32
PID 3056 wrote to memory of 1972	3056	Unicorn-30057.exe	32
PID 3056 wrote to memory of 1972	3056	Unicorn-30057.exe	32
PID 3056 wrote to memory of 1972	3056	Unicorn-30057.exe	32
PID 1972 wrote to memory of 2788	1972	Unicorn-7389.exe	34
PID 1972 wrote to memory of 2788	1972	Unicorn-7389.exe	34
PID 1972 wrote to memory of 2788	1972	Unicorn-7389.exe	34
PID 1972 wrote to memory of 2788	1972	Unicorn-7389.exe	34
PID 3056 wrote to memory of 2576	3056	Unicorn-30057.exe	35
PID 3056 wrote to memory of 2576	3056	Unicorn-30057.exe	35
PID 3056 wrote to memory of 2576	3056	Unicorn-30057.exe	35
PID 3056 wrote to memory of 2576	3056	Unicorn-30057.exe	35
PID 2480 wrote to memory of 2948	2480	Unicorn-65313.exe	36
PID 2480 wrote to memory of 2948	2480	Unicorn-65313.exe	36
PID 2480 wrote to memory of 2948	2480	Unicorn-65313.exe	36
PID 2480 wrote to memory of 2948	2480	Unicorn-65313.exe	36
PID 3024 wrote to memory of 2736	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	37
PID 3024 wrote to memory of 2736	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	37
PID 3024 wrote to memory of 2736	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	37
PID 3024 wrote to memory of 2736	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	37
PID 2788 wrote to memory of 2128	2788	Unicorn-29995.exe	38
PID 2788 wrote to memory of 2128	2788	Unicorn-29995.exe	38
PID 2788 wrote to memory of 2128	2788	Unicorn-29995.exe	38
PID 2788 wrote to memory of 2128	2788	Unicorn-29995.exe	38
PID 1972 wrote to memory of 2820	1972	Unicorn-7389.exe	39
PID 1972 wrote to memory of 2820	1972	Unicorn-7389.exe	39
PID 1972 wrote to memory of 2820	1972	Unicorn-7389.exe	39
PID 1972 wrote to memory of 2820	1972	Unicorn-7389.exe	39
PID 2576 wrote to memory of 1124	2576	Unicorn-30741.exe	40
PID 2576 wrote to memory of 1124	2576	Unicorn-30741.exe	40
PID 2576 wrote to memory of 1124	2576	Unicorn-30741.exe	40
PID 2576 wrote to memory of 1124	2576	Unicorn-30741.exe	40
PID 3056 wrote to memory of 2816	3056	Unicorn-30057.exe	41
PID 3056 wrote to memory of 2816	3056	Unicorn-30057.exe	41
PID 3056 wrote to memory of 2816	3056	Unicorn-30057.exe	41
PID 3056 wrote to memory of 2816	3056	Unicorn-30057.exe	41
PID 2948 wrote to memory of 2752	2948	Unicorn-19881.exe	42
PID 2948 wrote to memory of 2752	2948	Unicorn-19881.exe	42
PID 2948 wrote to memory of 2752	2948	Unicorn-19881.exe	42
PID 2948 wrote to memory of 2752	2948	Unicorn-19881.exe	42
PID 2736 wrote to memory of 1624	2736	Unicorn-26002.exe	43
PID 2736 wrote to memory of 1624	2736	Unicorn-26002.exe	43
PID 2736 wrote to memory of 1624	2736	Unicorn-26002.exe	43
PID 2736 wrote to memory of 1624	2736	Unicorn-26002.exe	43
PID 2480 wrote to memory of 2120	2480	Unicorn-65313.exe	44
PID 2480 wrote to memory of 2120	2480	Unicorn-65313.exe	44
PID 2480 wrote to memory of 2120	2480	Unicorn-65313.exe	44
PID 2480 wrote to memory of 2120	2480	Unicorn-65313.exe	44
PID 3024 wrote to memory of 1536	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	45
PID 3024 wrote to memory of 1536	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	45
PID 3024 wrote to memory of 1536	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	45
PID 3024 wrote to memory of 1536	3024	83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe	45
PID 2128 wrote to memory of 2188	2128	Unicorn-43591.exe	46
PID 2128 wrote to memory of 2188	2128	Unicorn-43591.exe	46
PID 2128 wrote to memory of 2188	2128	Unicorn-43591.exe	46
PID 2128 wrote to memory of 2188	2128	Unicorn-43591.exe	46

C:\Users\Admin\AppData\Local\Temp\83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe
"C:\Users\Admin\AppData\Local\Temp\83b53b0257d65872d9c49bdfd4d5f2f3baa37968c9fffdee7f077ac5af4230de.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43591.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
        9⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        10⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        10⤵
        Program crash
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
        9⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        9⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        9⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        9⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        9⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8030.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18686.exe
        10⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
        10⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        9⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
        9⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        9⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        9⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        9⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38652.exe
        8⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
        9⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
        9⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
        9⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
        8⤵
        Program crash
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
        9⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        9⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
        9⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        8⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        8⤵
        Program crash
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        8⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
        8⤵
        Program crash
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        7⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        7⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
        8⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 220
        9⤵
        Program crash
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38668.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17095.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe
        8⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        8⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 220
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
        7⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        8⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 216
        8⤵
        Program crash
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        7⤵
        Program crash
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        6⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7470.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        8⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        7⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62441.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        7⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        7⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        6⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        6⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        6⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        6⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        9⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        8⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
        8⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        7⤵
        Program crash
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        6⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        8⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        7⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        7⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        7⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32969.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        7⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
        6⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        6⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
        7⤵
        Program crash
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        6⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        6⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        6⤵
        
        PID:3156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        6⤵
        Program crash
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
        5⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18235.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        5⤵
        
        PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        7⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12841.exe
        9⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32744.exe
        10⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 216
        9⤵
        Program crash
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        9⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 236
        8⤵
        Program crash
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        8⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        9⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        8⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 220
        8⤵
        Program crash
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
        8⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
        7⤵
        Program crash
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        6⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        8⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 216
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        7⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        7⤵
        
        PID:10600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        6⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        6⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
        6⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        6⤵
        Program crash
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48133.exe
        5⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        7⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 216
        7⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        6⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        6⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        6⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
        6⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26292.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        6⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        5⤵
        
        PID:4436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        5⤵
        Program crash
        
        PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24824.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        8⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        8⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        8⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        7⤵
        Program crash
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
        6⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        7⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        6⤵
        
        PID:3680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
        6⤵
        Program crash
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        5⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        8⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        8⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        7⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        7⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        6⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        6⤵
        
        PID:8132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        6⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
        5⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        6⤵
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        6⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
        6⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28346.exe
        5⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56823.exe
        5⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
        5⤵
        
        PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        5⤵
        Program crash
        
        PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        5⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        6⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        6⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        5⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        5⤵
        
        PID:6572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
        5⤵
        Program crash
        
        PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
      4⤵
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24176.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        5⤵
        
        PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
      4⤵
      PID:984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
      4⤵
      PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
      4⤵
      PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
      4⤵
      PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
      4⤵
      PID:11036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        9⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        9⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        9⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        8⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        8⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        8⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        8⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26395.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        8⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
        8⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
        8⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        8⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        7⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
        7⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        6⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        8⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        8⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        7⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
        7⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        7⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
        7⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        6⤵
        
        PID:4264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 240
        6⤵
        Program crash
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17194.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        7⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        6⤵
        
        PID:3828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        6⤵
        Program crash
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49126.exe
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        6⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        5⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        5⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        5⤵
        
        PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
        5⤵
        
        PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59195.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        9⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        8⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        8⤵
        Program crash
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        8⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        7⤵
        Program crash
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53941.exe
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21861.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
        6⤵
        
        PID:3464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
        6⤵
        Program crash
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        6⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22888.exe
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        7⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        6⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        6⤵
        
        PID:9328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        6⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32100.exe
        6⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52385.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        6⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
        5⤵
        Program crash
        
        PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        6⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        7⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
        7⤵
        Program crash
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        6⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        6⤵
        
        PID:7308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        6⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10360.exe
        5⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23672.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        6⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32019.exe
        6⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        5⤵
        Program crash
        
        PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
      4⤵
      PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        5⤵
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        6⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
        5⤵
        
        PID:3892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 220
        5⤵
        Program crash
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        5⤵
        
        PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        5⤵
        
        PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
      4⤵
      PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
      4⤵
      PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
      4⤵
      PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58643.exe
      4⤵
      PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
      4⤵
      PID:10336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50664.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        7⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
        8⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
        8⤵
        Program crash
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10005.exe
        7⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        7⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31215.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        6⤵
        
        PID:4304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        6⤵
        Program crash
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        6⤵
        Program crash
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        6⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        6⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        6⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
        6⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
        5⤵
        
        PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17123.exe
        5⤵
        
        PID:284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55773.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60931.exe
        7⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        6⤵
        
        PID:4408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
        6⤵
        Program crash
        
        PID:572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35302.exe
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        6⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        5⤵
        
        PID:4368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        5⤵
        Program crash
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
      4⤵
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        5⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44571.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        5⤵
        
        PID:10100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
      4⤵
      PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
      4⤵
      PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
      4⤵
      PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
      4⤵
      PID:10396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18877.exe
        5⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        7⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        6⤵
        
        PID:6592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        6⤵
        Program crash
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        6⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
        5⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8824.exe
      4⤵
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        5⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        5⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        5⤵
        
        PID:7316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        5⤵
        
        PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49882.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50288.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
      4⤵
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1569.exe
      4⤵
      PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
      4⤵
      PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
      4⤵
      PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
      4⤵
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14205.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        5⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        5⤵
        
        PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
      4⤵
      PID:3792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
      4⤵
      Program crash
      PID:5996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
    3⤵
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
      4⤵
      PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
      4⤵
      PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2115.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
    3⤵
    PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
    3⤵
    PID:5940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
    3⤵
    PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
    3⤵
    PID:8268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
    3⤵
    PID:9316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
    3⤵
    PID:11044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        7⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        9⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        9⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        9⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        9⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        9⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        8⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
        7⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 216
        8⤵
        Program crash
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63233.exe
        7⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56982.exe
        6⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        8⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        8⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        7⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        7⤵
        Program crash
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        7⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
        6⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        6⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        6⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
        6⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 216
        8⤵
        Program crash
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        7⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
        7⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
        7⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8030.exe
        6⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34217.exe
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        8⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63967.exe
        8⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        8⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
        7⤵
        Program crash
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        6⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        6⤵
        
        PID:7348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
        6⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        5⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
        6⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        7⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 216
        7⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        6⤵
        
        PID:4424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        6⤵
        Program crash
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        6⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        5⤵
        
        PID:4108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        5⤵
        Program crash
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
        7⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
        7⤵
        Program crash
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        6⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        6⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        5⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        6⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        6⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        6⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        5⤵
        
        PID:6840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        5⤵
        Program crash
        
        PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        5⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        6⤵
        
        PID:7520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 216
        6⤵
        
        PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        5⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        5⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        5⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        5⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        5⤵
        
        PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
      4⤵
      PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
      4⤵
      PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
      4⤵
      PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
      4⤵
      PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
      4⤵
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
      4⤵
      PID:11204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
        5⤵
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        6⤵
        
        PID:3224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 216
        6⤵
        Program crash
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        5⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26548.exe
        6⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        5⤵
        
        PID:4200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        5⤵
        Program crash
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        5⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
        5⤵
        
        PID:7376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        5⤵
        
        PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
      4⤵
      PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
      4⤵
      PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
      4⤵
      PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
      4⤵
      PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
      4⤵
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
      4⤵
      PID:10420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
    3⤵
    - Executes dropped EXE
    PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
      4⤵
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        5⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
        5⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10606.exe
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
        5⤵
        
        PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
      4⤵
      PID:3760
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
      4⤵
      Program crash
      PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
    3⤵
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
      4⤵
      PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
      4⤵
      PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
      4⤵
      PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
    3⤵
    PID:3688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
    3⤵
    - Program crash
    PID:6940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34136.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        6⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        7⤵
        Program crash
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        6⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        6⤵
        
        PID:7300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        6⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        5⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        6⤵
        
        PID:3260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
        6⤵
        Program crash
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63233.exe
        5⤵
        
        PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42339.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        7⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        6⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        6⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        6⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        5⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        6⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        5⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46488.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
        5⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        5⤵
        
        PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
      4⤵
      PID:1732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        5⤵
        Program crash
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
      4⤵
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
        5⤵
        
        PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
      4⤵
      PID:4416
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
      4⤵
      Program crash
      PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65417.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        5⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        7⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
        6⤵
        
        PID:5384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        6⤵
        Program crash
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        5⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        6⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        5⤵
        
        PID:4220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        5⤵
        Program crash
        
        PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
      4⤵
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
        5⤵
        
        PID:3520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
        5⤵
        Program crash
        
        PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
      4⤵
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
      4⤵
      PID:4352
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
      4⤵
      Program crash
      PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        5⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        6⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        5⤵
        Program crash
        
        PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
      4⤵
      PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        5⤵
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        5⤵
        
        PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
      4⤵
      PID:3668
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
      4⤵
      Program crash
      PID:5872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
    3⤵
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
      4⤵
      PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
      4⤵
      PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
      4⤵
      PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
      4⤵
      PID:10840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
    3⤵
    PID:3876
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
    3⤵
    - Program crash
    PID:5972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
      4⤵
      PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        5⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        5⤵
        
        PID:10496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
      4⤵
      PID:6452
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
      4⤵
      Program crash
      PID:8168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
    3⤵
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1907.exe
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
      4⤵
      PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55166.exe
      4⤵
      PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
      4⤵
      PID:8016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
      4⤵
      PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
      4⤵
      PID:11212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
    3⤵
    PID:3948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
    3⤵
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
    3⤵
    PID:6444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
    3⤵
    PID:7332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
    3⤵
    PID:8776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
    3⤵
    PID:10144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
    3⤵
    PID:11104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
    3⤵
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
      4⤵
      PID:3264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
      4⤵
      Program crash
      PID:5004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
    3⤵
    PID:5768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
    3⤵
    PID:6504
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 216
    3⤵
    - Program crash
    PID:8152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44903.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44903.exe
  2⤵
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16879.exe
    3⤵
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
      4⤵
      PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
      4⤵
      PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
      4⤵
      PID:10608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
    3⤵
    PID:4272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
    3⤵
    PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
    3⤵
    PID:8832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
    3⤵
    PID:10204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
    3⤵
    PID:11096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
  2⤵
  PID:1412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
    3⤵
    PID:9192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
    3⤵
    PID:9532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
  2⤵
  PID:4228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
  2⤵
  PID:5556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
  2⤵
  PID:6544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
  2⤵
  PID:7272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
  2⤵
  PID:8768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
  2⤵
  PID:10172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:11164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe

Filesize
468KB

MD5
4b570cf32e7dcec92784ccbed5722d0b

SHA1
b199dfffde1f63b213777b4478211e484fd3fee9

SHA256
509955b8ec30315425b4bc3a8cb4b022415f57b0a762108a8c8de055e4cf591b

SHA512
7dd9c1f44001474048c030a0c285b3fc2c87df6de927d565a5d8236302db4b0c73ea0799e2e9a3460cd175da737d1ae136e2abe0a2ec383116e2746c2b3c7638

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24176.exe

Filesize
468KB

MD5
069ddb683c7bea8ba7454fdb35980997

SHA1
df1719f3e1d22850a424d8ee00e2d712a57a694e

SHA256
c2f40ea695f799e493ea5c925268824ace79322a738789286a2e7b780af177c5

SHA512
40895258988bc387a693df6182a1e5790bc036574b016e7dffe39ed7335a271e483470244df81ad435a4fb32df7dd1aeb2bef6e3a9e37b5e7a00184344656054

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe

Filesize
468KB

MD5
088fda0956c23e0c73ee7b1d8d520895

SHA1
22efe725f5636a5264593cd3272fffa71c4bc6ab

SHA256
f96324ab249f668c0fa9c892f7ea0586647324b18db35daa8259dcf8c56316b5

SHA512
bd8d3e25c47c7fcfb415cce92af8e41a8448d784a2a0c22e07427fb7df13f04400a569e342e60c89d85a13a5ad88f39eb5c18f835a6903237dad3081231f4794

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe

Filesize
468KB

MD5
c9d00ae1249a02b7a5c557f8c4878d2b

SHA1
64402ef3a9ba00eaa5a630d2e430e1e468877f5f

SHA256
0675c1ceef1e53ccef5409b27dd9e556daf7c8aee8d672382b25d43da6df44ff

SHA512
0cf01987237ccf4a134aa0db5bb5ddb28b876260a24c277280a437f2c211d04811179d11b74e528b9880feb126dcf3f5fa5eb6946eb02ceb5e7b5b3c93a69b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe

Filesize
468KB

MD5
841f66dde093dca45bdb2d76fedae064

SHA1
39cc1fbfc400d9e971c6eacf3be051521b7b97e8

SHA256
1ecc8fa469df47514e0bdb50b85499ec42fa10aa9dd41d85d60d27d7700014af

SHA512
94e4d04a2e31e2eb4ef9b5b119c31df5e075d4418223fa95a5d1f9044f6ea7a1db25c4d0f3f77caef6a670f6bdb721ad1974fe1966c2d4f9ff4956da7635d1c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe

Filesize
468KB

MD5
74008f8ed974d28be8976f7e54bba03b

SHA1
7aaea0048b5d3e83f3f36cc01edbbf7916a572e4

SHA256
335a924fc08c88982028989db1b530e0c7be78ca5280c5bfbd35662eb6aa5b0c

SHA512
374e0d1b9999b02f7a3ae8f1dc7caa1467b8d2a80f58063458c9c988d17ea7ea99df6e3fdcf97d4ef6eaf800f7bea39399060f18e14994bc80aa78d57693effd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe

Filesize
468KB

MD5
ebec2df4e6a49286f0427983e0367045

SHA1
6de52f40b78eab052a550a812a7b161ae088afe6

SHA256
8907a935433154bc3647e2e279996f4a3063e276e6d7269e79d8d85ad1f47c8f

SHA512
0ce6129cde8de08b71d50b96643b3ea02ce61314d337e0a9f087e3d87ad13af824ce4e213d492af04d0250ec943c755a00b00c21601ecbe820bbdbd8620d200c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43591.exe

Filesize
468KB

MD5
0c61c86b74f3706485af6f369aa7a920

SHA1
4a45760c6768c8b057fd1f1191cb33fac7c93d8e

SHA256
27214073cd56c9605ac268cb76de20e71f379d61e2bbdad90970df99d7d686fb

SHA512
99be575e7de0610c3e07875d7218c9036ee2a3ba668b8d525a535343b0db363cbc79bf76bf88dcfd356dff72a3be0fab131c3064832df960a915eebdc5560817

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe

Filesize
468KB

MD5
7f69693781d17eab39e49ff0e59b8712

SHA1
07c5d60adc0a075646a4eadb26ef8d8952039a81

SHA256
eeece666bb1fe28dc4dd1492214f3a83c3d7a044a6b31fa66a11d3498a94dca5

SHA512
d1a1c03829bc7ee802c385339720af5f34b0e242eef896ba41d5f132e5e9ebc74e5f7debe246939786e61713c727b9862fdd5abe9b883830b4d55ef7a18f65d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe

Filesize
468KB

MD5
9cbb15a55fdb99e9d2e111858781c4d9

SHA1
a661cd47411ff02584d09b4689d3ff23ec88c52c

SHA256
fb02c37968e450119433db846e8d0988f7bc17cfaa9687accb9276bd3df62053

SHA512
8805f1383aa6551a5b3a1293e08c95064e7f3d3ae905ea95de8b7ccd703b90334cbc35d5c84be52bd94d4fc9f7f8038ae2a14bafbeaf1c320008e7d8c3c9cf82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe

Filesize
468KB

MD5
9b0e80b9cd19f543b01bd38aaf5563be

SHA1
53d0b1baac6fa5581187aa22ecc15328cfdf8b02

SHA256
2887379f104483f23f2f9f1fa0f30fa52a866550647dddbe7a14ad50d4661c5c

SHA512
20ec94eaac42c7efe7857fcec68122737d0575110ac03c6341f8ceed0fcd3e61602903b16397dd5a9cbe3d92c9f1e0b654d74c4731299de6598d312edf252c12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe

Filesize
468KB

MD5
a04a24c710f1ff31deb829dede38b26e

SHA1
0c549973eb727912a592e42af5dce7dcf7bcd397

SHA256
25b935484eaccda5ba77cbbece473cfde0c5b4812155bff8c190927e5c893253

SHA512
6dd2938f0e8b0391ff5fdbfd2f82dfbd567412c889bc48c5c0e8e052638af8e6e8faaa01cda7caf842be5d593bb9ec199c95f3ee16e5e7da1b826d3b0a5bbdf8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe

Filesize
468KB

MD5
4209e0d932fdc4457d88ce3abd671f12

SHA1
924d691f5682492b062af8aa3c41f66d187ada3c

SHA256
6ca03793c71d3029953247f3b6d1396a117dc54c8e85568045a930d2d4498710

SHA512
c0b28388cc5d5f0a6fc83ec0d50f009f4e343b3486998551624c7f668198a251aac13bf4b6b36b2eed400020d3ca76be188bebab3968357feacf30e6e92598fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe

Filesize
468KB

MD5
879844b723945935648c42e2296d4825

SHA1
0eb93ae50516f9103435d7937ebaafed3f9c2bbc

SHA256
7abc7bdd7aebb56f7711d47994f97c8c8d796e4c4b5abc4a2ecacc9464e96109

SHA512
69f33a98e564c7562ceefe268050462b6bb7324ef03ca722ae91e238fe50826c5bb273753ac5aec5975feac894edc23a54545579a9369fe284ecf5db3d24ed13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe

Filesize
468KB

MD5
183afc74ff7a9e41df6a6d66af6521f1

SHA1
6295adffd801bc05dd6cec7d1b394d6d8fe58d32

SHA256
679ab5c241eab17d99b4e0ba8cd216efabfd60cfe27dd4a9545e8c965e70584d

SHA512
459cba393138c40cfc20364d50e64ce2dc1f44b8af04bcf57098bea69176b6b604b01d610d00a4a0485630f815a7746234a6eb0c2c3613b9e720ee98faf654b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe

Filesize
468KB

MD5
3c3552ac0ee9658a0c6bdf0b4369658d

SHA1
6d78c0948356411d0594c1b580160e9b0018c474

SHA256
504c185701fc43d66d108cc37c8e768ecc9c69eaf4adcc9dca1638d58bc20bbf

SHA512
12b88f1c460a810643eaf74478b28a5f1e365123f4db0faaacf05a4ff89ef85cfbead0da1267cc4ddfde05ca03b80384c6740c42d608d7e682c9d610f303fd31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe

Filesize
468KB

MD5
c008ce11c7c3b5ebc2852efcaf17a2d2

SHA1
66eb673ece3d4da6a5171993dec31f618005b5ab

SHA256
f49734b7d7e9d72962d564b8bc91e817a16ba8cb78debf07a61daf79c0243aab

SHA512
51d3cf1e086e5c410381bedfdac2e30af51084d04e057016c5b6bfbf6baf4d3bb757e35bbe5138402ac4058f11ad159d6be82705089a397c2748eb0ac92805a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe

Filesize
468KB

MD5
4d4b5cbed657ef070ae5463b1c337633

SHA1
63cf12e8928768a9c63ea9b3b7afee9a1702ed45

SHA256
6970c664bd2c7fd71f981f29eebeb9d389fa2a29305ff037e2a259c4cd050579

SHA512
bd32b5ac3f7ce749bf4856490d56e085c3b43d394c8aa11e49f4aedf226f94974c5fd841cd28e99df3777e10f4bf984ed4adb5523b2342e700286532f6da3f46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe

Filesize
468KB

MD5
11e9cdf2b88ffb6351fbfd500c4117be

SHA1
648dfedc3dc6c7d9583eb16b0cc19b9798e76214

SHA256
cc3aad5464333bec7f4718b610e437fc3f96c4e5c7ada03d0ce9ac41d2cca77f

SHA512
030e65c9f8d5cadd13dc0f6c946b078268a5fc0e384032cec4a123564f334127ef9ee4fc0ae6cef90b176b49508a95aa60b159e7bba2e864ab9d988ca2affd89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe

Filesize
468KB

MD5
538c1d23ed8a936f83fca91f4746ba47

SHA1
ecbef2cd789cf6615bede0457663e36c73b018a5

SHA256
92ce1f8c9411371f20084d96301d7d178d6841d1f23fe066e2870a391049840a

SHA512
5c13f9212e3663f48d18275de6169040a8995581e39f5e7d6ddb452fbf1939792ea3b7f8adb5c27b730fa0b5a19ca4010439957b198ad4ad9e86fc2c4cebb7a2

Download Submit
memory/344-416-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/356-363-0x0000000002350000-0x00000000023C5000-memory.dmp

Filesize
468KB

Download
memory/780-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1052-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1124-116-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1124-218-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/1124-224-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/1176-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1220-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1416-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1484-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1536-185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1624-324-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/1624-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1624-321-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/1780-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1832-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1872-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1972-243-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/1972-420-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/1972-247-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/1972-418-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/1972-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1972-46-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/1972-104-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/2120-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2128-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2128-355-0x0000000002710000-0x0000000002785000-memory.dmp

Filesize
468KB

Download
memory/2128-198-0x0000000002710000-0x0000000002785000-memory.dmp

Filesize
468KB

Download
memory/2128-201-0x0000000002710000-0x0000000002785000-memory.dmp

Filesize
468KB

Download
memory/2144-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2188-345-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/2188-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2188-341-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/2240-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-397-0x0000000002520000-0x0000000002595000-memory.dmp

Filesize
468KB

Download
memory/2248-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-404-0x0000000002520000-0x0000000002595000-memory.dmp

Filesize
468KB

Download
memory/2276-379-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2276-380-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2276-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2360-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-155-0x0000000001F60000-0x0000000001FD5000-memory.dmp

Filesize
468KB

Download
memory/2480-65-0x0000000001F60000-0x0000000001FD5000-memory.dmp

Filesize
468KB

Download
memory/2480-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-298-0x0000000001F60000-0x0000000001FD5000-memory.dmp

Filesize
468KB

Download
memory/2480-166-0x0000000001F60000-0x0000000001FD5000-memory.dmp

Filesize
468KB

Download
memory/2508-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2576-236-0x00000000023B0000-0x0000000002425000-memory.dmp

Filesize
468KB

Download
memory/2576-382-0x00000000023B0000-0x0000000002425000-memory.dmp

Filesize
468KB

Download
memory/2576-383-0x00000000023B0000-0x0000000002425000-memory.dmp

Filesize
468KB

Download
memory/2576-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-326-0x0000000000680000-0x00000000006F5000-memory.dmp

Filesize
468KB

Download
memory/2736-152-0x0000000000680000-0x00000000006F5000-memory.dmp

Filesize
468KB

Download
memory/2736-167-0x0000000000680000-0x00000000006F5000-memory.dmp

Filesize
468KB

Download
memory/2736-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-323-0x0000000000680000-0x00000000006F5000-memory.dmp

Filesize
468KB

Download
memory/2752-147-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2752-254-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/2752-258-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/2752-392-0x00000000031F0000-0x0000000003265000-memory.dmp

Filesize
468KB

Download
memory/2776-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-206-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2788-211-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2788-95-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2816-286-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/2816-281-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/2820-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-235-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2820-233-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2840-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2880-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2948-146-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2948-145-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2948-275-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2948-274-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/3024-186-0x0000000002850000-0x00000000028C5000-memory.dmp

Filesize
468KB

Download
memory/3024-184-0x0000000002850000-0x00000000028C5000-memory.dmp

Filesize
468KB

Download
memory/3024-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-11-0x0000000003380000-0x00000000033F5000-memory.dmp

Filesize
468KB

Download
memory/3024-12-0x0000000002850000-0x00000000028C5000-memory.dmp

Filesize
468KB

Download
memory/3024-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-297-0x0000000002850000-0x00000000028C5000-memory.dmp

Filesize
468KB

Download
memory/3024-299-0x0000000002850000-0x00000000028C5000-memory.dmp

Filesize
468KB

Download
memory/3024-79-0x0000000002850000-0x00000000028C5000-memory.dmp

Filesize
468KB

Download
memory/3056-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3056-125-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3056-60-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3056-131-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3056-32-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3056-322-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3056-325-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download