3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
Size

468KB
MD5

8e3e39309d5777ed0660f43643f71040
SHA1

d7710123e9dceda61ba8762074b6eb3b24b60487
SHA256

3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14
SHA512

a622f70e43df55d072168c3420cc6be62827d032f1951aef966d23ccecd991568fc8e69581a89f2e925f9768b776649c16eeceb655f9874ef49873a39c8795b5
SSDEEP

3072:mrz7ogKxjz8UFbYWPz3yqf8/Eptj7PpgPmHx+lXvEln0Aco1Salk:mrfotAUF1PDyqf/BtSEl0Jo1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2076	Unicorn-58405.exe
2304	Unicorn-48696.exe
2800	Unicorn-20662.exe
2848	Unicorn-35959.exe
2872	Unicorn-19492.exe
2896	Unicorn-38381.exe
2804	Unicorn-39358.exe
2148	Unicorn-43451.exe
3036	Unicorn-38813.exe
1428	Unicorn-23546.exe
1780	Unicorn-12720.exe
1824	Unicorn-30866.exe
576	Unicorn-36997.exe
1280	Unicorn-29706.exe
1968	Unicorn-17131.exe
2264	Unicorn-46400.exe
2796	Unicorn-50742.exe
2464	Unicorn-40728.exe
1800	Unicorn-49752.exe
2812	Unicorn-18217.exe
960	Unicorn-50127.exe
2216	Unicorn-23047.exe
2528	Unicorn-42913.exe
568	Unicorn-59057.exe
3060	Unicorn-42913.exe
1956	Unicorn-39767.exe
3056	Unicorn-53503.exe
1680	Unicorn-59368.exe
784	Unicorn-59633.exe
2752	Unicorn-30526.exe
2780	Unicorn-10852.exe
2784	Unicorn-19727.exe
1096	Unicorn-34838.exe
112	Unicorn-59607.exe
1152	Unicorn-64246.exe
1460	Unicorn-45575.exe
3008	Unicorn-47914.exe
600	Unicorn-29348.exe
1456	Unicorn-50899.exe
2212	Unicorn-18404.exe
1972	Unicorn-39893.exe
1528	Unicorn-15066.exe
1684	Unicorn-45108.exe
964	Unicorn-64973.exe
1000	Unicorn-64973.exe
1384	Unicorn-59035.exe
2008	Unicorn-56235.exe
2324	Unicorn-60012.exe
588	Unicorn-65165.exe
3048	Unicorn-9716.exe
1352	Unicorn-9451.exe
2532	Unicorn-41619.exe
2712	Unicorn-9908.exe
2816	Unicorn-58917.exe
2204	Unicorn-39051.exe
2788	Unicorn-28474.exe
2632	Unicorn-18962.exe
852	Unicorn-33261.exe
2756	Unicorn-41429.exe
1644	Unicorn-5419.exe
1932	Unicorn-12321.exe
1492	Unicorn-12321.exe
1704	Unicorn-33488.exe
1500	Unicorn-53354.exe

Loads dropped DLL 64 IoCs

pid	Process
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
2076	Unicorn-58405.exe
2076	Unicorn-58405.exe
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
2304	Unicorn-48696.exe
2304	Unicorn-48696.exe
2076	Unicorn-58405.exe
2076	Unicorn-58405.exe
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
2800	Unicorn-20662.exe
2800	Unicorn-20662.exe
2848	Unicorn-35959.exe
2848	Unicorn-35959.exe
2304	Unicorn-48696.exe
2304	Unicorn-48696.exe
2896	Unicorn-38381.exe
2896	Unicorn-38381.exe
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
2872	Unicorn-19492.exe
2872	Unicorn-19492.exe
2076	Unicorn-58405.exe
2800	Unicorn-20662.exe
2076	Unicorn-58405.exe
2800	Unicorn-20662.exe
2804	Unicorn-39358.exe
2804	Unicorn-39358.exe
2148	Unicorn-43451.exe
2148	Unicorn-43451.exe
2304	Unicorn-48696.exe
2304	Unicorn-48696.exe
576	Unicorn-36997.exe
576	Unicorn-36997.exe
2804	Unicorn-39358.exe
2804	Unicorn-39358.exe
1780	Unicorn-12720.exe
1780	Unicorn-12720.exe
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
3036	Unicorn-38813.exe
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
3036	Unicorn-38813.exe
2848	Unicorn-35959.exe
1968	Unicorn-17131.exe
2848	Unicorn-35959.exe
1968	Unicorn-17131.exe
1428	Unicorn-23546.exe
1428	Unicorn-23546.exe
2076	Unicorn-58405.exe
2872	Unicorn-19492.exe
2076	Unicorn-58405.exe
2800	Unicorn-20662.exe
2872	Unicorn-19492.exe
2800	Unicorn-20662.exe
1824	Unicorn-30866.exe
1824	Unicorn-30866.exe
2560	WerFault.exe
2560	WerFault.exe
2560	WerFault.exe
2560	WerFault.exe
2700	WerFault.exe
2700	WerFault.exe

Program crash 58 IoCs

pid	pid_target	Process	procid_target
2700	2896	WerFault.exe	35
2560	1280	WerFault.exe	42
2932	2264	WerFault.exe	46
2312	600	WerFault.exe	70
2508	1932	WerFault.exe	95
780	1492	WerFault.exe	96
2200	3048	WerFault.exe	83
1620	2816	WerFault.exe	86
2288	2324	WerFault.exe	81
2136	2712	WerFault.exe	85
3652	2008	WerFault.exe	80
3956	1684	WerFault.exe	75
3256	648	WerFault.exe	102
3296	2968	WerFault.exe	181
4028	784	WerFault.exe	61
4052	568	WerFault.exe	52
4044	2780	WerFault.exe	63
3680	1948	WerFault.exe	100
3124	484	WerFault.exe	149
3184	1668	WerFault.exe	144
4112	2108	WerFault.exe	117
4156	1704	WerFault.exe	94
4544	2812	WerFault.exe	50
4148	2052	WerFault.exe	128
4144	628	WerFault.exe	101
4108	2784	WerFault.exe	64
4036	1644	WerFault.exe	92
5112	3456	WerFault.exe	200
5100	2532	WerFault.exe	84
4188	2392	WerFault.exe	105
4192	1832	WerFault.exe	140
4240	2632	WerFault.exe	89
4280	3056	WerFault.exe	59
4588	2788	WerFault.exe	88
5364	1652	WerFault.exe	150
5688	1972	WerFault.exe	73
700	2080	WerFault.exe	141
5564	2336	WerFault.exe	129
5660	2708	WerFault.exe	131
5612	1612	WerFault.exe	143
5776	1956	WerFault.exe	58
5816	1984	WerFault.exe	104
5836	2804	WerFault.exe	36
5896	1384	WerFault.exe	78
6060	904	WerFault.exe	127
6784	1680	WerFault.exe	57
6868	1456	WerFault.exe	71
6568	576	WerFault.exe	45
6180	2484	WerFault.exe	153
7712	2796	WerFault.exe	47
7756	2232	WerFault.exe	119
7780	964	WerFault.exe	77
7876	1156	WerFault.exe	157
7860	528	WerFault.exe	175
8500	688	WerFault.exe	110
8516	2252	WerFault.exe	142
8476	1500	WerFault.exe	97
8464	2140	WerFault.exe	162

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37740.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
2076	Unicorn-58405.exe
2304	Unicorn-48696.exe
2800	Unicorn-20662.exe
2848	Unicorn-35959.exe
2872	Unicorn-19492.exe
2896	Unicorn-38381.exe
2804	Unicorn-39358.exe
2148	Unicorn-43451.exe
576	Unicorn-36997.exe
1780	Unicorn-12720.exe
3036	Unicorn-38813.exe
1824	Unicorn-30866.exe
1428	Unicorn-23546.exe
1280	Unicorn-29706.exe
1968	Unicorn-17131.exe
2264	Unicorn-46400.exe
2796	Unicorn-50742.exe
2464	Unicorn-40728.exe
1800	Unicorn-49752.exe
2812	Unicorn-18217.exe
960	Unicorn-50127.exe
2528	Unicorn-42913.exe
784	Unicorn-59633.exe
2216	Unicorn-23047.exe
3056	Unicorn-53503.exe
1956	Unicorn-39767.exe
568	Unicorn-59057.exe
3060	Unicorn-42913.exe
1680	Unicorn-59368.exe
2752	Unicorn-30526.exe
2780	Unicorn-10852.exe
2784	Unicorn-19727.exe
112	Unicorn-59607.exe
1096	Unicorn-34838.exe
1152	Unicorn-64246.exe
1460	Unicorn-45575.exe
3008	Unicorn-47914.exe
600	Unicorn-29348.exe
1456	Unicorn-50899.exe
2212	Unicorn-18404.exe
1972	Unicorn-39893.exe
1528	Unicorn-15066.exe
1684	Unicorn-45108.exe
964	Unicorn-64973.exe
1000	Unicorn-64973.exe
2008	Unicorn-56235.exe
1384	Unicorn-59035.exe
2324	Unicorn-60012.exe
588	Unicorn-65165.exe
3048	Unicorn-9716.exe
1352	Unicorn-9451.exe
2532	Unicorn-41619.exe
2712	Unicorn-9908.exe
2632	Unicorn-18962.exe
2756	Unicorn-41429.exe
852	Unicorn-33261.exe
2788	Unicorn-28474.exe
2204	Unicorn-39051.exe
2816	Unicorn-58917.exe
1644	Unicorn-5419.exe
1948	Unicorn-12513.exe
1500	Unicorn-53354.exe
1704	Unicorn-33488.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2076	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	30
PID 2384 wrote to memory of 2076	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	30
PID 2384 wrote to memory of 2076	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	30
PID 2384 wrote to memory of 2076	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	30
PID 2076 wrote to memory of 2304	2076	Unicorn-58405.exe	31
PID 2076 wrote to memory of 2304	2076	Unicorn-58405.exe	31
PID 2076 wrote to memory of 2304	2076	Unicorn-58405.exe	31
PID 2076 wrote to memory of 2304	2076	Unicorn-58405.exe	31
PID 2384 wrote to memory of 2800	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	32
PID 2384 wrote to memory of 2800	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	32
PID 2384 wrote to memory of 2800	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	32
PID 2384 wrote to memory of 2800	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	32
PID 2304 wrote to memory of 2848	2304	Unicorn-48696.exe	33
PID 2304 wrote to memory of 2848	2304	Unicorn-48696.exe	33
PID 2304 wrote to memory of 2848	2304	Unicorn-48696.exe	33
PID 2304 wrote to memory of 2848	2304	Unicorn-48696.exe	33
PID 2076 wrote to memory of 2872	2076	Unicorn-58405.exe	34
PID 2076 wrote to memory of 2872	2076	Unicorn-58405.exe	34
PID 2076 wrote to memory of 2872	2076	Unicorn-58405.exe	34
PID 2076 wrote to memory of 2872	2076	Unicorn-58405.exe	34
PID 2384 wrote to memory of 2896	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	35
PID 2384 wrote to memory of 2896	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	35
PID 2384 wrote to memory of 2896	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	35
PID 2384 wrote to memory of 2896	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	35
PID 2800 wrote to memory of 2804	2800	Unicorn-20662.exe	36
PID 2800 wrote to memory of 2804	2800	Unicorn-20662.exe	36
PID 2800 wrote to memory of 2804	2800	Unicorn-20662.exe	36
PID 2800 wrote to memory of 2804	2800	Unicorn-20662.exe	36
PID 2848 wrote to memory of 3036	2848	Unicorn-35959.exe	38
PID 2848 wrote to memory of 3036	2848	Unicorn-35959.exe	38
PID 2848 wrote to memory of 3036	2848	Unicorn-35959.exe	38
PID 2848 wrote to memory of 3036	2848	Unicorn-35959.exe	38
PID 2304 wrote to memory of 2148	2304	Unicorn-48696.exe	39
PID 2304 wrote to memory of 2148	2304	Unicorn-48696.exe	39
PID 2304 wrote to memory of 2148	2304	Unicorn-48696.exe	39
PID 2304 wrote to memory of 2148	2304	Unicorn-48696.exe	39
PID 2896 wrote to memory of 1428	2896	Unicorn-38381.exe	40
PID 2896 wrote to memory of 1428	2896	Unicorn-38381.exe	40
PID 2896 wrote to memory of 1428	2896	Unicorn-38381.exe	40
PID 2896 wrote to memory of 1428	2896	Unicorn-38381.exe	40
PID 2384 wrote to memory of 1780	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	41
PID 2384 wrote to memory of 1780	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	41
PID 2384 wrote to memory of 1780	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	41
PID 2384 wrote to memory of 1780	2384	3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe	41
PID 2872 wrote to memory of 1280	2872	Unicorn-19492.exe	42
PID 2872 wrote to memory of 1280	2872	Unicorn-19492.exe	42
PID 2872 wrote to memory of 1280	2872	Unicorn-19492.exe	42
PID 2872 wrote to memory of 1280	2872	Unicorn-19492.exe	42
PID 2076 wrote to memory of 1824	2076	Unicorn-58405.exe	43
PID 2076 wrote to memory of 1824	2076	Unicorn-58405.exe	43
PID 2076 wrote to memory of 1824	2076	Unicorn-58405.exe	43
PID 2076 wrote to memory of 1824	2076	Unicorn-58405.exe	43
PID 2800 wrote to memory of 1968	2800	Unicorn-20662.exe	44
PID 2800 wrote to memory of 1968	2800	Unicorn-20662.exe	44
PID 2800 wrote to memory of 1968	2800	Unicorn-20662.exe	44
PID 2800 wrote to memory of 1968	2800	Unicorn-20662.exe	44
PID 2804 wrote to memory of 576	2804	Unicorn-39358.exe	45
PID 2804 wrote to memory of 576	2804	Unicorn-39358.exe	45
PID 2804 wrote to memory of 576	2804	Unicorn-39358.exe	45
PID 2804 wrote to memory of 576	2804	Unicorn-39358.exe	45
PID 2148 wrote to memory of 2264	2148	Unicorn-43451.exe	46
PID 2148 wrote to memory of 2264	2148	Unicorn-43451.exe	46
PID 2148 wrote to memory of 2264	2148	Unicorn-43451.exe	46
PID 2148 wrote to memory of 2264	2148	Unicorn-43451.exe	46

C:\Users\Admin\AppData\Local\Temp\3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe
"C:\Users\Admin\AppData\Local\Temp\3053a936a6c289b0f8528610ba025a25aaaef12d5f74d7b6e0b70eae4151da14N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        8⤵
        Program crash
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        8⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        8⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        7⤵
        Program crash
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39051.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
        7⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        8⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        7⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        7⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-614.exe
        6⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        6⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        6⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
        6⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23047.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        9⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29963.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        8⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
        7⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
        6⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        8⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
        6⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
        7⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-614.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        6⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        6⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        6⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        7⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
        7⤵
        Program crash
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
        6⤵
        
        PID:5056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
        6⤵
        Program crash
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        5⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56731.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54567.exe
        5⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        5⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        5⤵
        
        PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30526.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56731.exe
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
        9⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        8⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
        8⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        6⤵
        Program crash
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        7⤵
        Program crash
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        7⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        7⤵
        
        PID:8240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        6⤵
        Program crash
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42927.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        7⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 220
        7⤵
        Program crash
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe
        6⤵
        
        PID:3304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        6⤵
        Program crash
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        5⤵
        
        PID:1668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 220
        6⤵
        Program crash
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        5⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        5⤵
        
        PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
        6⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        7⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59808.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        8⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        8⤵
        Program crash
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 236
        7⤵
        Program crash
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        7⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
        6⤵
        
        PID:3508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        6⤵
        Program crash
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        5⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        7⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        6⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        6⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
        6⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
        6⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        6⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        6⤵
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31227.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
        5⤵
        
        PID:7132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        5⤵
        Program crash
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        5⤵
        Executes dropped EXE
        
        PID:1492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        6⤵
        Program crash
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        5⤵
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
        6⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51193.exe
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        5⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        5⤵
        
        PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3583.exe
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        5⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        6⤵
        
        PID:3444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        6⤵
        Program crash
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9345.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        5⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        5⤵
        
        PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
      4⤵
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        5⤵
        
        PID:4808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        5⤵
        Program crash
        
        PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
      4⤵
      PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
      4⤵
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
      4⤵
      PID:8052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1280
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15848.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        7⤵
        
        PID:8356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        6⤵
        Program crash
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        6⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        6⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        5⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        6⤵
        Program crash
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20271.exe
        5⤵
        
        PID:5076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        5⤵
        Program crash
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        5⤵
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        6⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
        6⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        5⤵
        
        PID:3192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        5⤵
        Program crash
        
        PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      4⤵
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
      4⤵
      PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        7⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        7⤵
        Program crash
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49242.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
        6⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        6⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        5⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        6⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        6⤵
        
        PID:6644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 220
        6⤵
        Program crash
        
        PID:7876
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
        5⤵
        Program crash
        
        PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25273.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        6⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        6⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        6⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe
        5⤵
        
        PID:3516
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        5⤵
        Program crash
        
        PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
      4⤵
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        5⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        5⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        5⤵
        
        PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
      4⤵
      PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40250.exe
      4⤵
      PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
      4⤵
      PID:8076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59368.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        6⤵
        
        PID:3172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        6⤵
        Program crash
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
        5⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        5⤵
        
        PID:6216
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
        5⤵
        Program crash
        
        PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        5⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        5⤵
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63003.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
      4⤵
      PID:6028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
      4⤵
      Program crash
      PID:6784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
      4⤵
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25672.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        5⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        5⤵
        
        PID:8092
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
      4⤵
      Program crash
      PID:3652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
    3⤵
    PID:904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
      4⤵
      PID:5048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
      4⤵
      Program crash
      PID:6060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
    3⤵
    PID:5000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
    3⤵
    PID:5764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48341.exe
    3⤵
    PID:6548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
    3⤵
    PID:7740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
    3⤵
    PID:8636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        9⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20779.exe
        9⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        8⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 216
        8⤵
        Program crash
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46167.exe
        7⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 220
        8⤵
        Program crash
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        7⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        8⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 216
        7⤵
        Program crash
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        6⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        6⤵
        Executes dropped EXE
        
        PID:1932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 220
        7⤵
        Program crash
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        6⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        7⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
        7⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        6⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        6⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        6⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        6⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        6⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        6⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
        5⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        5⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
        5⤵
        
        PID:6312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        5⤵
        Program crash
        
        PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        7⤵
        Program crash
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18138.exe
        7⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29723.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        6⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        6⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51870.exe
        6⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        7⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
        6⤵
        Program crash
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        5⤵
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        6⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
        6⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        6⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        5⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40250.exe
        5⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        5⤵
        
        PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47914.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        6⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24783.exe
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        7⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        6⤵
        
        PID:4728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        6⤵
        Program crash
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        6⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        6⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        6⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        5⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
        5⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        5⤵
        
        PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52321.exe
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40913.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        6⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
        5⤵
        
        PID:3628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        5⤵
        Program crash
        
        PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
      4⤵
      PID:484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
        5⤵
        Program crash
        
        PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44601.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
      4⤵
      PID:5040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
      4⤵
      Program crash
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17131.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
        6⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
        8⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        7⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 216
        7⤵
        Program crash
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
        6⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        7⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        6⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        6⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
        5⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        6⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        6⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        5⤵
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        5⤵
        
        PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26603.exe
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        6⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        6⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        6⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        5⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe
        5⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        5⤵
        
        PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
      4⤵
      PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        6⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        5⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        5⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        5⤵
        
        PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43504.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
      4⤵
      PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
      4⤵
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        5⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        6⤵
        
        PID:5032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        6⤵
        Program crash
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
        5⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        5⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        5⤵
        
        PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        5⤵
        
        PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
      4⤵
      PID:4000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
      4⤵
      Program crash
      PID:4280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        5⤵
        
        PID:7404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 220
        5⤵
        Program crash
        
        PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
      4⤵
      PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
      4⤵
      PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
      4⤵
      PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
      4⤵
      PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
      4⤵
      PID:7492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
    3⤵
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
      4⤵
      PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
      4⤵
      PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
      4⤵
      PID:8264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
    3⤵
    PID:3076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
    3⤵
    PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
    3⤵
    PID:6052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15605.exe
    3⤵
    PID:7692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38381.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38381.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
        6⤵
        Program crash
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        5⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36435.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        7⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        6⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51303.exe
        5⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        6⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        6⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
        5⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        5⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        5⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        5⤵
        
        PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50899.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35393.exe
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        7⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        6⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        6⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        6⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
        5⤵
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        6⤵
        
        PID:7000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 216
        6⤵
        Program crash
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        5⤵
        
        PID:6236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
        5⤵
        Program crash
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        6⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26805.exe
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        5⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        5⤵
        
        PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
      4⤵
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        5⤵
        
        PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34785.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
      4⤵
      PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
      4⤵
      PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
      4⤵
      PID:8452
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        5⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        6⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        7⤵
        
        PID:8492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
        6⤵
        Program crash
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        5⤵
        Program crash
        
        PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
      4⤵
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
        5⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
        5⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        5⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        5⤵
        
        PID:8844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
      4⤵
      PID:4532
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
      4⤵
      Program crash
      PID:4544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
      4⤵
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        5⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        6⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
      4⤵
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        5⤵
        
        PID:7636
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
      4⤵
      Program crash
      PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
    3⤵
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
      4⤵
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
      4⤵
      PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
      4⤵
      PID:6528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
      4⤵
      Program crash
      PID:7756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
    3⤵
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
    3⤵
    PID:4516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61427.exe
    3⤵
    PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
    3⤵
    PID:7732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
    3⤵
    PID:9040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 220
      4⤵
      Program crash
      PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
    3⤵
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
      4⤵
      PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
      4⤵
      PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
      4⤵
      PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
    3⤵
    PID:3884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
    3⤵
    PID:4308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
    3⤵
    PID:7264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
    3⤵
    PID:8200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
    3⤵
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36435.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
      4⤵
      PID:4508
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
      4⤵
      Program crash
      PID:5660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
    3⤵
    PID:3916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
    3⤵
    - Program crash
    PID:5100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
  2⤵
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37504.exe
    3⤵
    PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
    3⤵
    PID:4912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48669.exe
    3⤵
    PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
    3⤵
    PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
    3⤵
    PID:8160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
  2⤵
  PID:3988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
  2⤵
  PID:4320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
  2⤵
  PID:5716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
  2⤵
  PID:6996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
  2⤵
  PID:8024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe

Filesize
468KB

MD5
e5c88eb54cb466f3bfec5f6480f5924f

SHA1
d117f7203f386f303983112ee9d0a0432fc22aa4

SHA256
ef478a2921ed47371b90bff053d5ccfef356411b3080606efa8df5d758270e7a

SHA512
304703e9b348ceca75ceeadef4cbcc9a4e3453b08f0aef07bc8a418d673a738a66efa7b3ced14a14ff07a86e3ca08953ea3d9185b67b2844043eabd93dae7722

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17131.exe

Filesize
468KB

MD5
00aca9bd707046dbdc8909c3e428da47

SHA1
4ca3564899f106208276f5fafdddb77d82862598

SHA256
456c610abc79e67496e26d62bfb7116d7271430fc5fa9eb010fb61171fa78460

SHA512
ea4d08a61c755d3e01682e7efc714f4365d3b855ca1b65c6a49899f7eae732876e1f4cac79329e140a4a1c3e274e194e2041ebc508c7b0aa5040e6ba57d56634

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe

Filesize
468KB

MD5
d8c713eaef973f958d8a974ea1b060b6

SHA1
1fccdec627c71db7b9a770d004dcbd6fd85c2ead

SHA256
4318ee76bd3468b812b82ad9e11ea602f5ecd17a0771a3da069b8dc6196d3d63

SHA512
5d839e3a0429f87013a432bb9618fcdfcd1ad63e4070f8735dcbf10e543abeb1d4f99de891c3de64796255ffaa9fa2887006e6dbdb0e275dfb63cef059b42cd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe

Filesize
468KB

MD5
a131a899d015f89a50c8eca3c53b43d8

SHA1
60cb38313d3bf47e296265ccf40106c8f1291bb9

SHA256
b7e1a2bcbc8872c70a78a47fe1b1619fbc3b99332816d364b06e6c421db15646

SHA512
a56958905e796da11db492c73e25c2090cbf80d87bf85e03e7ea5f982143096e11f4b78cdbe0a74bcf1cf8652d1165070a310e66382d1db8e79a1e2da82a8930

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe

Filesize
468KB

MD5
fb7a37361428dea14e891d6ab1380589

SHA1
dd1f55a5527b3ec269e456d4b1ac865de5d10a61

SHA256
ec4e810c45970fac4b6b4a67111c3f75be59c4e3e7190fbe90a81ad47f5ee0b5

SHA512
a40a8e785c41f7b34e8ea9e95b6c0049293fe9823a77f27a6942da3314649de9fefa23f6a52115c7aa5ea7fb2d929a69777a6539f4ba0d4d3e737ea3b81858ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe

Filesize
468KB

MD5
b97edaacf016037b80a3395f834656b6

SHA1
7a8fb349d4be7a373ba8896ea14055b63f8d3475

SHA256
0c0d79dfc1c5776e668082c31372d5f4bacd020104dc575596d1f942564e2105

SHA512
34e5a3dcf4dc15261a437c8f16b5cbb19abe90a7b68723d70a287f2721935b36249bb46b99e73c8e3dde1590d85769dfe868e25a6d1c16b5d35fd0028fac1b79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe

Filesize
468KB

MD5
fd0f69420883c0240e42882762060871

SHA1
498500554c6a185535d8fe5b221006cd1a726538

SHA256
855e79677ac7975ffbb85a51d957a8261fa81ab4feca7148133f21218471acaa

SHA512
8d824c8af7711cefa6dd68acbd2fcd1fade3dd4e6f7effc12dc56e5eb3200a3578e19bfc20b66dcb6f9c4955bbc9520443c73d64d84286af3c0e25d81d6b972b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe

Filesize
468KB

MD5
2cf79119d211bfd56dd85632b654d0b9

SHA1
eee5b0838c01cf1b264922a22e10c6880a18ab59

SHA256
32dbb951a5f52325ff6a416b07ab364b451b86ad35b3a65d3e703365d3374096

SHA512
40ce0af6619b840bd002663009e94b428af471802329f69c542ba53e9d71a72c5ac8f21c75b7d3d8dae43239ba9836312b78b0cac6465a4a588be6c18562c565

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe

Filesize
468KB

MD5
021155e291b02dc0a73fdc08f4dc9c2a

SHA1
0589f1163030e7b9f28de59f137a1d90183a4afd

SHA256
cbb4000aa85b35ed6d52dd24c34f1f976267bd2ed2e2df400f938699678a9002

SHA512
94d3b5ca68b9a56e4c15b134ac4be831da4061433fce09c01a8916ceace46bda574ef55001b5f60fd4f485692eeec928b143e38c83e7da49d68bd5fa1c56abca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe

Filesize
468KB

MD5
7b4867afe58df4fb5fed9f8fc8202b56

SHA1
de2b22410a903f1eec0984e3df9f3d150f8f32a2

SHA256
dcccf0a7d88f8f02cc93c7bc2d3cb37c91800d86e2dfb0b2bb3642217fb78df4

SHA512
6908078cfefa61e5143d6f206f47d74e0e4dfa68e7bff7878bd6be98ca8737b7d605855cae1c974ce68ed3f51e6b3954e45c6ebd81f36541e105b4063a94cd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe

Filesize
468KB

MD5
4a7814a65b1c6d21418aeb31dc919a50

SHA1
2fc828719c3f3a4076f255d93905f5f94b4ebd6d

SHA256
59faaba2a61f8794e0f6315194b306df7f054eea342ef03bcfeecf29689692e8

SHA512
d99af540d58cb99dbed274e9286f1ab4535f16850f3cbe25ef6584559787595f21003cc7fd27e70d954f1627755cdcdb7d6932b00e2d7584f7c5f96a8e3f6a09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe

Filesize
468KB

MD5
7104488b410692c1e3417f47473d91c3

SHA1
5eb943df94c1a24fac68541dd09777222c4a43be

SHA256
990d6c2d65272dcf2f1692a331b8a31c6c6d1df88218f454b3d15d802a50343e

SHA512
a45c51d7bbf316e0fcb11547185935bff0c2bdb334cd8b1ff25698f883a25555d026783f6012d5443548e203d4d463fc7963a363713c738bec9e35beeb78e8a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe

Filesize
468KB

MD5
ce3f932f45c89c80ee4f528f5d575458

SHA1
ed772737727efee9430dffef4301e66ff60ca000

SHA256
ef5df39300470e9f8509d7a627853f0731810181d3b5c8f3499890cbf977a5ff

SHA512
5af0f47e2774c9e1224e563f2c832dbf014e305557cb035b14c4d1720d2da4ca90f5003e4eb9356f48d9bc4e0b8128c8a32941b251747ca6ed1ebed24bb56806

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe

Filesize
468KB

MD5
7d9027a1a7d92868e332fc453c612bfc

SHA1
769658f866bb2e9cc413a923aa0964692f81bb43

SHA256
f0369a3a89f6cdba602c57f7c819ee7a6a4f72cd8008f59b60e24516bdb6910e

SHA512
9001917373e0a98d02e6b67d88760e37c30bab6f9ddb9be3d9c845d2c01697bc743a225f840427028a1f7e401f6e84b932ca330191bc302f705c011bcd9d0eae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe

Filesize
468KB

MD5
ec95cfb681bd0f837478a93c4a8b9b9e

SHA1
515390fc2b6fb52d7159877f2bd955d904e0b7ca

SHA256
12d7ff8b57ffc6b57ae4f4bd6ea7caa7fb908e43d1e21505e8b523d0b108e6d5

SHA512
0202f1cffe58b63394d64a250091db67890c0f6700b088080f2f5c5ce6d88e818e3fa7dcb6d38a498664d07c9a0be1f73c2dcc5be8ffef3b88b7cf46283b4ddf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38381.exe

Filesize
468KB

MD5
fbe6961b8ceaf08732f63fdccf05c7f4

SHA1
042e4f2541b62ab6607035e418bb6168e46b06cd

SHA256
af9b5b53aeb105ac99a0e5c15ac5fcde768aa979e39585b27e13be25d9599481

SHA512
2d59ee8779f488f65b26ff6f874b2030c2e9091e6b17e32a8bbbf89436afc75c6d78ccd9c10043359ec2de1882aea6264ce5ac105ab87b80b3b534ce9c216402

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe

Filesize
468KB

MD5
74a3259f10125e5910e3dddf4d7ec400

SHA1
fbc88b3368e675d6f7713b38ca8000b6a3860037

SHA256
b7c6effe396cd6bd29e6fe6dc7fd09ec88253cabe5443c9f03c86735ead6684f

SHA512
bc141d53b5edf321cf10e71f5d33d154c21722159c16bc012040e6dda520156e60f788edbbb36c87e0b922dec8dbd28468339e2a70987b29eaeee5a38c68a0eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe

Filesize
468KB

MD5
6e5e619628548adc0d28a887268c0631

SHA1
51b21a28ce7c350563926ea51be0252d980a3c05

SHA256
897ad66bef415515bcd6bdb17cae7650fd14e238e90208039375b38cf68ca04f

SHA512
acab4c1c497eeb09f24fccbd28dba932d3455de466ec41839f289379c2f29733f3948b5b3f55b415bbce1528d2e51fd7f316696572716793c992678ff2f21e65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe

Filesize
468KB

MD5
239f9e05cbf1942e0fa0ddbd4d54dd3f

SHA1
d823930e49c4aa2bdf297100ae7064fc158514e8

SHA256
c23323538570e16aeddebbbe87fc1238339d0ae6856b439d12e8d90b45b6c08f

SHA512
98259bc00760dfaaed716d73c172638d17f41a6f9644b96e2b072833a50421c97c688ceefc0972cb3b05af46e289cf2c0cdd33f316bf3a31d7b5ecc7b85f1493

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe

Filesize
468KB

MD5
c0b21f1f1d4b5e572248d12f38a73ec3

SHA1
c8f5cc4c2c855a760639dce6eb68ec74a93dfc7f

SHA256
7a4e5bb1680503b2e7b5439f0e0957a4f910f2c8e1e3832950e861d94ff7758a

SHA512
8eaf497401572f226cdd9a41b5d41d5b323635f336d8081a6672ef8c25afc0308666df95e28f642cc64f8660371e6f0994982cde64e3ba9ef0a8031cd26d303f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe

Filesize
468KB

MD5
008c8421ca4e9012fc2e1fae58779632

SHA1
d1825c58fc25fbafcca9d740b2ce1f1f29bb6f0f

SHA256
0d864c0decf68f5a6378de863f29365d3620835f2a6bdd6277d5eb1980476968

SHA512
2630e885d85dfe4ecaffcb4cafaf3f932eab4f8e737580bcd7981746532d163582b004160b9357ca346b24d5a39edad2b39771a9d69713859a9ecb8e9ff40c38

Download Submit
memory/112-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/568-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/576-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/576-381-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/576-222-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/576-221-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/784-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/960-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1096-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1152-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1280-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1428-422-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/1428-274-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/1428-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1460-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1680-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-243-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/1780-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-242-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/1800-395-0x0000000001F80000-0x0000000001FF5000-memory.dmp

Filesize
468KB

Download
memory/1800-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1824-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1824-310-0x0000000002540000-0x00000000025B5000-memory.dmp

Filesize
468KB

Download
memory/1824-306-0x0000000002540000-0x00000000025B5000-memory.dmp

Filesize
468KB

Download
memory/1956-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1968-271-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/1968-270-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/1968-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-142-0x0000000001DD0000-0x0000000001E45000-memory.dmp

Filesize
468KB

Download
memory/2076-298-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2076-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-12-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-419-0x0000000001DD0000-0x0000000001E45000-memory.dmp

Filesize
468KB

Download
memory/2076-296-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2076-158-0x0000000001DD0000-0x0000000001E45000-memory.dmp

Filesize
468KB

Download
memory/2076-20-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2148-195-0x0000000002880000-0x00000000028F5000-memory.dmp

Filesize
468KB

Download
memory/2148-344-0x0000000002880000-0x00000000028F5000-memory.dmp

Filesize
468KB

Download
memory/2148-345-0x0000000002880000-0x00000000028F5000-memory.dmp

Filesize
468KB

Download
memory/2148-194-0x00000000033B0000-0x0000000003425000-memory.dmp

Filesize
468KB

Download
memory/2212-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2216-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-336-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2264-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-335-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2304-207-0x0000000001E80000-0x0000000001EF5000-memory.dmp

Filesize
468KB

Download
memory/2304-364-0x0000000001E80000-0x0000000001EF5000-memory.dmp

Filesize
468KB

Download
memory/2304-101-0x0000000001E80000-0x0000000001EF5000-memory.dmp

Filesize
468KB

Download
memory/2304-365-0x0000000001E80000-0x0000000001EF5000-memory.dmp

Filesize
468KB

Download
memory/2304-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2384-420-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2384-268-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2384-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2384-122-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2384-123-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2384-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2384-250-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2384-10-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2464-375-0x0000000002430000-0x00000000024A5000-memory.dmp

Filesize
468KB

Download
memory/2464-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2464-372-0x0000000002430000-0x00000000024A5000-memory.dmp

Filesize
468KB

Download
memory/2528-415-0x0000000002410000-0x0000000002485000-memory.dmp

Filesize
468KB

Download
memory/2528-408-0x0000000002410000-0x0000000002485000-memory.dmp

Filesize
468KB

Download
memory/2528-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2752-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2796-352-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2796-356-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2796-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2800-155-0x0000000001E20000-0x0000000001E95000-memory.dmp

Filesize
468KB

Download
memory/2800-152-0x0000000001E20000-0x0000000001E95000-memory.dmp

Filesize
468KB

Download
memory/2800-300-0x0000000001E20000-0x0000000001E95000-memory.dmp

Filesize
468KB

Download
memory/2800-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2800-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2800-299-0x0000000001E20000-0x0000000001E95000-memory.dmp

Filesize
468KB

Download
memory/2804-173-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2804-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-233-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2804-229-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2804-160-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2804-406-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2812-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2812-443-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2848-66-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2848-273-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2848-95-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2848-272-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2872-297-0x0000000002580000-0x00000000025F5000-memory.dmp

Filesize
468KB

Download
memory/2872-67-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-138-0x0000000002580000-0x00000000025F5000-memory.dmp

Filesize
468KB

Download
memory/2872-141-0x0000000002580000-0x00000000025F5000-memory.dmp

Filesize
468KB

Download
memory/2896-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3008-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3036-251-0x0000000002270000-0x00000000022E5000-memory.dmp

Filesize
468KB

Download
memory/3056-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download