d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78ac

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
Size

468KB
MD5

a6b4d2da88ee464dff9c4a5167280080
SHA1

5c9657e5a53b69e5287282b662428db7726adb0c
SHA256

d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78ac
SHA512

85c8defdcc32b149ebcc11beace16846c7cc496831762bdafe5678425448da41c2b80c1c030f8589b2ed1a82735793c8a978e447a7a04d0e2cdc1b114645e9d1
SSDEEP

3072:Xrz7ogtxjV8UFbYWPz3yqf8/Eptj7PpgPmHx+lOhEln0sFo1SDlg:XrfoyeUF1PDyqf/BtLEl0co1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2300	Unicorn-54354.exe
2840	Unicorn-3923.exe
2252	Unicorn-57763.exe
2680	Unicorn-6082.exe
2756	Unicorn-14250.exe
2656	Unicorn-8120.exe
2536	Unicorn-11105.exe
2708	Unicorn-33405.exe
1256	Unicorn-39496.exe
2900	Unicorn-30455.exe
1028	Unicorn-36586.exe
2872	Unicorn-28418.exe
316	Unicorn-576.exe
868	Unicorn-20176.exe
1096	Unicorn-45460.exe
1324	Unicorn-9450.exe
1684	Unicorn-14515.exe
1668	Unicorn-41826.exe
2088	Unicorn-39705.exe
932	Unicorn-47873.exe
1792	Unicorn-6840.exe
2764	Unicorn-63639.exe
2132	Unicorn-52704.exe
2116	Unicorn-23104.exe
828	Unicorn-31537.exe
2444	Unicorn-15392.exe
780	Unicorn-9262.exe
1624	Unicorn-54624.exe
2792	Unicorn-19534.exe
2940	Unicorn-14681.exe
2952	Unicorn-34547.exe
320	Unicorn-61473.exe
2652	Unicorn-10426.exe
2400	Unicorn-64266.exe
2856	Unicorn-9274.exe
2732	Unicorn-49850.exe
1664	Unicorn-1490.exe
2524	Unicorn-47354.exe
1992	Unicorn-61848.exe
1588	Unicorn-1526.exe
1916	Unicorn-28216.exe
2120	Unicorn-28216.exe
2064	Unicorn-24686.exe
2004	Unicorn-3519.exe
684	Unicorn-24878.exe
1048	Unicorn-60503.exe
2716	Unicorn-20432.exe
2992	Unicorn-11806.exe
784	Unicorn-20624.exe
2188	Unicorn-36768.exe
1004	Unicorn-20624.exe
912	Unicorn-12263.exe
2980	Unicorn-57935.exe
1340	Unicorn-24389.exe
2696	Unicorn-7861.exe
2816	Unicorn-62622.exe
2584	Unicorn-57629.exe
2712	Unicorn-29787.exe
2864	Unicorn-34578.exe
380	Unicorn-2791.exe
2724	Unicorn-8921.exe
1632	Unicorn-52585.exe
2092	Unicorn-14816.exe
352	Unicorn-15081.exe

Loads dropped DLL 64 IoCs

pid	Process
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2300	Unicorn-54354.exe
2300	Unicorn-54354.exe
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2252	Unicorn-57763.exe
2840	Unicorn-3923.exe
2252	Unicorn-57763.exe
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2840	Unicorn-3923.exe
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2300	Unicorn-54354.exe
2300	Unicorn-54354.exe
2756	Unicorn-14250.exe
2756	Unicorn-14250.exe
2840	Unicorn-3923.exe
2840	Unicorn-3923.exe
2536	Unicorn-11105.exe
2300	Unicorn-54354.exe
2536	Unicorn-11105.exe
2300	Unicorn-54354.exe
2656	Unicorn-8120.exe
2656	Unicorn-8120.exe
2252	Unicorn-57763.exe
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2252	Unicorn-57763.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2708	Unicorn-33405.exe
2708	Unicorn-33405.exe
2756	Unicorn-14250.exe
2756	Unicorn-14250.exe
1256	Unicorn-39496.exe
1256	Unicorn-39496.exe
2840	Unicorn-3923.exe
2840	Unicorn-3923.exe
1028	Unicorn-36586.exe
1028	Unicorn-36586.exe
2900	Unicorn-30455.exe
2900	Unicorn-30455.exe
868	Unicorn-20176.exe
868	Unicorn-20176.exe
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2656	Unicorn-8120.exe
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2656	Unicorn-8120.exe
2300	Unicorn-54354.exe
316	Unicorn-576.exe
2300	Unicorn-54354.exe
316	Unicorn-576.exe
2252	Unicorn-57763.exe
2872	Unicorn-28418.exe
2252	Unicorn-57763.exe
2872	Unicorn-28418.exe
2536	Unicorn-11105.exe
2536	Unicorn-11105.exe
1096	Unicorn-45460.exe
1096	Unicorn-45460.exe
1324	Unicorn-9450.exe

Program crash 58 IoCs

pid	pid_target	Process	procid_target
2896	2680	WerFault.exe	34
2164	2716	WerFault.exe	77
1988	320	WerFault.exe	63
856	2120	WerFault.exe	73
1596	912	WerFault.exe	83
2748	984	WerFault.exe	98
2660	604	WerFault.exe	105
2828	1816	WerFault.exe	102
2148	1028	WerFault.exe	43
4032	2684	WerFault.exe	131
3248	2380	WerFault.exe	189
3104	2940	WerFault.exe	62
3168	780	WerFault.exe	57
3368	2304	WerFault.exe	118
3768	328	WerFault.exe	143
3364	2636	WerFault.exe	117
5104	2004	WerFault.exe	75
4456	868	WerFault.exe	45
4668	1340	WerFault.exe	85
5040	2444	WerFault.exe	58
5016	2692	WerFault.exe	161
4156	2188	WerFault.exe	79
5112	2532	WerFault.exe	108
5796	1168	WerFault.exe	153
5816	1672	WerFault.exe	114
5888	3784	WerFault.exe	217
5980	1700	WerFault.exe	177
6068	1632	WerFault.exe	95
5676	1932	WerFault.exe	141
5632	1640	WerFault.exe	136
5812	1584	WerFault.exe	127
2344	2876	WerFault.exe	113
2112	1012	WerFault.exe	172
5960	2844	WerFault.exe	109
5368	2752	WerFault.exe	149
5748	3800	WerFault.exe	219
6192	1400	WerFault.exe	154
6208	3052	WerFault.exe	137
6216	2668	WerFault.exe	148
6232	2600	WerFault.exe	138
6616	3732	WerFault.exe	241
6584	2952	WerFault.exe	61
6316	1668	WerFault.exe	49
6624	1256	WerFault.exe	39
7188	3020	WerFault.exe	164
6496	2816	WerFault.exe	87
6224	2240	WerFault.exe	99
6972	684	WerFault.exe	76
6368	2712	WerFault.exe	90
6376	1916	WerFault.exe	72
7076	2300	WerFault.exe	31
7152	2584	WerFault.exe	89
7064	2696	WerFault.exe	86
7056	1992	WerFault.exe	70
6556	2756	WerFault.exe	35
7548	2276	WerFault.exe	169
7604	2388	WerFault.exe	165
7596	3408	WerFault.exe	208

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9848.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
2300	Unicorn-54354.exe
2840	Unicorn-3923.exe
2252	Unicorn-57763.exe
2756	Unicorn-14250.exe
2680	Unicorn-6082.exe
2536	Unicorn-11105.exe
2656	Unicorn-8120.exe
2708	Unicorn-33405.exe
1256	Unicorn-39496.exe
2900	Unicorn-30455.exe
1028	Unicorn-36586.exe
868	Unicorn-20176.exe
316	Unicorn-576.exe
2872	Unicorn-28418.exe
1096	Unicorn-45460.exe
1324	Unicorn-9450.exe
1684	Unicorn-14515.exe
1668	Unicorn-41826.exe
2088	Unicorn-39705.exe
1792	Unicorn-6840.exe
932	Unicorn-47873.exe
2116	Unicorn-23104.exe
2764	Unicorn-63639.exe
1624	Unicorn-54624.exe
780	Unicorn-9262.exe
2444	Unicorn-15392.exe
828	Unicorn-31537.exe
2132	Unicorn-52704.exe
2792	Unicorn-19534.exe
2952	Unicorn-34547.exe
2940	Unicorn-14681.exe
320	Unicorn-61473.exe
2652	Unicorn-10426.exe
2400	Unicorn-64266.exe
2856	Unicorn-9274.exe
2732	Unicorn-49850.exe
1664	Unicorn-1490.exe
2524	Unicorn-47354.exe
1992	Unicorn-61848.exe
1588	Unicorn-1526.exe
1916	Unicorn-28216.exe
2004	Unicorn-3519.exe
2120	Unicorn-28216.exe
684	Unicorn-24878.exe
2064	Unicorn-24686.exe
2980	Unicorn-57935.exe
2716	Unicorn-20432.exe
1004	Unicorn-20624.exe
1048	Unicorn-60503.exe
2188	Unicorn-36768.exe
2992	Unicorn-11806.exe
912	Unicorn-12263.exe
2696	Unicorn-7861.exe
1340	Unicorn-24389.exe
784	Unicorn-20624.exe
2816	Unicorn-62622.exe
2584	Unicorn-57629.exe
2712	Unicorn-29787.exe
2864	Unicorn-34578.exe
380	Unicorn-2791.exe
2724	Unicorn-8921.exe
1632	Unicorn-52585.exe
2092	Unicorn-14816.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2300	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	31
PID 2512 wrote to memory of 2300	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	31
PID 2512 wrote to memory of 2300	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	31
PID 2512 wrote to memory of 2300	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	31
PID 2300 wrote to memory of 2840	2300	Unicorn-54354.exe	32
PID 2300 wrote to memory of 2840	2300	Unicorn-54354.exe	32
PID 2300 wrote to memory of 2840	2300	Unicorn-54354.exe	32
PID 2300 wrote to memory of 2840	2300	Unicorn-54354.exe	32
PID 2512 wrote to memory of 2252	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	33
PID 2512 wrote to memory of 2252	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	33
PID 2512 wrote to memory of 2252	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	33
PID 2512 wrote to memory of 2252	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	33
PID 2252 wrote to memory of 2680	2252	Unicorn-57763.exe	34
PID 2252 wrote to memory of 2680	2252	Unicorn-57763.exe	34
PID 2252 wrote to memory of 2680	2252	Unicorn-57763.exe	34
PID 2252 wrote to memory of 2680	2252	Unicorn-57763.exe	34
PID 2840 wrote to memory of 2756	2840	Unicorn-3923.exe	35
PID 2840 wrote to memory of 2756	2840	Unicorn-3923.exe	35
PID 2840 wrote to memory of 2756	2840	Unicorn-3923.exe	35
PID 2840 wrote to memory of 2756	2840	Unicorn-3923.exe	35
PID 2512 wrote to memory of 2656	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	36
PID 2512 wrote to memory of 2656	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	36
PID 2512 wrote to memory of 2656	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	36
PID 2512 wrote to memory of 2656	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	36
PID 2300 wrote to memory of 2536	2300	Unicorn-54354.exe	37
PID 2300 wrote to memory of 2536	2300	Unicorn-54354.exe	37
PID 2300 wrote to memory of 2536	2300	Unicorn-54354.exe	37
PID 2300 wrote to memory of 2536	2300	Unicorn-54354.exe	37
PID 2756 wrote to memory of 2708	2756	Unicorn-14250.exe	38
PID 2756 wrote to memory of 2708	2756	Unicorn-14250.exe	38
PID 2756 wrote to memory of 2708	2756	Unicorn-14250.exe	38
PID 2756 wrote to memory of 2708	2756	Unicorn-14250.exe	38
PID 2840 wrote to memory of 1256	2840	Unicorn-3923.exe	39
PID 2840 wrote to memory of 1256	2840	Unicorn-3923.exe	39
PID 2840 wrote to memory of 1256	2840	Unicorn-3923.exe	39
PID 2840 wrote to memory of 1256	2840	Unicorn-3923.exe	39
PID 2536 wrote to memory of 2872	2536	Unicorn-11105.exe	40
PID 2536 wrote to memory of 2872	2536	Unicorn-11105.exe	40
PID 2536 wrote to memory of 2872	2536	Unicorn-11105.exe	40
PID 2536 wrote to memory of 2872	2536	Unicorn-11105.exe	40
PID 2300 wrote to memory of 2900	2300	Unicorn-54354.exe	42
PID 2300 wrote to memory of 2900	2300	Unicorn-54354.exe	42
PID 2300 wrote to memory of 2900	2300	Unicorn-54354.exe	42
PID 2300 wrote to memory of 2900	2300	Unicorn-54354.exe	42
PID 2680 wrote to memory of 2896	2680	Unicorn-6082.exe	41
PID 2680 wrote to memory of 2896	2680	Unicorn-6082.exe	41
PID 2680 wrote to memory of 2896	2680	Unicorn-6082.exe	41
PID 2680 wrote to memory of 2896	2680	Unicorn-6082.exe	41
PID 2656 wrote to memory of 1028	2656	Unicorn-8120.exe	43
PID 2656 wrote to memory of 1028	2656	Unicorn-8120.exe	43
PID 2656 wrote to memory of 1028	2656	Unicorn-8120.exe	43
PID 2656 wrote to memory of 1028	2656	Unicorn-8120.exe	43
PID 2512 wrote to memory of 868	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	45
PID 2512 wrote to memory of 868	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	45
PID 2512 wrote to memory of 868	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	45
PID 2512 wrote to memory of 868	2512	d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe	45
PID 2252 wrote to memory of 316	2252	Unicorn-57763.exe	44
PID 2252 wrote to memory of 316	2252	Unicorn-57763.exe	44
PID 2252 wrote to memory of 316	2252	Unicorn-57763.exe	44
PID 2252 wrote to memory of 316	2252	Unicorn-57763.exe	44
PID 2708 wrote to memory of 1096	2708	Unicorn-33405.exe	46
PID 2708 wrote to memory of 1096	2708	Unicorn-33405.exe	46
PID 2708 wrote to memory of 1096	2708	Unicorn-33405.exe	46
PID 2708 wrote to memory of 1096	2708	Unicorn-33405.exe	46

C:\Users\Admin\AppData\Local\Temp\d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe
"C:\Users\Admin\AppData\Local\Temp\d74425a0f40e95923deae997b7bd7064f78ab731ae77c155862cf216ff1c78acN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        9⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
        10⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        10⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        10⤵
        Program crash
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24736.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        9⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        9⤵
        Program crash
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        9⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        9⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17238.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        8⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16159.exe
        9⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
        9⤵
        Program crash
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        8⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        8⤵
        Program crash
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        7⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        7⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14681.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        9⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        8⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        7⤵
        Program crash
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        7⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        6⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32259.exe
        7⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        6⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        6⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34547.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29045.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
        8⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2960.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        7⤵
        Program crash
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        8⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        7⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        6⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        7⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        6⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        6⤵
        Program crash
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        6⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        6⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55490.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59537.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        5⤵
        Program crash
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39496.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        9⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50569.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        8⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19296.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        6⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 220
        7⤵
        Program crash
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        6⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        7⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
        7⤵
        Program crash
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        6⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        6⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
        6⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
        7⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63880.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        6⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        6⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
        6⤵
        Program crash
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe
        5⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
        6⤵
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
        6⤵
        
        PID:4720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 220
        6⤵
        Program crash
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22241.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17186.exe
        5⤵
        
        PID:6108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
        5⤵
        Program crash
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        8⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
        8⤵
        Program crash
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11373.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        7⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
        6⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27097.exe
        7⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
        7⤵
        Program crash
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        6⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
        6⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        6⤵
        
        PID:4608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
        6⤵
        Program crash
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        5⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        5⤵
        
        PID:6000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        5⤵
        Program crash
        
        PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        5⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        6⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        7⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        6⤵
        Program crash
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        6⤵
        
        PID:4824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
        6⤵
        Program crash
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        5⤵
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        5⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
      4⤵
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        5⤵
        
        PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
      4⤵
      PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35059.exe
      4⤵
      PID:7440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        8⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        7⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        7⤵
        Program crash
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
        6⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        7⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 236
        7⤵
        Program crash
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
        6⤵
        
        PID:3596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        6⤵
        Program crash
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        6⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        7⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        6⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 220
        6⤵
        Program crash
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        5⤵
        
        PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        6⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39832.exe
        8⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        8⤵
        Program crash
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        7⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        7⤵
        Program crash
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        6⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        5⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        7⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        6⤵
        Program crash
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
        5⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
        6⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        5⤵
        
        PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30819.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
        6⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        5⤵
        
        PID:4496
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
        5⤵
        Program crash
        
        PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
      4⤵
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
        5⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        5⤵
        
        PID:7416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
      4⤵
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
      4⤵
      PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40394.exe
      4⤵
      PID:6776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47873.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        6⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        8⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        8⤵
        Program crash
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        7⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
        6⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        6⤵
        
        PID:6092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        6⤵
        Program crash
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45294.exe
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        6⤵
        
        PID:4736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        6⤵
        Program crash
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        5⤵
        
        PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        5⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        6⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        6⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
        5⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        5⤵
        
        PID:5736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
        5⤵
        Program crash
        
        PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
      4⤵
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        5⤵
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
      4⤵
      PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
      4⤵
      PID:7392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        5⤵
        Program crash
        
        PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
      4⤵
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        5⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        5⤵
        
        PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe
      4⤵
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        5⤵
        
        PID:4952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 240
        5⤵
        Program crash
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64174.exe
      4⤵
      PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
      4⤵
      PID:7172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25948.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
        5⤵
        
        PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
      4⤵
      PID:5660
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
      4⤵
      Program crash
      PID:6496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
    3⤵
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      4⤵
      PID:4384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
      4⤵
      Program crash
      PID:6208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe
    3⤵
    PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
    3⤵
    PID:6120
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
    3⤵
    - Program crash
    PID:7076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        6⤵
        Program crash
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41458.exe
        5⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        7⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
        6⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        6⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        6⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        5⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        5⤵
        
        PID:7488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        5⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
      4⤵
      PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
      4⤵
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11449.exe
      4⤵
      PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
      4⤵
      PID:580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 188
        5⤵
        Program crash
        
        PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
      4⤵
      PID:1808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
      4⤵
      Program crash
      PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
      4⤵
      PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        5⤵
        
        PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
      4⤵
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
      4⤵
      PID:7480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
    3⤵
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      4⤵
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
      4⤵
      PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      4⤵
      PID:7180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
    3⤵
    PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
      4⤵
      PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      4⤵
      PID:7248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
    3⤵
    PID:3836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
    3⤵
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
    3⤵
    PID:6668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        6⤵
        Executes dropped EXE
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
        7⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
        8⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50569.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
        7⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        6⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        8⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        8⤵
        Program crash
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65141.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        6⤵
        
        PID:5656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        6⤵
        Program crash
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        5⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 220
        6⤵
        Program crash
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51491.exe
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        5⤵
        
        PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        5⤵
        
        PID:984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        6⤵
        Program crash
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        5⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        6⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        7⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        6⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        5⤵
        
        PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1167.exe
      4⤵
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        5⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50569.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6440
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
      4⤵
      Program crash
      PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
        5⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        7⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        7⤵
        Program crash
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        6⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        5⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
      4⤵
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        5⤵
        
        PID:5068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 220
        5⤵
        Program crash
        
        PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42946.exe
      4⤵
      PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
      4⤵
      PID:7344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
      4⤵
      PID:2684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 220
        5⤵
        Program crash
        
        PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
      4⤵
      PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
      4⤵
      PID:5704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
      4⤵
      Program crash
      PID:7064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20623.exe
    3⤵
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      4⤵
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
      4⤵
      PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      4⤵
      PID:7408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
    3⤵
    PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52002.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
      4⤵
      PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      4⤵
      PID:7316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exe
    3⤵
    PID:4000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
    3⤵
    PID:6660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35059.exe
    3⤵
    PID:7448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        5⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        6⤵
        
        PID:2368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
        6⤵
        Program crash
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12074.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        5⤵
        
        PID:5940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        5⤵
        Program crash
        
        PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
      4⤵
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
        5⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        6⤵
        
        PID:5792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
        6⤵
        Program crash
        
        PID:2112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        5⤵
        Program crash
        
        PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27324.exe
      4⤵
      PID:1700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 220
        5⤵
        Program crash
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
      4⤵
      PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
      4⤵
      PID:7112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1526.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
      4⤵
      PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        5⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
      4⤵
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16053.exe
      4⤵
      PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
      4⤵
      PID:7232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52065.exe
    3⤵
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
      4⤵
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
      4⤵
      PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      4⤵
      PID:7212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
    3⤵
    PID:3088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 240
    3⤵
    - Program crash
    PID:4456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
      4⤵
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
        6⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        5⤵
        Program crash
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
      4⤵
      PID:3908
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
      4⤵
      Program crash
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
    3⤵
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      4⤵
      PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
      4⤵
      PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      4⤵
      PID:6824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
    3⤵
    PID:3228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
    3⤵
    PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
    3⤵
    PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
    3⤵
    PID:6528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
    3⤵
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
      4⤵
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe
        5⤵
        
        PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
      4⤵
      PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
      4⤵
      PID:6808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22847.exe
    3⤵
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59425.exe
      4⤵
      PID:7820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28062.exe
    3⤵
    PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
    3⤵
    PID:6184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
    3⤵
    PID:7472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
  2⤵
  PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
    3⤵
    PID:2380
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
      4⤵
      Program crash
      PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
    3⤵
    PID:3452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
    3⤵
    PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
    3⤵
    PID:6380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
    3⤵
    PID:7520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
  2⤵
  PID:2648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
  2⤵
  PID:6076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
  2⤵
  PID:7360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe

Filesize
468KB

MD5
dfd0a2d0f1f914ce92813c550842dabc

SHA1
039e312607c0e71ece0d82b7a28b0625e064a062

SHA256
aa8ba19d415f4ee68289b52f51e6d9714a209f01f00afc50ad6251e3065c5d13

SHA512
269e19c969f142f90f648585cc3b62f2a4256308bc519b7b65e418a1cba1d65906e6ae63b9606ccd016bde00b87686baab5764243dd11b3c33fe206e19bb2dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe

Filesize
468KB

MD5
339d66872fcf2aaf54086bc5dae5d862

SHA1
8c918e7c0097fca12cda92e8a9b4290e2d0a0861

SHA256
a1d8c1c123f6934eb36d407896053d69b8553dbc09e36cc124f953b51c81ea51

SHA512
2bfe1bbf07287a8b99eaa1fedecb3ab9be51d55cbd8e2ca1025925bfd3303e1243607e74858e4aa38188823acfb20d6bc6b13d9ef2d89d9622ebd3d7afa8311a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe

Filesize
468KB

MD5
6ba6343fae8c2a8c3d8414b5186cbe62

SHA1
cc8e7b73babc4d6a5150b7aa60060973551dbd50

SHA256
f40160e470fbdf289757ec65c46888ae3328707f9f7644c0b0c29cb53bf3d47a

SHA512
237087b29cbdd8bee3abd2d4f06bbb1ddecff05c7aba68a90d1eedd23c91e590b68c9415b1a94ace2de112e6961634ee68710e2d9e0db1c266bf6aed22bc1e58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe

Filesize
468KB

MD5
e04abfd86781e9f91c91bc62c8bf60d8

SHA1
7991fed511bf6f2028c08dd45d5ebb9768853bc0

SHA256
ab4de3d8f5858b6c112eefe7370aaff70cb7220075ed3e486d3f0ebb021a5b94

SHA512
3c5285e3c98297374a54f93dff40078e49f610c9acb623a4a750443c2670a1b933670041d6f5a62811ee98605b28a8589001a5366da379740a5b438f20af07d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe

Filesize
468KB

MD5
3b7d02e136ce352d416d86828cf43daf

SHA1
8349c7ee8010270a4d8d0d5aa3944c02f67394d5

SHA256
0b2ad4b9a1b664481233e7d2fefb67459f8188488dff4b1dd385ee3cda28b8c4

SHA512
afb852e6579ea06dd5215061ef0017b4ede67c89e64a90ee2604c211de6cc479ebe43c98ebfd11be42eb3991ac30f7f9bcce301ec8e243b7f87ce51a88e2b691

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe

Filesize
468KB

MD5
f77214139cf344a5d774c15dc566f81b

SHA1
c17f93e6421f5ad66259e17dee0f8a0c91781eb3

SHA256
0b3055da8dad5251cd673e080b228f73c3c83eba32f9ccf4675beda6b3028c73

SHA512
e18f6dd22778fc92d21c14631f8d94651da3692f5e05c4f3e638564521d6af6570615a01fcdd9044bc1ea388c0237dcfa4e28f2ad04aade180d04a38e16bf489

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe

Filesize
468KB

MD5
17d764fb5e80ce19bd8b8526add4dcd3

SHA1
fc92916e25d7979eb2e81131f46466c5abd75783

SHA256
4f882573e0e584127317a9d48783144327a821012f6138fc9e66ed84dd0c4302

SHA512
77dccb2eed12568c0c3c98a67513232e6e2c307148c88ea77cc1c0aaf19081aee0953216dc3c4505a4a0bee4dde97b5a93b38e984c703316b2314aca492af3a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe

Filesize
468KB

MD5
40847fad8ab510d53d9f8be9c268fac1

SHA1
f25febc37bbc646731eb87ffa4b63f25b1927288

SHA256
116e81325debddd674927d998a6eb761627fc8bb3338cee5f28a206ea8c90821

SHA512
770cf692bfcb1bcaa676918d1c1a72f5a1a8298895773537b2203217dbd785cd3ccc25a9c7a3cfcbb6ede53a6a047c1dc88d65d1ecd4a056126d25d401e907e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe

Filesize
468KB

MD5
0cc97b4008349a6e140fb5ed9066cc1d

SHA1
a77b19479607b9234f8671daaf989a185d1eb1e7

SHA256
67736127c5264382eb1fae3cf39415983e1cf29ca3d9dc2bcdbb047e307874b1

SHA512
23b5089c1c288254d20419f794bba49396275ab2b13584ea93623c155b3e43527ff2e190e63c9c1e41a88d773e2fba1239c76a1f794fb06cf64cc5bd185c86bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe

Filesize
468KB

MD5
4a0d617afeabd40503e6a5a549dd239e

SHA1
e194b5f2411927d2cdd52fe37ff96353567fc9a6

SHA256
2ef3113f099b8804a0afdabcb3c9078b1fdced0d3427d70be90973694427819d

SHA512
70bc81b7decf85a1702508d43a64742a1eab5078b297adef110ade3b6cc599f999bbd9c600ad3415abf01a6ed5694edf7c048128540b36a730af7bde5dfb0996

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39496.exe

Filesize
468KB

MD5
e24b661ff75d5b866b70a8068e7e78c5

SHA1
fa010d81c46c5cd73fb0777a64116b389d911018

SHA256
19d1f97df7ef49a03fe38e4c115d51aa365cb9978b60afb327cc4e1fa824765e

SHA512
e2992b3dda2882420a2c768ad848137be3ff9479a494b8dbb0e25e4d14402d6a2b95c5523479d018d2372620ea7449050871cd3149cb1794b902914455fb5653

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe

Filesize
468KB

MD5
33158351b6e5a5d96cb6e1652ae57b60

SHA1
00b4fe96ddf577493636c5d111e9c4f9ee3ff5bb

SHA256
e593401c1d867f5da679ec6100ec3dc10f22c81d1b9d782434c2b40ae7f13a4e

SHA512
1b842e00f462652d249f84b7e3e20a784be70d21c2f4fdd76da1270c5d5b14df24618f08f3910f4c91300847b2ca733699ef3f18a1f4800a6deb027826e338c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe

Filesize
468KB

MD5
bcd05c6e8f1ffc5e877b45fca02764ae

SHA1
7b84b7e1ae31397eec8f13e85012fa1d6a0e1c0a

SHA256
a94d6fa8a2c2c0478c4364846c9bab64476e4bfb8c38a30412342930e63e1ecb

SHA512
f9db9b4898497014cca1323441c6675535cb6fdfec26b2fb6e029518dad8f7e492653b71c1ef6c8d5a81b4bfa309a140f766b9809878a5bc3fa7b9e5f992d237

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-576.exe

Filesize
468KB

MD5
2b165b6ef212f3958efe0ae261e40691

SHA1
a250c5d6148b3c5836b500005918742d85aabcb4

SHA256
96b74856688a10656be1e1d90ceec43c39f33a9c1ed31af95c21213fe7fe7f33

SHA512
5b8abb28e9221e1f55e9e9abe9c7cd5047c4c2ee5600b20ceb3290eafa84ad7be54888edb2c3bc5bcc6dc2f3bc439349430a7b100dda36687906481025ba8b49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe

Filesize
468KB

MD5
75e7cdec368dc29cb582ce81869d1bb5

SHA1
f79c52ce3f9ef6b3c51fbb50dfbb89c0a2dd8a49

SHA256
e65580872257380f0b8c692d20380ac81b7b33490bc2c236390d3b04b28b564c

SHA512
c21b4a8b7a7e1c3588e9312cdcc7f976b69b64880b7f6ffd3f2244ba2f99861d35859c51d292b1fd59470d5ecc9e818eee9d59ab48a406d045b976ec4becea21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe

Filesize
468KB

MD5
79ac4764518b567cc9760f576a551ef9

SHA1
4eca8e5a348f47177adf8027118ad72e4febc5b1

SHA256
dd012404edbcb8e14dcc93f45f66cbf99b53ff9b78c8791087ee745334b5842a

SHA512
1e6de94dfc233ba2dff7b9b8e840984589886959a6cb0980218aa98044f1f776fc287c0a79de534026d8e3360b2a7dac5c1e195b5508f0da51627fe4337cb17a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe

Filesize
468KB

MD5
e8c465a8e3f8a532082bd22bfbe89bcb

SHA1
d611f6de290a7203214e5cb850bec20da5db22ea

SHA256
19faa1c24fac3c311adbf6e22d64800c16438c3da8fd55fee6f9ee4472bf6afb

SHA512
6594536eec650af8054355f90ba76bb5e9401665e195f378ac1a7c0347d4c9e5fdf1893f820a4f14617464fe29c08158ac2b28e43f61c630d9a13a7e85a1b345

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe

Filesize
468KB

MD5
5edee6acbfd5b59232aa6d4ee7baf10a

SHA1
bca8be65ed62ab6966fbbbc027309bfff418fb47

SHA256
8025ecf8f236447fdecb3948a34b75722849f5465a4f645f3e7a58a018191cc1

SHA512
2d24371c696421f431331ca7614ccffabfcf07c0279f597f4a05789feb201be9dca196a9ada7352a6c6e97cfe923c0d045b85c54f15cb66243b43aaa98170031

Download Submit
memory/316-280-0x0000000001DD0000-0x0000000001E45000-memory.dmp

Filesize
468KB

Download
memory/316-292-0x0000000001DD0000-0x0000000001E45000-memory.dmp

Filesize
468KB

Download
memory/316-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/320-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/780-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/828-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/868-252-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/868-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/868-256-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1028-240-0x00000000024A0000-0x0000000002515000-memory.dmp

Filesize
468KB

Download
memory/1028-239-0x00000000024A0000-0x0000000002515000-memory.dmp

Filesize
468KB

Download
memory/1028-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1096-337-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1096-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1256-219-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/1256-218-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/1324-356-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/1324-345-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/1324-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1624-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1668-397-0x0000000002800000-0x0000000002875000-memory.dmp

Filesize
468KB

Download
memory/1668-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1668-398-0x0000000002800000-0x0000000002875000-memory.dmp

Filesize
468KB

Download
memory/1684-379-0x0000000003390000-0x0000000003405000-memory.dmp

Filesize
468KB

Download
memory/1684-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1792-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2088-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2116-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2132-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-166-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2252-163-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2252-297-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2252-399-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2252-54-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2252-306-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2252-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2300-282-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2300-24-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2300-365-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2300-131-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2300-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2400-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2444-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-382-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/2512-11-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/2512-165-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/2512-164-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/2512-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-281-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/2512-10-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/2512-271-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/2536-120-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2536-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-315-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2536-132-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2536-311-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2652-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-137-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/2656-275-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/2656-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-272-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/2656-142-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/2656-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-66-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-193-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/2708-346-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/2708-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-192-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/2756-363-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/2756-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2756-204-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/2756-206-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/2756-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2756-364-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/2764-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2792-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-59-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2840-409-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2840-230-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2840-228-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2840-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-106-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2840-400-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2840-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-298-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2872-307-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2900-249-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/2900-134-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2900-245-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/2940-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download