735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
Size

468KB
MD5

1a80eb0ee8845ff0db2f496d2cbd98d0
SHA1

d32c78fbd5463430b02fb625107fceecf000e06c
SHA256

735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194
SHA512

b0dc98b79ba8ccffa6231a6c827023993ec19f8efdfd1b350d6d19d73080dc2e2e838b4f8a7594dc0012456edacdd73639ac85ad4fe3b48a68497fd722f85a3d
SSDEEP

3072:mYz7ogKxjX8YFbYVPz3yqf8/iptF7PpgAmH09lOXulm0A+5LSDls:mYfotMYF2PDyqfDBr0ulP75LS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2612	Unicorn-52481.exe
332	Unicorn-18116.exe
3020	Unicorn-3171.exe
2804	Unicorn-19783.exe
2996	Unicorn-5392.exe
2952	Unicorn-64799.exe
2696	Unicorn-51064.exe
2268	Unicorn-58267.exe
1608	Unicorn-21511.exe
1292	Unicorn-7483.exe
1744	Unicorn-53726.exe
1856	Unicorn-23265.exe
1936	Unicorn-4882.exe
1684	Unicorn-56684.exe
2940	Unicorn-11012.exe
2176	Unicorn-58350.exe
2452	Unicorn-12034.exe
1232	Unicorn-13788.exe
2248	Unicorn-64380.exe
1708	Unicorn-39114.exe
320	Unicorn-48044.exe
1656	Unicorn-62626.exe
3032	Unicorn-20394.exe
1400	Unicorn-40260.exe
2520	Unicorn-40260.exe
892	Unicorn-21786.exe
1220	Unicorn-1920.exe
768	Unicorn-29954.exe
1648	Unicorn-29689.exe
2844	Unicorn-34705.exe
2608	Unicorn-34705.exe
2832	Unicorn-21449.exe
2816	Unicorn-15894.exe
2800	Unicorn-3742.exe
2764	Unicorn-50805.exe
1088	Unicorn-55252.exe
748	Unicorn-49651.exe
756	Unicorn-9580.exe
1792	Unicorn-6051.exe
2756	Unicorn-6051.exe
1800	Unicorn-25917.exe
2456	Unicorn-40399.exe
1928	Unicorn-46529.exe
356	Unicorn-28055.exe
3048	Unicorn-8189.exe
1796	Unicorn-28722.exe
2592	Unicorn-34588.exe
1540	Unicorn-25922.exe
896	Unicorn-19263.exe
1444	Unicorn-14987.exe
2352	Unicorn-24739.exe
1752	Unicorn-34853.exe
2980	Unicorn-43767.exe
1092	Unicorn-13062.exe
1076	Unicorn-44152.exe
316	Unicorn-58371.exe
1688	Unicorn-51007.exe
284	Unicorn-7032.exe
684	Unicorn-40150.exe
468	Unicorn-60016.exe
2360	Unicorn-53886.exe
2468	Unicorn-55667.exe
2492	Unicorn-60016.exe
3008	Unicorn-13237.exe

Loads dropped DLL 64 IoCs

pid	Process
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
2612	Unicorn-52481.exe
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
2612	Unicorn-52481.exe
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
332	Unicorn-18116.exe
332	Unicorn-18116.exe
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
3020	Unicorn-3171.exe
3020	Unicorn-3171.exe
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
2612	Unicorn-52481.exe
2612	Unicorn-52481.exe
2804	Unicorn-19783.exe
2804	Unicorn-19783.exe
2952	Unicorn-64799.exe
2952	Unicorn-64799.exe
332	Unicorn-18116.exe
332	Unicorn-18116.exe
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
2996	Unicorn-5392.exe
2996	Unicorn-5392.exe
2612	Unicorn-52481.exe
3020	Unicorn-3171.exe
2612	Unicorn-52481.exe
3020	Unicorn-3171.exe
2696	Unicorn-51064.exe
2696	Unicorn-51064.exe
2268	Unicorn-58267.exe
2268	Unicorn-58267.exe
2804	Unicorn-19783.exe
2804	Unicorn-19783.exe
1608	Unicorn-21511.exe
1608	Unicorn-21511.exe
2952	Unicorn-64799.exe
2952	Unicorn-64799.exe
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
1744	Unicorn-53726.exe
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
1744	Unicorn-53726.exe
2940	Unicorn-11012.exe
2940	Unicorn-11012.exe
2696	Unicorn-51064.exe
1936	Unicorn-4882.exe
1856	Unicorn-23265.exe
2696	Unicorn-51064.exe
1936	Unicorn-4882.exe
1856	Unicorn-23265.exe
1684	Unicorn-56684.exe
2996	Unicorn-5392.exe
1684	Unicorn-56684.exe
2996	Unicorn-5392.exe
1292	Unicorn-7483.exe
2612	Unicorn-52481.exe
1292	Unicorn-7483.exe
2612	Unicorn-52481.exe
332	Unicorn-18116.exe
3020	Unicorn-3171.exe
332	Unicorn-18116.exe
3020	Unicorn-3171.exe
2452	Unicorn-12034.exe
2452	Unicorn-12034.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3068	2248	WerFault.exe	48
1420	1856	WerFault.exe	42
1876	2996	WerFault.exe	36
1544	1936	WerFault.exe	43
984	332	WerFault.exe	33
932	892	WerFault.exe	56
1700	1400	WerFault.exe	54
1464	768	WerFault.exe	58
868	2520	WerFault.exe	55
1004	1220	WerFault.exe	57
808	1648	WerFault.exe	59
608	2844	WerFault.exe	61
2752	1928	WerFault.exe	74
2768	2876	WerFault.exe	113
3356	3308	WerFault.exe	214
3452	2160	WerFault.exe	143
3916	2456	WerFault.exe	73
3992	916	WerFault.exe	122
3952	2524	WerFault.exe	119
4056	2352	WerFault.exe	93
3156	2332	WerFault.exe	137
3840	2116	WerFault.exe	121
3508	1552	WerFault.exe	111
3944	2252	WerFault.exe	107
4436	2960	WerFault.exe	165
4656	2776	WerFault.exe	125
4772	1576	WerFault.exe	132
4764	2244	WerFault.exe	135
5024	2788	WerFault.exe	128
5036	1076	WerFault.exe	97
5056	2592	WerFault.exe	89
4108	2420	WerFault.exe	169
4136	1200	WerFault.exe	130
4628	2896	WerFault.exe	157
4924	2208	WerFault.exe	141
4940	3824	WerFault.exe	201
4976	1864	WerFault.exe	139
5020	2584	WerFault.exe	109
4992	2360	WerFault.exe	105
4880	684	WerFault.exe	101
5172	2916	WerFault.exe	114
5156	468	WerFault.exe	103
6112	3048	WerFault.exe	76
5452	1152	WerFault.exe	167
5228	1092	WerFault.exe	96
2404	2800	WerFault.exe	64
2172	1684	WerFault.exe	44
2000	1656	WerFault.exe	52
5280	2736	WerFault.exe	151
7164	3176	WerFault.exe	183
7088	3012	WerFault.exe	177
6376	2088	WerFault.exe	116
7372	2612	WerFault.exe	30
7980	3000	WerFault.exe	108
7524	2764	WerFault.exe	65
7508	356	WerFault.exe	75
7608	1620	WerFault.exe	159
7520	2816	WerFault.exe	63
6960	1628	WerFault.exe	145
7720	3520	WerFault.exe	191
7760	2904	WerFault.exe	129
7684	3424	WerFault.exe	189
8008	2452	WerFault.exe	47
7892	2872	WerFault.exe	133

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42000.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
2612	Unicorn-52481.exe
332	Unicorn-18116.exe
3020	Unicorn-3171.exe
2804	Unicorn-19783.exe
2952	Unicorn-64799.exe
2696	Unicorn-51064.exe
2996	Unicorn-5392.exe
2268	Unicorn-58267.exe
1608	Unicorn-21511.exe
1744	Unicorn-53726.exe
1292	Unicorn-7483.exe
1856	Unicorn-23265.exe
2940	Unicorn-11012.exe
1936	Unicorn-4882.exe
1684	Unicorn-56684.exe
2452	Unicorn-12034.exe
1708	Unicorn-39114.exe
2176	Unicorn-58350.exe
1232	Unicorn-13788.exe
320	Unicorn-48044.exe
2248	Unicorn-64380.exe
1656	Unicorn-62626.exe
3032	Unicorn-20394.exe
2520	Unicorn-40260.exe
1400	Unicorn-40260.exe
1220	Unicorn-1920.exe
892	Unicorn-21786.exe
2844	Unicorn-34705.exe
768	Unicorn-29954.exe
1648	Unicorn-29689.exe
2608	Unicorn-34705.exe
2832	Unicorn-21449.exe
2800	Unicorn-3742.exe
2816	Unicorn-15894.exe
2456	Unicorn-40399.exe
1088	Unicorn-55252.exe
756	Unicorn-9580.exe
2756	Unicorn-6051.exe
2764	Unicorn-50805.exe
1792	Unicorn-6051.exe
1800	Unicorn-25917.exe
356	Unicorn-28055.exe
748	Unicorn-49651.exe
1928	Unicorn-46529.exe
3048	Unicorn-8189.exe
1796	Unicorn-28722.exe
2592	Unicorn-34588.exe
896	Unicorn-19263.exe
1752	Unicorn-34853.exe
2980	Unicorn-43767.exe
2352	Unicorn-24739.exe
1540	Unicorn-25922.exe
1444	Unicorn-14987.exe
1092	Unicorn-13062.exe
1076	Unicorn-44152.exe
316	Unicorn-58371.exe
1688	Unicorn-51007.exe
284	Unicorn-7032.exe
684	Unicorn-40150.exe
2360	Unicorn-53886.exe
468	Unicorn-60016.exe
2468	Unicorn-55667.exe
2492	Unicorn-60016.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2612	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	30
PID 2636 wrote to memory of 2612	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	30
PID 2636 wrote to memory of 2612	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	30
PID 2636 wrote to memory of 2612	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	30
PID 2612 wrote to memory of 3020	2612	Unicorn-52481.exe	32
PID 2612 wrote to memory of 3020	2612	Unicorn-52481.exe	32
PID 2612 wrote to memory of 3020	2612	Unicorn-52481.exe	32
PID 2612 wrote to memory of 3020	2612	Unicorn-52481.exe	32
PID 2636 wrote to memory of 332	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	33
PID 2636 wrote to memory of 332	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	33
PID 2636 wrote to memory of 332	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	33
PID 2636 wrote to memory of 332	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	33
PID 332 wrote to memory of 2804	332	Unicorn-18116.exe	34
PID 332 wrote to memory of 2804	332	Unicorn-18116.exe	34
PID 332 wrote to memory of 2804	332	Unicorn-18116.exe	34
PID 332 wrote to memory of 2804	332	Unicorn-18116.exe	34
PID 3020 wrote to memory of 2996	3020	Unicorn-3171.exe	36
PID 3020 wrote to memory of 2996	3020	Unicorn-3171.exe	36
PID 3020 wrote to memory of 2996	3020	Unicorn-3171.exe	36
PID 3020 wrote to memory of 2996	3020	Unicorn-3171.exe	36
PID 2636 wrote to memory of 2952	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	35
PID 2636 wrote to memory of 2952	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	35
PID 2636 wrote to memory of 2952	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	35
PID 2636 wrote to memory of 2952	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	35
PID 2612 wrote to memory of 2696	2612	Unicorn-52481.exe	37
PID 2612 wrote to memory of 2696	2612	Unicorn-52481.exe	37
PID 2612 wrote to memory of 2696	2612	Unicorn-52481.exe	37
PID 2612 wrote to memory of 2696	2612	Unicorn-52481.exe	37
PID 2804 wrote to memory of 2268	2804	Unicorn-19783.exe	38
PID 2804 wrote to memory of 2268	2804	Unicorn-19783.exe	38
PID 2804 wrote to memory of 2268	2804	Unicorn-19783.exe	38
PID 2804 wrote to memory of 2268	2804	Unicorn-19783.exe	38
PID 2952 wrote to memory of 1608	2952	Unicorn-64799.exe	39
PID 2952 wrote to memory of 1608	2952	Unicorn-64799.exe	39
PID 2952 wrote to memory of 1608	2952	Unicorn-64799.exe	39
PID 2952 wrote to memory of 1608	2952	Unicorn-64799.exe	39
PID 332 wrote to memory of 1292	332	Unicorn-18116.exe	40
PID 332 wrote to memory of 1292	332	Unicorn-18116.exe	40
PID 332 wrote to memory of 1292	332	Unicorn-18116.exe	40
PID 332 wrote to memory of 1292	332	Unicorn-18116.exe	40
PID 2636 wrote to memory of 1744	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	41
PID 2636 wrote to memory of 1744	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	41
PID 2636 wrote to memory of 1744	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	41
PID 2636 wrote to memory of 1744	2636	735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe	41
PID 2996 wrote to memory of 1856	2996	Unicorn-5392.exe	42
PID 2996 wrote to memory of 1856	2996	Unicorn-5392.exe	42
PID 2996 wrote to memory of 1856	2996	Unicorn-5392.exe	42
PID 2996 wrote to memory of 1856	2996	Unicorn-5392.exe	42
PID 2612 wrote to memory of 1936	2612	Unicorn-52481.exe	43
PID 2612 wrote to memory of 1936	2612	Unicorn-52481.exe	43
PID 2612 wrote to memory of 1936	2612	Unicorn-52481.exe	43
PID 2612 wrote to memory of 1936	2612	Unicorn-52481.exe	43
PID 3020 wrote to memory of 1684	3020	Unicorn-3171.exe	44
PID 3020 wrote to memory of 1684	3020	Unicorn-3171.exe	44
PID 3020 wrote to memory of 1684	3020	Unicorn-3171.exe	44
PID 3020 wrote to memory of 1684	3020	Unicorn-3171.exe	44
PID 2696 wrote to memory of 2940	2696	Unicorn-51064.exe	45
PID 2696 wrote to memory of 2940	2696	Unicorn-51064.exe	45
PID 2696 wrote to memory of 2940	2696	Unicorn-51064.exe	45
PID 2696 wrote to memory of 2940	2696	Unicorn-51064.exe	45
PID 2268 wrote to memory of 2176	2268	Unicorn-58267.exe	46
PID 2268 wrote to memory of 2176	2268	Unicorn-58267.exe	46
PID 2268 wrote to memory of 2176	2268	Unicorn-58267.exe	46
PID 2268 wrote to memory of 2176	2268	Unicorn-58267.exe	46

C:\Users\Admin\AppData\Local\Temp\735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe
"C:\Users\Admin\AppData\Local\Temp\735891fae184e8366d2fc6153b381f3cde84ed09c2491fdb2a7da06088ac2194N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        7⤵
        Program crash
        
        PID:868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
        6⤵
        Program crash
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 220
        6⤵
        Program crash
        
        PID:1004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        5⤵
        Program crash
        
        PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        6⤵
        Program crash
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14987.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        7⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        7⤵
        Program crash
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56093.exe
        6⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        6⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        5⤵
        
        PID:2160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
        6⤵
        Program crash
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        5⤵
        Program crash
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        5⤵
        Program crash
        
        PID:608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        6⤵
        
        PID:5368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        6⤵
        Program crash
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        5⤵
        
        PID:3964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        5⤵
        Program crash
        
        PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
        5⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        5⤵
        
        PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
      4⤵
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        5⤵
        
        PID:3656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        5⤵
        Program crash
        
        PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
      4⤵
      PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        9⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        9⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50208.exe
        8⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        8⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        8⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        8⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        8⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        7⤵
        Program crash
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        8⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        8⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        8⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        7⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7577.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        7⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        7⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40561.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        6⤵
        
        PID:5004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        6⤵
        Program crash
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8189.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7032.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        8⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        7⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe
        7⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
        7⤵
        Program crash
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        6⤵
        
        PID:3860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
        6⤵
        Program crash
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        6⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        7⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        7⤵
        Program crash
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50208.exe
        6⤵
        
        PID:3192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 220
        6⤵
        Program crash
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        6⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        5⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        5⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        5⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
        5⤵
        
        PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20394.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        6⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
        8⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        7⤵
        Program crash
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        6⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        7⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 240
        7⤵
        Program crash
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        6⤵
        
        PID:7268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
        6⤵
        Program crash
        
        PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        6⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
        7⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
        6⤵
        
        PID:3900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        6⤵
        Program crash
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        5⤵
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        6⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        6⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28200.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        5⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        5⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        5⤵
        
        PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        7⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        7⤵
        Program crash
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56866.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        6⤵
        
        PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
        6⤵
        
        PID:3712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        6⤵
        Program crash
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35813.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10563.exe
        5⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        5⤵
        
        PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        6⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        5⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
      4⤵
      PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
      4⤵
      PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
      4⤵
      PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1590.exe
      4⤵
      PID:8592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
        5⤵
        Program crash
        
        PID:1700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
      4⤵
      Program crash
      PID:1544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1648
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
      4⤵
      Program crash
      PID:808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25922.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
      4⤵
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        6⤵
        
        PID:3148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        6⤵
        Program crash
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
        5⤵
        
        PID:3280
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 220
        5⤵
        Program crash
        
        PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
      4⤵
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37151.exe
        5⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
        5⤵
        
        PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
      4⤵
      PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
      4⤵
      PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
      4⤵
      PID:7904
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
      4⤵
      PID:8828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
    3⤵
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
      4⤵
      PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
      4⤵
      PID:2152
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
      4⤵
      Program crash
      PID:7892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
    3⤵
    PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5360
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
    3⤵
    - Program crash
    PID:7372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9580.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        8⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe
        8⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        7⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        6⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63797.exe
        8⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
        7⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13149.exe
        6⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        7⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 220
        7⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        6⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        6⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        6⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
        6⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
        6⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21418.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        8⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
        7⤵
        Program crash
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        6⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe
        7⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35895.exe
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3930.exe
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        5⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        6⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 148
        7⤵
        Program crash
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42060.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        6⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10949.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52996.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
        7⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        9⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        9⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 236
        8⤵
        Program crash
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        8⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        8⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        7⤵
        Program crash
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        7⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        7⤵
        Program crash
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        6⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        7⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1569.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        6⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        7⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38195.exe
        6⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        6⤵
        
        PID:6592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
        6⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        5⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        6⤵
        
        PID:3752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
        6⤵
        Program crash
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        5⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        5⤵
        
        PID:6776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        5⤵
        Program crash
        
        PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61770.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        7⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        6⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        6⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        6⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        5⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57354.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        6⤵
        
        PID:6744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        6⤵
        Program crash
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        5⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        5⤵
        
        PID:7244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        5⤵
        Program crash
        
        PID:7520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        6⤵
        
        PID:6452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        6⤵
        Program crash
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        5⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        5⤵
        
        PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
      4⤵
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        5⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
        6⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        5⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        5⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        5⤵
        
        PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
      4⤵
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        5⤵
        
        PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
      4⤵
      PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
      4⤵
      PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
      4⤵
      PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
      4⤵
      PID:8752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
        5⤵
        Program crash
        
        PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        5⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        6⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        6⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64515.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38195.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        5⤵
        
        PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
      4⤵
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        5⤵
        
        PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
      4⤵
      PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
      4⤵
      PID:8380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        5⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        6⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27700.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        5⤵
        
        PID:6548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        5⤵
        
        PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
      4⤵
      PID:2332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        5⤵
        Program crash
        
        PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47428.exe
      4⤵
      PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      4⤵
      PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
      4⤵
      PID:8364
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 236
    3⤵
    - Program crash
    PID:984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        5⤵
        Program crash
        
        PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        5⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        7⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
        6⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        6⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        6⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
        5⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 220
        6⤵
        Program crash
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40961.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
        5⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        5⤵
        
        PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
      4⤵
      Executes dropped EXE
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61770.exe
        6⤵
        
        PID:5284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 220
        6⤵
        Program crash
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
        5⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        5⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        5⤵
        
        PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
      4⤵
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        5⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        5⤵
        
        PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
      4⤵
      PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
      4⤵
      PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
      4⤵
      PID:7444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4313.exe
        6⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
        7⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50208.exe
        6⤵
        
        PID:3268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 220
        6⤵
        Program crash
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        6⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        6⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        6⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
      4⤵
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55979.exe
        6⤵
        
        PID:5684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 220
        6⤵
        Program crash
        
        PID:7164
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
        5⤵
        Program crash
        
        PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        5⤵
        
        PID:7416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58672.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
      4⤵
      PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
      4⤵
      PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
      4⤵
      PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
      4⤵
      PID:8604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        6⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
        6⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
        6⤵
        
        PID:7544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        5⤵
        Program crash
        
        PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53462.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        5⤵
        
        PID:7032
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        5⤵
        
        PID:8228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
      4⤵
      Program crash
      PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
    3⤵
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42627.exe
        5⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        5⤵
        
        PID:6692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 220
        5⤵
        
        PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
      4⤵
      PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
      4⤵
      PID:7932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
      4⤵
      PID:8812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe
    3⤵
    PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
      4⤵
      PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
      4⤵
      PID:6636
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 220
      4⤵
      PID:8236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
    3⤵
    PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
    3⤵
    PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
    3⤵
    PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
    3⤵
    PID:7228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
    3⤵
    PID:8180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        6⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61459.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        7⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        6⤵
        
        PID:5116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
        6⤵
        Program crash
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        6⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        6⤵
        
        PID:6552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        6⤵
        Program crash
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20305.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        5⤵
        
        PID:5032
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        5⤵
        Program crash
        
        PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
        5⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        6⤵
        
        PID:3980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        6⤵
        Program crash
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        5⤵
        
        PID:3080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
        5⤵
        Program crash
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34500.exe
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        6⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        5⤵
        Program crash
        
        PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20384.exe
      4⤵
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
        5⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46833.exe
        5⤵
        
        PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
      4⤵
      PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
      4⤵
      PID:7472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55252.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47811.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        6⤵
        
        PID:7864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 220
        6⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        5⤵
        
        PID:6604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        5⤵
        
        PID:8000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        5⤵
        
        PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
      4⤵
      PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
      4⤵
      PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
    3⤵
    PID:2876
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 220
      4⤵
      Program crash
      PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
    3⤵
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
      4⤵
      PID:8036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
    3⤵
    PID:3836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
    3⤵
    PID:6052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
    3⤵
    PID:6656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
    3⤵
    PID:7696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
    3⤵
    PID:8636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39114.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39114.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        5⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
        6⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        6⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        5⤵
        
        PID:3368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 240
        5⤵
        Program crash
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
      4⤵
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        5⤵
        
        PID:4052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        5⤵
        Program crash
        
        PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
      4⤵
      PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
      4⤵
      PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      4⤵
      PID:7252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
      4⤵
      Program crash
      PID:7524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
      4⤵
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        5⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        5⤵
        
        PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
      4⤵
      PID:3664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
      4⤵
      Program crash
      PID:4880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
    3⤵
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
      4⤵
      PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
      4⤵
      PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
    3⤵
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
    3⤵
    PID:5976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
    3⤵
    PID:6564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
    3⤵
    PID:7656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
    3⤵
    PID:8668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
    3⤵
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10343.exe
      4⤵
      PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        5⤵
        
        PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        5⤵
        
        PID:7012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
        5⤵
        
        PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
      4⤵
      PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38195.exe
      4⤵
      PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
      4⤵
      PID:5512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
      4⤵
      PID:8172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
    3⤵
    PID:2960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
      4⤵
      Program crash
      PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
    3⤵
    PID:4964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
    3⤵
    PID:7284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
    3⤵
    PID:8252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11626.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11626.exe
  2⤵
  PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
    3⤵
    PID:3272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
    3⤵
    PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
    3⤵
    PID:6264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
    3⤵
    PID:7292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
  2⤵
  PID:3700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
  2⤵
  PID:4576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
  2⤵
  PID:5136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
  2⤵
  PID:7360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe
  2⤵
  PID:8244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe

Filesize
468KB

MD5
43873b23895e72eaf27d4f700c904f38

SHA1
8c31defe1596fe9ff077a35a433884f6942db424

SHA256
3759febbe36242c95ac60cd0f20d43e804d59af4d6d72bb8ca6af75616d2e87d

SHA512
7094ab371146cc9aa44124f21f19232bafd1bfc85a96280650c7d2ca1da9ad3640f2d0ae67bd572ff5bdc7257e242324114ca744cc05c9e4b272680e36370f1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe

Filesize
468KB

MD5
e18f3956f3d0ec203507ddea3cef31e9

SHA1
b78721432bbb2e296cf790c8c8cf3bf5da5a77e4

SHA256
31b085135df4f5559d5565bb3f16f3bae0ae1fb1b29802e7ecfe0b8e473b4210

SHA512
6700ccc493ee91db510e788d0f903b159b18a4d6ddb8b3aff6c2ad86c69c06e9b7049383f3b13839877c9243ca0c3003489096b95c9edcd615ec5f527a2b7875

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe

Filesize
468KB

MD5
3da878533a2495eaf9cfb9fca91ba900

SHA1
a63fc2ba7538643e42acb6d0284398db01aca12b

SHA256
2ba8381738611fcaca8723b323420a07e11a95db3286a776a16a882705f4247d

SHA512
b16a373b6cb119d05d6378c1425e79bdd86cc9ecaf562ce3f3120569c7e48f5bf84e762ddd452bcd1d974bf438dc829ac5ec0f2a34564657c6c3be5cc043c177

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe

Filesize
468KB

MD5
68c4f35339ec302baeb5e822f8478ddd

SHA1
5b3e179326e6431d873be72f6ccc45d921841b70

SHA256
328eb6fc39146f1645df1b094c7aadb28ff423e94f73e848c0f4963fac8aef33

SHA512
3277d3f385ae880253fad435e01e79590ec1a47c99c5a2f725a77d55ef5612d844ed08ff12dbdb632239a4cd11bfca7e1403260421cbbfa588fff30a4140e954

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe

Filesize
468KB

MD5
0fe786161529ae9280510ba1b803be29

SHA1
0c5c429f7afec4574c489da5f0ebda4fc49fe62f

SHA256
78c1e3db2f6649ad29f5671a7b23d270f7fdf703e6143e53d03a50b8446480a6

SHA512
a49ec0a2671de94517157be0e32da68e1f1e1cef0106c2cfe93195e343d574d93b6a2589b957032375a5ec63be96c2e4fa701154711bc65d987e8e0e3185f616

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe

Filesize
468KB

MD5
b2ba145b5b9b5cb5e0833668c8b6bf7a

SHA1
ccd35a4eb88d1a84de3edf8b66380e2db1177f01

SHA256
3863c30a138f55ba3a27e539d6d7649acdb3f19c4c1176836a248414751728af

SHA512
e5f505451093221add3e9c09e6ecc21fd5ddd3d7359061267b4729215ba88a9ba0afd0ea49cea157088f18fb1a5c6e79a5043fc17e3186c9a4246c6894522257

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe

Filesize
468KB

MD5
e793e8575f6c024e06b80932eebbcce7

SHA1
0b0f3364dd17ba89ed5bca9ccc40fbaecc6ad003

SHA256
fdecc52a7888da02507ba67e405cd0e347ef2c0057c792201356e995d107f694

SHA512
404406416866a9af8ff11a2faf204ff0aac725a64e71b98f604fae8ab803d06bf479f820433749d7e8bb83e3049267e031e2310bd9762b02cea8f9b735a3b574

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe

Filesize
468KB

MD5
bf503e498c0afafefece09ca4938f21d

SHA1
f465d97cd62431f4bb8fe4f7e4d7e92eb69b7b90

SHA256
075e4e4e43cd17a5c1d75a4d2ed2607a69b87579d80d1c51672c355499294716

SHA512
9e16fc792d6c8accf7e4eddaa2dec7c73244fdf260e2af2b30adb0b33539be3c3cd1dd554bf9afe5859cae088f84b847d6abd5171c11b11fcb4a7d368895dbb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe

Filesize
468KB

MD5
dda36735e809ca24590c420270a66f7b

SHA1
b59cc2ee570b9ea57de05fb0f3594f56b3613567

SHA256
a049557b9c9d36971c96a09be6b7465688c9effacc64dd00f798ec9e0a5539ba

SHA512
8062efcb77a0087fb0c63c83c33887af00b2792994f35be31372e0dcf9cc3be9164ea02932ce9d7d21136c29c4865ed0d5e5d00b1b6dc84f1851f26dfedff32a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe

Filesize
468KB

MD5
b6754aa424818bd6cb4cf93008de3e12

SHA1
611fb7fb4eab60013268a489cc88ba9bee9588ed

SHA256
80b86cd061c3167227107f08107d731f49a04683cb0e9998157a820403a2d0f2

SHA512
8824d83d11f5b25089a15e12d5d1567449eadebf365124f3b548186304ad25cd50e8491902f5a58a5a16b1fe69b6b95f919ba5c0903a372a27a12fc08a3b76be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe

Filesize
468KB

MD5
08a44f63a6901039ca5d551de8c3c4ce

SHA1
2102fef472a185c821cf08fce453664421060216

SHA256
9ccb9e57d6e9a34bdf65ef21fa0250fac8b6e27c9ad813f0e58e1fcd861b3d84

SHA512
783e7d4ec0bfd76af93caa46694b4360d1d5eb133f9147c93da01de0c28428636ac0a4ec340aa54ff672509fe0a4b340ca70a8f6f551976f9270c67196c84f88

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe

Filesize
468KB

MD5
10e562b72f53650b374917627dccd0dc

SHA1
df766737522564f2d8ea1fd9fc30ae01fc14a70d

SHA256
0c5acbf9f42f19f0b17a604d56009072936439c487d19d73d360054010e61fa4

SHA512
d056489ddcc40028069e3cab9d04cf8bfe6dfaa178754a505bbee77e4448f2851a05ef2614eddaf36e09f04843426342ffa090b6369a28a73f83a7927886c00e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe

Filesize
468KB

MD5
3a3d5731f34a909637f9dd0366886c97

SHA1
d3718ef94a0f2dbca4335b3b4e7336f49ac165fb

SHA256
92eb597a97c52018b6e7354b11818a6de3fa4c74b27042b5d259cd0f8a9fe07f

SHA512
3833c89d943653e3e8cad8ae5f7d550e20cfef9444bbcc567189cfa6752be3a82781cc36bc7c29be77162dc6359bc7d507740acd71e50e76dcb29bdc995ab6d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe

Filesize
468KB

MD5
b2ff723cd832dc2a5afce81426e752ac

SHA1
8b93c47b4c41cf1b4f7e5c02b7a5f0e3a92e5fa3

SHA256
e01a6b9f85426de5bef45e654dca7db6f60cb3203f04afbabc2150522a0b98af

SHA512
268306bc73863fe00b2380a17262eea9edb1c14f1cd603dc208ac899f3c800da4db4701490f58921e6e7401083e68ea5afe4b3ab7d70721713f84b9f4bd9ae7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe

Filesize
468KB

MD5
3a77a17f8ec89ad4c4567b63c3e2b7bb

SHA1
0fba6a1f2589613f23fb819d71e65c15d72aea5a

SHA256
5acf9a086b54befcbce06872f43123e16356e2bdaef455a8969752ff025fb1ed

SHA512
c755be23c6e4cc30ffe3bf5814e209210ca7549991b43086dabc5fd403681dbfdf9e5493c612d5f6dcac81b0c32b3ed879597e1f8c3a14285c389ba4e35a6bd3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe

Filesize
468KB

MD5
f2226d1bc50e8f4545541bfd85310097

SHA1
e5914419fb6e1dbfa65b7aa11ae61ce276a66cba

SHA256
81b63249247379f37b4562e2b93a0753ace6cbc719842a513069e7c883ffbc2b

SHA512
92eec3648b4178a665fe09d632a57f1a6062d9ea1999f517a52ebc6567b79efac5e132eb2240b26ed45f8024a7e67bb88ede01ea53642e884d1157f6fb21b4fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe

Filesize
468KB

MD5
e68fa8f79d5606cd9723e201ffb0f3a2

SHA1
68beb806a9557654406cf455a6c8b17a7c7ff2f6

SHA256
60d54d9136fa2d691e3d4cea8e3fe0d6bf7236887578fdcf625a28ae488e5300

SHA512
0cb9e7485520b5f2e962be1f334e4ab7a62843927ac58d4ceeceda6ac2b14e66977e4474671c08f7d0977b19b272a7df5d9752419f19cf14c4239d7b258bfb17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe

Filesize
468KB

MD5
af5eed99d1044cdb6a3ca25bb1031c13

SHA1
58d4d54a57b5321614407c29c3b5dce6d76362cd

SHA256
ab9e2009e3adc38eadc00dfbb1db4fa10886b798b0ebcf69fb2611a2352de10d

SHA512
8158effa3726ec28ee8cdb3ab9fc7774d7fdd55102e542c22b343e9065413ffc945d22672ebaaeea7c7b8e2ffaa078cb6b2fa87f6ee7aa7b92e3a4462d08fc32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe

Filesize
468KB

MD5
00a6fcee5a5de10a68c06613192184de

SHA1
33e6dc20806e9f442367c230dc34740117663fe7

SHA256
812993e3f8374d87fa510c6c54025ae725688612a1842581d06f63b540ae3efa

SHA512
b5c2915c94f67a6e0981907e7e00f7392982620254f0a2f9c5eefd9c304606769c3e9973cbdd86c63b1a37217d1869b16f0eb6ba825a59ee4ff5c3b389b2b102

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe

Filesize
468KB

MD5
3a3e02a46d8da82f29e32c08c4e03e03

SHA1
8e4d774a088432ff427170950508c3208b8f4e09

SHA256
876c9f20ddb5ec25968603a4c7709c8b3350ef414e55e692911563f1e7d0c74b

SHA512
63e6231006113b29c135aa3e1433b912bc70ade7531cbbd7e327c70514ab09da0366f050be7f8bc04ab88b12a801fb6f3bdab523343be05102c8d61f43204389

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe

Filesize
468KB

MD5
2f2832f33944c88cd373eef10468d1be

SHA1
b29b02653d8bca4279a7660aa077595c2e8f8571

SHA256
51364e1499f9c0e9b258bfb1079b6154755ac2182f0d33bf498a58a8377e617d

SHA512
b19314e4873b3026f43c623dba12a0f2f92a41d7e8d082fe5c6a650b19a85f4bc8ce20457f19ec3889ebf65b90ddb699681c6a8bca7943257b0c3d58dac6b92d

Download Submit
memory/320-368-0x00000000033C0000-0x0000000003435000-memory.dmp

Filesize
468KB

Download
memory/320-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/320-369-0x00000000033C0000-0x0000000003435000-memory.dmp

Filesize
468KB

Download
memory/332-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/332-320-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/332-49-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/332-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/332-318-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/748-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/756-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/892-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1088-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1220-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1232-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1292-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1292-309-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1292-302-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1400-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1608-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1608-228-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1608-227-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1648-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1656-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1684-300-0x00000000027E0000-0x0000000002855000-memory.dmp

Filesize
468KB

Download
memory/1684-298-0x00000000027E0000-0x0000000002855000-memory.dmp

Filesize
468KB

Download
memory/1684-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-372-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/1708-381-0x00000000031D0000-0x0000000003245000-memory.dmp

Filesize
468KB

Download
memory/1744-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1744-248-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/1744-238-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/1856-283-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1856-274-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1936-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-282-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/1936-273-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/2176-396-0x00000000024A0000-0x0000000002515000-memory.dmp

Filesize
468KB

Download
memory/2176-402-0x00000000024A0000-0x0000000002515000-memory.dmp

Filesize
468KB

Download
memory/2176-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-195-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2268-196-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2452-342-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2452-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2452-346-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2612-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2612-305-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2612-21-0x00000000033A0000-0x0000000003415000-memory.dmp

Filesize
468KB

Download
memory/2612-315-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2612-82-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2612-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2612-151-0x00000000033A0000-0x0000000003415000-memory.dmp

Filesize
468KB

Download
memory/2612-163-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2636-132-0x00000000034E0000-0x0000000003555000-memory.dmp

Filesize
468KB

Download
memory/2636-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-354-0x00000000034E0000-0x0000000003555000-memory.dmp

Filesize
468KB

Download
memory/2636-12-0x00000000029B0000-0x0000000002A25000-memory.dmp

Filesize
468KB

Download
memory/2636-131-0x00000000034E0000-0x0000000003555000-memory.dmp

Filesize
468KB

Download
memory/2636-11-0x00000000034E0000-0x0000000003555000-memory.dmp

Filesize
468KB

Download
memory/2636-393-0x00000000029B0000-0x0000000002A25000-memory.dmp

Filesize
468KB

Download
memory/2636-242-0x00000000029B0000-0x0000000002A25000-memory.dmp

Filesize
468KB

Download
memory/2636-236-0x00000000029B0000-0x0000000002A25000-memory.dmp

Filesize
468KB

Download
memory/2636-33-0x00000000034E0000-0x0000000003555000-memory.dmp

Filesize
468KB

Download
memory/2636-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-357-0x00000000029B0000-0x0000000002A25000-memory.dmp

Filesize
468KB

Download
memory/2696-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2696-176-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/2696-272-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/2696-280-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/2764-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2800-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-96-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/2804-207-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/2804-208-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/2804-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-356-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/2816-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2832-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2844-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-264-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2940-266-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2940-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-229-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/2952-230-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/2952-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2996-146-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/2996-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2996-136-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/2996-297-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/3020-319-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3020-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3020-321-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3020-165-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3032-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download