765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-10-2024 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
Size

468KB
MD5

f5f59cf05cb1a11e776bde763041b2e0
SHA1

56c5b860eb9284d379063a68e02af40b6cf95093
SHA256

765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4f
SHA512

33456751fce24207f86663c995b1de341ee77260c5dc66ffc09604e136379095a9ed2da010767cac40cc06fb05f84e845a7c878c49482b40ccb9d64550aadd86
SSDEEP

3072:1G3HogIuIE5TtbY2HzcOcf8/vCha7Kp2JVHeTVPuQShL67wgE6l1:1G3oHMTtxH4OcfeiHIQS94wgE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1776	Unicorn-9071.exe
2924	Unicorn-19473.exe
2704	Unicorn-27541.exe
2908	Unicorn-32650.exe
3012	Unicorn-4170.exe
2968	Unicorn-15332.exe
2652	Unicorn-29067.exe
2688	Unicorn-30799.exe
2196	Unicorn-33434.exe
832	Unicorn-19580.exe
2056	Unicorn-46891.exe
2712	Unicorn-47156.exe
2960	Unicorn-29056.exe
2980	Unicorn-15321.exe
1488	Unicorn-50364.exe
1880	Unicorn-26902.exe
3036	Unicorn-17298.exe
948	Unicorn-24636.exe
2484	Unicorn-58141.exe
1944	Unicorn-14882.exe
1328	Unicorn-43319.exe
3060	Unicorn-32131.exe
2792	Unicorn-61535.exe
584	Unicorn-11286.exe
908	Unicorn-11021.exe
1692	Unicorn-35525.exe
1964	Unicorn-52566.exe
1484	Unicorn-45136.exe
108	Unicorn-36183.exe
2440	Unicorn-27491.exe
2992	Unicorn-7625.exe
1608	Unicorn-53081.exe
2504	Unicorn-19549.exe
2800	Unicorn-36797.exe
2760	Unicorn-49040.exe
2752	Unicorn-8064.exe
2744	Unicorn-10654.exe
2240	Unicorn-41712.exe
2840	Unicorn-33156.exe
2624	Unicorn-12896.exe
2684	Unicorn-32762.exe
2436	Unicorn-60530.exe
2964	Unicorn-29949.exe
1228	Unicorn-43867.exe
1100	Unicorn-63732.exe
2460	Unicorn-40968.exe
2708	Unicorn-36770.exe
1956	Unicorn-56636.exe
3068	Unicorn-49646.exe
2104	Unicorn-3601.exe
1992	Unicorn-6401.exe
376	Unicorn-18338.exe
848	Unicorn-38204.exe
2096	Unicorn-60973.exe
2068	Unicorn-20902.exe
928	Unicorn-22206.exe
1676	Unicorn-8875.exe
1656	Unicorn-3421.exe
2288	Unicorn-61859.exe
1756	Unicorn-42258.exe
112	Unicorn-63167.exe
1032	Unicorn-15750.exe
1612	Unicorn-43313.exe
2756	Unicorn-42113.exe

Loads dropped DLL 64 IoCs

pid	Process
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
1776	Unicorn-9071.exe
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
1776	Unicorn-9071.exe
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
2924	Unicorn-19473.exe
2704	Unicorn-27541.exe
2924	Unicorn-19473.exe
2704	Unicorn-27541.exe
1776	Unicorn-9071.exe
1776	Unicorn-9071.exe
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
3012	Unicorn-4170.exe
3012	Unicorn-4170.exe
2704	Unicorn-27541.exe
2704	Unicorn-27541.exe
2652	Unicorn-29067.exe
2652	Unicorn-29067.exe
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
2908	Unicorn-32650.exe
2908	Unicorn-32650.exe
1776	Unicorn-9071.exe
2924	Unicorn-19473.exe
1776	Unicorn-9071.exe
2924	Unicorn-19473.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2688	Unicorn-30799.exe
2688	Unicorn-30799.exe
3012	Unicorn-4170.exe
3012	Unicorn-4170.exe
2196	Unicorn-33434.exe
2196	Unicorn-33434.exe
2704	Unicorn-27541.exe
2704	Unicorn-27541.exe
2980	Unicorn-15321.exe
2980	Unicorn-15321.exe
2712	Unicorn-47156.exe
2712	Unicorn-47156.exe
2924	Unicorn-19473.exe
2924	Unicorn-19473.exe
2908	Unicorn-32650.exe
2908	Unicorn-32650.exe
2960	Unicorn-29056.exe
2960	Unicorn-29056.exe
832	Unicorn-19580.exe
832	Unicorn-19580.exe
1776	Unicorn-9071.exe
1776	Unicorn-9071.exe
2652	Unicorn-29067.exe
2652	Unicorn-29067.exe
2056	Unicorn-46891.exe
2056	Unicorn-46891.exe
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
1488	Unicorn-50364.exe
1488	Unicorn-50364.exe
1880	Unicorn-26902.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2672	2968	WerFault.exe	35
2300	584	WerFault.exe	54
1728	1964	WerFault.exe	58
1536	2440	WerFault.exe	61
2388	112	WerFault.exe	96
2012	1676	WerFault.exe	91
352	1992	WerFault.exe	83
1040	2624	WerFault.exe	71
2076	2760	WerFault.exe	66
2560	1100	WerFault.exe	76
1244	1608	WerFault.exe	63
2976	1228	WerFault.exe	75
1620	1880	WerFault.exe	46
2948	2288	WerFault.exe	95
2352	1656	WerFault.exe	92
2408	2756	WerFault.exe	100
1140	1648	WerFault.exe	131
1000	2636	WerFault.exe	140
1148	1056	WerFault.exe	127
3500	108	WerFault.exe	60
3944	2716	WerFault.exe	125
3532	2612	WerFault.exe	128
3520	2272	WerFault.exe	120
3448	1636	WerFault.exe	135
3960	804	WerFault.exe	132
3152	880	WerFault.exe	148
3456	2252	WerFault.exe	158
4164	2468	WerFault.exe	106
4180	2248	WerFault.exe	119
4220	2640	WerFault.exe	177
4248	2840	WerFault.exe	70
4328	1780	WerFault.exe	166
4996	2688	WerFault.exe	37
5044	1956	WerFault.exe	80
5036	2068	WerFault.exe	88
5068	2400	WerFault.exe	121
5084	1892	WerFault.exe	111
5108	2044	WerFault.exe	130
5100	948	WerFault.exe	48
5116	2664	WerFault.exe	129
5092	2792	WerFault.exe	53
5076	1088	WerFault.exe	118
3228	1220	WerFault.exe	109
4508	2004	WerFault.exe	134
4480	2476	WerFault.exe	138
4456	2964	WerFault.exe	74
4440	3068	WerFault.exe	81
4432	2460	WerFault.exe	78
4492	1760	WerFault.exe	137
4512	1692	WerFault.exe	56
3792	3024	WerFault.exe	146
4524	1328	WerFault.exe	51
4768	1472	WerFault.exe	154
4840	1032	WerFault.exe	97
4216	1612	WerFault.exe	98
4152	376	WerFault.exe	85
4272	1756	WerFault.exe	94
4312	1652	WerFault.exe	157
4648	2844	WerFault.exe	152
4672	2856	WerFault.exe	142
4728	2172	WerFault.exe	149
5768	1084	WerFault.exe	163
5788	1740	WerFault.exe	161
5804	2504	WerFault.exe	64

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-585.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
1776	Unicorn-9071.exe
2924	Unicorn-19473.exe
2704	Unicorn-27541.exe
3012	Unicorn-4170.exe
2968	Unicorn-15332.exe
2652	Unicorn-29067.exe
2908	Unicorn-32650.exe
2688	Unicorn-30799.exe
2196	Unicorn-33434.exe
832	Unicorn-19580.exe
2960	Unicorn-29056.exe
2712	Unicorn-47156.exe
2980	Unicorn-15321.exe
2056	Unicorn-46891.exe
1488	Unicorn-50364.exe
1880	Unicorn-26902.exe
3036	Unicorn-17298.exe
948	Unicorn-24636.exe
2484	Unicorn-58141.exe
1944	Unicorn-14882.exe
1328	Unicorn-43319.exe
3060	Unicorn-32131.exe
2792	Unicorn-61535.exe
584	Unicorn-11286.exe
908	Unicorn-11021.exe
1692	Unicorn-35525.exe
1964	Unicorn-52566.exe
1484	Unicorn-45136.exe
108	Unicorn-36183.exe
2440	Unicorn-27491.exe
1608	Unicorn-53081.exe
2504	Unicorn-19549.exe
2800	Unicorn-36797.exe
2760	Unicorn-49040.exe
2752	Unicorn-8064.exe
2744	Unicorn-10654.exe
2240	Unicorn-41712.exe
2840	Unicorn-33156.exe
2684	Unicorn-32762.exe
2624	Unicorn-12896.exe
2436	Unicorn-60530.exe
2964	Unicorn-29949.exe
1228	Unicorn-43867.exe
1100	Unicorn-63732.exe
1956	Unicorn-56636.exe
2708	Unicorn-36770.exe
2460	Unicorn-40968.exe
3068	Unicorn-49646.exe
1992	Unicorn-6401.exe
2104	Unicorn-3601.exe
376	Unicorn-18338.exe
848	Unicorn-38204.exe
2096	Unicorn-60973.exe
2068	Unicorn-20902.exe
1676	Unicorn-8875.exe
928	Unicorn-22206.exe
1656	Unicorn-3421.exe
2288	Unicorn-61859.exe
1756	Unicorn-42258.exe
988	Unicorn-62124.exe
112	Unicorn-63167.exe
1032	Unicorn-15750.exe
1612	Unicorn-43313.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 1776	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	30
PID 1588 wrote to memory of 1776	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	30
PID 1588 wrote to memory of 1776	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	30
PID 1588 wrote to memory of 1776	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	30
PID 1776 wrote to memory of 2924	1776	Unicorn-9071.exe	31
PID 1776 wrote to memory of 2924	1776	Unicorn-9071.exe	31
PID 1776 wrote to memory of 2924	1776	Unicorn-9071.exe	31
PID 1776 wrote to memory of 2924	1776	Unicorn-9071.exe	31
PID 1588 wrote to memory of 2704	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	32
PID 1588 wrote to memory of 2704	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	32
PID 1588 wrote to memory of 2704	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	32
PID 1588 wrote to memory of 2704	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	32
PID 2924 wrote to memory of 2908	2924	Unicorn-19473.exe	33
PID 2924 wrote to memory of 2908	2924	Unicorn-19473.exe	33
PID 2924 wrote to memory of 2908	2924	Unicorn-19473.exe	33
PID 2924 wrote to memory of 2908	2924	Unicorn-19473.exe	33
PID 2704 wrote to memory of 3012	2704	Unicorn-27541.exe	34
PID 2704 wrote to memory of 3012	2704	Unicorn-27541.exe	34
PID 2704 wrote to memory of 3012	2704	Unicorn-27541.exe	34
PID 2704 wrote to memory of 3012	2704	Unicorn-27541.exe	34
PID 1776 wrote to memory of 2968	1776	Unicorn-9071.exe	35
PID 1776 wrote to memory of 2968	1776	Unicorn-9071.exe	35
PID 1776 wrote to memory of 2968	1776	Unicorn-9071.exe	35
PID 1776 wrote to memory of 2968	1776	Unicorn-9071.exe	35
PID 1588 wrote to memory of 2652	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	36
PID 1588 wrote to memory of 2652	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	36
PID 1588 wrote to memory of 2652	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	36
PID 1588 wrote to memory of 2652	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	36
PID 3012 wrote to memory of 2688	3012	Unicorn-4170.exe	37
PID 3012 wrote to memory of 2688	3012	Unicorn-4170.exe	37
PID 3012 wrote to memory of 2688	3012	Unicorn-4170.exe	37
PID 3012 wrote to memory of 2688	3012	Unicorn-4170.exe	37
PID 2704 wrote to memory of 2196	2704	Unicorn-27541.exe	38
PID 2704 wrote to memory of 2196	2704	Unicorn-27541.exe	38
PID 2704 wrote to memory of 2196	2704	Unicorn-27541.exe	38
PID 2704 wrote to memory of 2196	2704	Unicorn-27541.exe	38
PID 2652 wrote to memory of 832	2652	Unicorn-29067.exe	39
PID 2652 wrote to memory of 832	2652	Unicorn-29067.exe	39
PID 2652 wrote to memory of 832	2652	Unicorn-29067.exe	39
PID 2652 wrote to memory of 832	2652	Unicorn-29067.exe	39
PID 1588 wrote to memory of 2056	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	40
PID 1588 wrote to memory of 2056	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	40
PID 1588 wrote to memory of 2056	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	40
PID 1588 wrote to memory of 2056	1588	765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe	40
PID 2968 wrote to memory of 2672	2968	Unicorn-15332.exe	42
PID 2968 wrote to memory of 2672	2968	Unicorn-15332.exe	42
PID 2968 wrote to memory of 2672	2968	Unicorn-15332.exe	42
PID 2968 wrote to memory of 2672	2968	Unicorn-15332.exe	42
PID 2908 wrote to memory of 2712	2908	Unicorn-32650.exe	41
PID 2908 wrote to memory of 2712	2908	Unicorn-32650.exe	41
PID 2908 wrote to memory of 2712	2908	Unicorn-32650.exe	41
PID 2908 wrote to memory of 2712	2908	Unicorn-32650.exe	41
PID 1776 wrote to memory of 2960	1776	Unicorn-9071.exe	43
PID 1776 wrote to memory of 2960	1776	Unicorn-9071.exe	43
PID 1776 wrote to memory of 2960	1776	Unicorn-9071.exe	43
PID 1776 wrote to memory of 2960	1776	Unicorn-9071.exe	43
PID 2924 wrote to memory of 2980	2924	Unicorn-19473.exe	44
PID 2924 wrote to memory of 2980	2924	Unicorn-19473.exe	44
PID 2924 wrote to memory of 2980	2924	Unicorn-19473.exe	44
PID 2924 wrote to memory of 2980	2924	Unicorn-19473.exe	44
PID 2688 wrote to memory of 1488	2688	Unicorn-30799.exe	45
PID 2688 wrote to memory of 1488	2688	Unicorn-30799.exe	45
PID 2688 wrote to memory of 1488	2688	Unicorn-30799.exe	45
PID 2688 wrote to memory of 1488	2688	Unicorn-30799.exe	45

C:\Users\Admin\AppData\Local\Temp\765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe
"C:\Users\Admin\AppData\Local\Temp\765fc4524494222bb4edb7ca09617c6615070f674859f51eb86dfeff32485e4fN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14882.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        10⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
        10⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
        9⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 244
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
        8⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        9⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48644.exe
        9⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        9⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 244
        8⤵
        Program crash
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50822.exe
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
        9⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        9⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        9⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe
        9⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 248
        8⤵
        Program crash
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18422.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        7⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        7⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 224
        7⤵
        Program crash
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37904.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        8⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
        8⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        8⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 228
        7⤵
        Program crash
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38877.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        7⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
        6⤵
        
        PID:4172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 248
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49646.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        7⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 244
        8⤵
        Program crash
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
        8⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
        8⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 244
        7⤵
        Program crash
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        8⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        8⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 248
        7⤵
        Program crash
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        7⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 224
        7⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        6⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        6⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 244
        6⤵
        Program crash
        
        PID:352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        7⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 224
        7⤵
        
        PID:8628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 228
        6⤵
        Program crash
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30429.exe
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        6⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 220
        6⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38199.exe
        5⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        5⤵
        
        PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
        8⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24544.exe
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        9⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        9⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 224
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        7⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
        9⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14899.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
        8⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        7⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 248
        7⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        6⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        9⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        9⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
        9⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        9⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49456.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
        8⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58220.exe
        8⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        8⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        8⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
        8⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        7⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        6⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        8⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 244
        8⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
        7⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 244
        7⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        6⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        7⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 228
        7⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
        6⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
        7⤵
        
        PID:880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 224
        8⤵
        Program crash
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 224
        7⤵
        Program crash
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        6⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        7⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 248
        7⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34500.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        6⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34965.exe
        6⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        5⤵
        Executes dropped EXE
        
        PID:2756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 224
        6⤵
        Program crash
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        5⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        6⤵
        
        PID:4336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 228
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 248
        5⤵
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        6⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 224
        7⤵
        Program crash
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65510.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        7⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 228
        7⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        6⤵
        
        PID:3232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 248
        6⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        5⤵
        
        PID:1636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        6⤵
        Program crash
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        5⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        6⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        6⤵
        
        PID:8952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 244
        6⤵
        
        PID:8456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 248
        5⤵
        Program crash
        
        PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        5⤵
        
        PID:804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 244
        6⤵
        Program crash
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55200.exe
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        6⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        6⤵
        
        PID:10112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 244
        5⤵
        Program crash
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
      4⤵
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        6⤵
        
        PID:4260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 248
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        5⤵
        
        PID:3732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 244
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
      4⤵
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
        5⤵
        
        PID:4040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
        5⤵
        Program crash
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
      4⤵
      PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
      4⤵
      PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
      4⤵
      PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
      4⤵
      PID:10192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61535.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        6⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
        9⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        9⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
        8⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        8⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        8⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        8⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        6⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51211.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
        7⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
        6⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35493.exe
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        5⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        6⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        7⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 224
        7⤵
        
        PID:8264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 228
        6⤵
        Program crash
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31539.exe
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        6⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        6⤵
        
        PID:7376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 244
        6⤵
        
        PID:8716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 248
        5⤵
        Program crash
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 224
        5⤵
        Program crash
        
        PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        6⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
        6⤵
        
        PID:8348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 228
        5⤵
        Program crash
        
        PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
      4⤵
      PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        5⤵
        
        PID:7408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 228
        5⤵
        
        PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
      4⤵
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
      4⤵
      PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59730.exe
      4⤵
      PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe
      4⤵
      PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
      4⤵
      PID:8592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        5⤵
        
        PID:2716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 224
        6⤵
        Program crash
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        5⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        6⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        6⤵
        
        PID:8276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 244
        5⤵
        Program crash
        
        PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
      4⤵
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28132.exe
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        6⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        6⤵
        
        PID:8492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 248
        5⤵
        Program crash
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
        5⤵
        
        PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49762.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64877.exe
        5⤵
        
        PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59667.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
      4⤵
      PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
      4⤵
      PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
      4⤵
      PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
      4⤵
      PID:8780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
      4⤵
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        5⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        6⤵
        
        PID:8680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 228
        6⤵
        
        PID:9980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 228
        5⤵
        Program crash
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
        5⤵
        
        PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
      4⤵
      PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
      4⤵
      PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
      4⤵
      PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
      4⤵
      PID:10032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
    3⤵
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
      4⤵
      PID:5972
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 244
      4⤵
      PID:6912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
    3⤵
    PID:3904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
    3⤵
    PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
    3⤵
    PID:6504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
    3⤵
    PID:7888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
    3⤵
    PID:8564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
    3⤵
    PID:9936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20902.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35605.exe
        10⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 248
        9⤵
        Program crash
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        9⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        9⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
        9⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 244
        8⤵
        Program crash
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12272.exe
        9⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        9⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe
        9⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59139.exe
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        8⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        8⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        8⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 244
        7⤵
        Program crash
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        9⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61272.exe
        9⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        8⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        8⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        8⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
        8⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36416.exe
        8⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57580.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50773.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25703.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        7⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
        8⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 248
        7⤵
        Program crash
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
        6⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        7⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        6⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
        5⤵
        Executes dropped EXE
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
        7⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 224
        8⤵
        Program crash
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34419.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        8⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        7⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 248
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        6⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
        7⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 248
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        6⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14619.exe
        7⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        6⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32579.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 228
        8⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 248
        7⤵
        Program crash
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        6⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49051.exe
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 244
        6⤵
        Program crash
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        6⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
        7⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        6⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        6⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        6⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        5⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        6⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59144.exe
        6⤵
        
        PID:8692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 240
        6⤵
        
        PID:8328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        5⤵
        Program crash
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27491.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        6⤵
        Program crash
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        8⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 228
        8⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 228
        7⤵
        Program crash
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27552.exe
        6⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
        7⤵
        
        PID:9496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 224
        6⤵
        Program crash
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        5⤵
        
        PID:892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 236
        5⤵
        Program crash
        
        PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        6⤵
        Program crash
        
        PID:2012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 228
        5⤵
        Program crash
        
        PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 224
        5⤵
        Program crash
        
        PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
      4⤵
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55819.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        5⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        5⤵
        
        PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
      4⤵
      PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
      4⤵
      PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
      4⤵
      PID:9244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33434.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17298.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 244
        7⤵
        Program crash
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        6⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 224
        7⤵
        Program crash
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        6⤵
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 248
        6⤵
        Program crash
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 200
        6⤵
        Program crash
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        6⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        6⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        5⤵
        
        PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
        5⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
        6⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 244
        7⤵
        Program crash
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        6⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        7⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        6⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
        5⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        7⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 224
        7⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
        6⤵
        
        PID:6624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        6⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
        5⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        5⤵
        
        PID:6664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 248
        5⤵
        
        PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        5⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        6⤵
        
        PID:4404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 228
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 244
        5⤵
        
        PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe
        5⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        6⤵
        
        PID:8500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 228
        6⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
        5⤵
        
        PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
      4⤵
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
        5⤵
        
        PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
      4⤵
      PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
      4⤵
      PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
      4⤵
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
      4⤵
      PID:9476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 244
        5⤵
        Program crash
        
        PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
      4⤵
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        5⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
        6⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        6⤵
        
        PID:8124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 224
        6⤵
        
        PID:8196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 228
        5⤵
        Program crash
        
        PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
      4⤵
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
        5⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        5⤵
        
        PID:8324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 248
      4⤵
      Program crash
      PID:5100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        5⤵
        
        PID:2640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 220
        6⤵
        Program crash
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        5⤵
        
        PID:3080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 244
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
      4⤵
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        5⤵
        
        PID:4292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 248
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
      4⤵
      PID:3388
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 248
      4⤵
      PID:5812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
    3⤵
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
      4⤵
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
        5⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        5⤵
        
        PID:8708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 248
        5⤵
        
        PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
      4⤵
      PID:4348
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 244
      4⤵
      PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
    3⤵
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
      4⤵
      PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
      4⤵
      PID:9472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
    3⤵
    PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
    3⤵
    PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
    3⤵
    PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
    3⤵
    PID:7776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
    3⤵
    PID:8804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 244
        5⤵
        Program crash
        
        PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16037.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe
        6⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        7⤵
        
        PID:9280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 248
        6⤵
        Program crash
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4951.exe
        5⤵
        
        PID:4064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 224
        6⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        5⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
        5⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        5⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
        5⤵
        
        PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
      4⤵
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        6⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62000.exe
        6⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
        6⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        5⤵
        
        PID:3296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 244
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        5⤵
        
        PID:4376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 228
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
      4⤵
      PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
      4⤵
      PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      4⤵
      PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4949.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27285.exe
      4⤵
      PID:9600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63732.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 244
        5⤵
        Program crash
        
        PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24168.exe
      4⤵
      PID:2272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 244
        5⤵
        Program crash
        
        PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
      4⤵
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        5⤵
        
        PID:7308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 228
        5⤵
        
        PID:8936
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 248
      4⤵
      Program crash
      PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
      4⤵
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        6⤵
        
        PID:7424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 248
        6⤵
        
        PID:9112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 228
        5⤵
        Program crash
        
        PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31454.exe
      4⤵
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        5⤵
        
        PID:9740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 244
      4⤵
      Program crash
      PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
    3⤵
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
      4⤵
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        5⤵
        
        PID:5964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 244
        5⤵
        
        PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
      4⤵
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
      4⤵
      PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
      4⤵
      PID:9136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
      4⤵
      PID:10176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe
    3⤵
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
      4⤵
      PID:5956
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
      4⤵
      PID:6772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
    3⤵
    PID:3868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 244
    3⤵
    PID:5868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
      4⤵
      Program crash
      PID:1728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        5⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49906.exe
        6⤵
        
        PID:8208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 248
        6⤵
        
        PID:9704
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 248
        5⤵
        Program crash
        
        PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33509.exe
        5⤵
        
        PID:8652
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 244
      4⤵
      Program crash
      PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
    3⤵
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6004
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 244
      4⤵
      PID:6896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
    3⤵
    PID:3712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25834.exe
    3⤵
    PID:5512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
    3⤵
    PID:6344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
    3⤵
    PID:8468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
    3⤵
    PID:9956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
      4⤵
      PID:2252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 224
        5⤵
        Program crash
        
        PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe
      4⤵
      PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
      4⤵
      PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
      4⤵
      PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
      4⤵
      PID:8760
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 220
      4⤵
      PID:9432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
      4⤵
      PID:3120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
      4⤵
      Program crash
      PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
    3⤵
    PID:3648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
    3⤵
    PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe
    3⤵
    PID:6696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63156.exe
    3⤵
    PID:7212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
    3⤵
    PID:9120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
    3⤵
    PID:10160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
      4⤵
      PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
        5⤵
        
        PID:7384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 228
        5⤵
        
        PID:9644
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 248
      4⤵
      Program crash
      PID:4312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
    3⤵
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46964.exe
    3⤵
    PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
    3⤵
    PID:7104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24658.exe
    3⤵
    PID:7476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
    3⤵
    PID:9540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
  2⤵
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4104
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 228
    3⤵
    PID:5344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
  2⤵
  PID:3324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
  2⤵
  PID:5892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
  2⤵
  PID:6852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
  2⤵
  PID:8224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9885.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9885.exe
  2⤵
  PID:10224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe

Filesize
468KB

MD5
3e2caeca329e05b4900bdf452786fc9f

SHA1
03c53ce1691acbca838c44a258eebb4fe4fdd4e7

SHA256
e6a42a6961d9cf93f80e0edd44d45aaa43f19426a07776d9228645dee4f8bfca

SHA512
67e58ff6f8f71f34f4350f99115978d7a986f463f96093499cf387dc1bad0a7e9b72e6e9811c8ee7b0df7856560faf3bf7be231a0fe9b051b5a07d66d61483ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe

Filesize
468KB

MD5
966239156d738e518e3c6989d96c6f3d

SHA1
83e31b052096d607589c5f15d5a0164e89c628a8

SHA256
9f2b7bc9d428eb2bf7d4fdc861b2d5f65474fb976e1e2742df81bd6fa1ac3052

SHA512
e88e00d9963af828b83f06762e4e265ab5e82e06e8abaf37aa4d889bbd17ff72fdd593e72afbbae8c176aefc7a449cb230a22d0933a4c606a88ad21ff1ac099e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe

Filesize
468KB

MD5
51d1e34011ba3548766f3f5b2d3b13be

SHA1
84dcd05600da1932edeb2f43bcd55a3c426bed13

SHA256
df326111ba9b2262e018f01b36047112cf788467ad21fb8563a4a9625156175d

SHA512
96baedd5a02128b9ece04a674ee295081f6d46b40f9e8568f0de5264d9c48381a54281cac668e0a42d41263fc2cd28ebec5a4251509de3ca6c3d7939f9f311a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe

Filesize
468KB

MD5
fd8ffacf523931ad747383a0ed9d18e6

SHA1
35e104ddd97fffda1df1e749fac747fae1e9dffa

SHA256
a8422226e923934262a62ebdfef2b19a94277f2bc71e45fddd402f2e028fb913

SHA512
3bdb054f4eca63fefa54aeb14adfa60c3dc492d67009d0ae50d8b3aa3145a7d95ac9de13deb1e3324c9701cb3afa1a246fb50f40bfa88ebdc8f7d91536ea67b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe

Filesize
468KB

MD5
3765fd92996b9ae30c99a4af79611e44

SHA1
bfdf04b0104c12784583885ee8204edaa2296813

SHA256
9d570a0f3f604a45c280462f855494906fbbc54ef37bdf4cf26825f58e6850a1

SHA512
9a8c0bd39ccb51a49656a634a7ecfb0da3ace032d850449bb8b61243872a4372d9dd162ee8fca69255507caf2749d0f82e2c4cafe7e9c7d8345ea475e9e79c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe

Filesize
468KB

MD5
03898035ec449206976f34edd5bc14e9

SHA1
74a394c0df88e6cc916924e20efca298a9756ce5

SHA256
d68e61ce92e0cf644702e536fe6e2056d64cb826756c56b4df45d2d1aa61385a

SHA512
b2761ebabfbe2700d68753baabd08eaa3f52e5510ddd37bc1e6efac9d4e228bacad6e7e311f10ae1437eddbfeff69880e477085695f483de314adbe348bef26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33509.exe

Filesize
468KB

MD5
b5ef1fc5a0361c8683892f7deefd62c3

SHA1
859740d5e29a208c9a85eeb52b4400e353f15802

SHA256
48a952e905c307bff746ff886913a565a0d5566a800855a9e95982d559f02faa

SHA512
b0100031f43b95b0e474cfd5bb1290484059736cd526d073b188b2f363e55ead5fafdc70d29ed9a71ead6218561fdac15ed4d34bfed711f2441dc9eec9c7550c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe

Filesize
468KB

MD5
4ed406a5c200e45a75d22115640ba66e

SHA1
c621d5e0c3ee95d9da34e845c5319947e649d574

SHA256
f3896acbd8a8b5ad3304bf65610fa66085f60c532e1c8a1d496e0e3e76eba694

SHA512
06e3e011c91fdfdcebbc0c8cf7bdc2b33c89d750ddbd3ec024e094cccf9ae1e4f6bed1e980e364116cd5d44691ca78c7fbaff0a41595851899a9512c47eb8a7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe

Filesize
468KB

MD5
e2ef4e35b512eeda963d01350904a627

SHA1
ea289c5601d38f45afd4ec106e8849687549c681

SHA256
9caf7935e03844caa61a1c01ac249ae88d29ae5c3231d7f2045504521ab5241b

SHA512
3b8da45dc52b0a04c8dff0741f650fe6ce401a81c3b9361b6ff6666856af8310e849327cfccf7d3b64975486fcf262b788628bd86dd474cbb1ea46597f370d25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe

Filesize
468KB

MD5
edc612a16b897fde453c4bd34a295a4c

SHA1
498ce319e6a7af5b3d6f1cf647f0dc9715f2e824

SHA256
201bc5b1996e8ce6752f7c69be7f0297ea01b93ac589ed066c1cede40b0ca86d

SHA512
69168dfd243ee2cedbd74e320b2392d4eeb4504e467bcf605edc45bb3826c2ff7000c9cf8d2a1a6ce542f560f9952af5c62449e9f6e4fa85acd13b93bb1fe4a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe

Filesize
468KB

MD5
8cd8679f951ce331d9545d6690942b74

SHA1
2a29e67b27c886ae13f54bc1a40a210703f26e6c

SHA256
27913912f895ae53a2be0d82a3780932b7ce91bf4c9fb74a4a95e714e62dcebc

SHA512
1af8ae7ae181dd2c5ca7c55c5ce3fe578a6d7212a871314a72289f3c0bdc6443512c9951004483b4d14d52b5f81d4c64358a37a68d271241b0176dafddbcedc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe

Filesize
468KB

MD5
3c741d05faeb4932e995ed818933511e

SHA1
c1e1b33ff43081bd4c36dfff5179cfc4d97bc946

SHA256
abf6a0925abff9baef6b0c2ceedc283d1b252417f0696f46ffd0362cb3bcb0e6

SHA512
4dc87d10130462fa026656245eb0dcebfb92035bcca261e5fdb5537942b041379617a6d96c0a4585607181323fbe1d4da498d880e4a5da29c8c717d716d68016

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe

Filesize
468KB

MD5
be9778ef077ff8143d396d794e74ec55

SHA1
59372932b1f8577725efa2b88d04d27a71e5a148

SHA256
2365dd43ade1d6f171cbb8facaa0a8972589c84c9a78cbf0d45cb774c55ebc9f

SHA512
c722afd759b5d8c58040b2803d0cd15350a4fc455272e5293ec957ec3316ec08245b95d04f8427229168b3e3bd720205231a9f02787c0232ac9d7cf44ab0eee1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17298.exe

Filesize
468KB

MD5
ae7052ab8d0b8623ab020e42e25ef959

SHA1
1469c8f5a2ef62c18fbf56bb3589e2c3ab627ea2

SHA256
27d8d57c485b4ad7243ea276c70ba2ecf44f8c6b9b89ce86b3e9db080f51cd2c

SHA512
e4d94060ae48d0e0545d49c78b0217ac0a30fb02cb7686cdbbd3d25f3a8042117c9e8f434242cf2e84a19bd6a1e89424dd27bc46aca6dfd719807e05c2788bb8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe

Filesize
468KB

MD5
297edafcabd0b500ee23af00d224097b

SHA1
e5a91cd0e04906c9fb2bfd17b9c893727c84b5b3

SHA256
fb2e76536a267f3bf3739732b94585cc61bc995bbbbe07b895d9ec07ad2449d2

SHA512
273704e8c4ab4be2ff174b2bf5b1f8bf974ac0d60e96cab0d2003c51f51a3dbea8e8676d25a7985151ee84135abb6c17fb42fc2e141ac30e53f7e25fe3c5b11c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe

Filesize
468KB

MD5
e1ad4f968738a0ae60ea8781dd5c1d6d

SHA1
fb9407b3dcc092dfe93e688d830347d9690d8e43

SHA256
efae6d8640fbc663571c32a441d6ac49ed5e86dc3d86a84f543071ab94d437e4

SHA512
4d9e3d8e0df7f32f6d42665f7de12d8cb6639bfd147e17b27350be48e7188a95f5a54b218113f4b18b2fbac21e519135437b90571c4ed9f7d3a9f67b94149666

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe

Filesize
468KB

MD5
bc883540fb3c894e64278c9b18e80dfe

SHA1
ec0e6282f24cf6e7be06c78faa3d3ee29592e692

SHA256
dca2c3f704e4a99a75a21f99ac1242f2c112eb2bf2689aa4868fbbd3d1b4367e

SHA512
08fa73ac8cb3c07e7e653779169d1703c8b661a82edf7e454d0519aaf6df2968ffd6b10d80e786ffee86cab598b3901cc55458fafde75acc85ac1724a74283ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe

Filesize
468KB

MD5
c148aa5d657e159fc3222d7e462dd8c2

SHA1
ce8cb9a6cede8cb4da9e5a8c819919bf34f781c3

SHA256
717cd1da92a42c6d2d9b305d0670678225d80a12707527f0891958c811b6bfdf

SHA512
51c63bcef4112f7742eb116dbb2724a2e98f926218380867112b53d61eeb532d343f175aed04b8518e8227f6a49bad2bc5f1b7146240625f15f3172da313244a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe

Filesize
468KB

MD5
fb98c1197516c5324d471ccf849962f0

SHA1
d45c49f6a0ced17a0f81b5832baa0458be2c07ce

SHA256
1b68748c3c8b8a58ef7b33c0daa35590915639c7a44ad4e4e5b40f25daebfeb7

SHA512
31b7825d05480842a8626290c9c60eb0d665693c37684be6f98f6e533b0e039d7d5d4af91cc350fe39440cf74f3af7dc77933b2a150a11208b01a18d640e39c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33434.exe

Filesize
468KB

MD5
ff9ac56a3010c6412ff1dc4e4b1edd2d

SHA1
5943ef6e7c2ac452f46b3360485bf2158391163e

SHA256
821dfca7762b7644b0777d3b343941040c87a44903285825ec470349bd6551b8

SHA512
2f2fa3ef69363e53688e7a5ff45aea467e009067e19804bdd4abf4a55bd7f1a5cae3c790ef78e1ddee124ef7e3837a9890ef521f873212c1abea9cfc0e9933cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe

Filesize
468KB

MD5
8161a31bc3c9a2641a6d546e8d011855

SHA1
62688c24b8c580dba40d4e49b123d5a4c88c0506

SHA256
6f5327db28aab9295fa3362f09efb393efb68d0deefaa43f67e12ceacce0a5ca

SHA512
2ba11298d1e1046e654d5314b019feffe4385870ad032e20b76d15a4562ee977ea954ad1a0131d32e992167f0dc4342f1242fe21111d57417c0f82799bb7b1e1

Download Submit
memory/2992-1657-0x0000000002860000-0x0000000002970000-memory.dmp

Filesize
1.1MB

Download
memory/2992-2113-0x0000000002860000-0x0000000002970000-memory.dmp

Filesize
1.1MB

Download
memory/2992-2112-0x0000000002860000-0x00000000029BC000-memory.dmp

Filesize
1.4MB

Download
memory/2992-2847-0x0000000002860000-0x0000000002970000-memory.dmp

Filesize
1.1MB

Download
memory/2992-2846-0x0000000002860000-0x00000000029BC000-memory.dmp

Filesize
1.4MB

Download
memory/2992-1844-0x0000000002860000-0x0000000002970000-memory.dmp

Filesize
1.1MB

Download
memory/2992-3239-0x0000000002860000-0x0000000002970000-memory.dmp

Filesize
1.1MB

Download
memory/2992-3238-0x0000000002860000-0x00000000029BC000-memory.dmp

Filesize
1.4MB

Download
memory/2992-1656-0x0000000002860000-0x00000000029BC000-memory.dmp

Filesize
1.4MB

Download
memory/2992-1843-0x0000000002860000-0x00000000029BC000-memory.dmp

Filesize
1.4MB

Download
memory/2992-3979-0x0000000002860000-0x00000000029BC000-memory.dmp

Filesize
1.4MB

Download
memory/2992-3980-0x0000000002860000-0x0000000002970000-memory.dmp

Filesize
1.1MB

Download