a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4

Analysis

max time kernel
120s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe
Size

468KB
MD5

55f9ab71dbcce94b3c40c51d17df5200
SHA1

8169102030641b3a545960317fd6a730b76d58ab
SHA256

a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4
SHA512

f17ab8dd2c6c3f88ce9b44a741f50c84dfebb0f116c9b0e68ee7f58a9c4b82101a5356b261e976719d6474715d0fdb108ae3ba4dbff0610e94471993d1fe3f30
SSDEEP

3072:QaAqogtdJd5BtzYpPzJjVcP/G2A4DopehmHe3Va17mXkb9XuYFlf:QatocbBtePtjVc5U+s7mURXuY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2872	Unicorn-18659.exe
4444	Unicorn-5550.exe
4492	Unicorn-63474.exe
720	Unicorn-3386.exe
4368	Unicorn-38097.exe
4136	Unicorn-24361.exe
400	Unicorn-2950.exe
2616	Unicorn-19841.exe
1852	Unicorn-47875.exe
4980	Unicorn-47875.exe
2372	Unicorn-53613.exe
1600	Unicorn-6193.exe
4460	Unicorn-41399.exe
2004	Unicorn-10433.exe
4408	Unicorn-50719.exe
2812	Unicorn-51274.exe
2884	Unicorn-38275.exe
4640	Unicorn-45549.exe
3108	Unicorn-51679.exe
1616	Unicorn-39981.exe
3596	Unicorn-50917.exe
1372	Unicorn-63666.exe
116	Unicorn-39811.exe
4904	Unicorn-33349.exe
5116	Unicorn-24627.exe
2908	Unicorn-34832.exe
4632	Unicorn-20713.exe
4888	Unicorn-20713.exe
4000	Unicorn-53599.exe
3548	Unicorn-21289.exe
3260	Unicorn-34295.exe
2012	Unicorn-64537.exe
2636	Unicorn-13298.exe
4468	Unicorn-23504.exe
2364	Unicorn-29635.exe
1376	Unicorn-58607.exe
1236	Unicorn-62691.exe
4884	Unicorn-6282.exe
3324	Unicorn-6282.exe
4140	Unicorn-51954.exe
3456	Unicorn-6017.exe
1632	Unicorn-34293.exe
4428	Unicorn-54913.exe
4356	Unicorn-43978.exe
732	Unicorn-11326.exe
4788	Unicorn-31747.exe
4272	Unicorn-48254.exe
4664	Unicorn-43807.exe
4032	Unicorn-6858.exe
3680	Unicorn-49929.exe
3156	Unicorn-32323.exe
1516	Unicorn-16541.exe
4528	Unicorn-49043.exe
4080	Unicorn-57211.exe
4568	Unicorn-56946.exe
2724	Unicorn-1880.exe
4492	Unicorn-61850.exe
4300	Unicorn-14132.exe
5084	Unicorn-40683.exe
2364	Unicorn-29892.exe
3524	Unicorn-45130.exe
60	Unicorn-37175.exe
4168	Unicorn-53874.exe
4364	Unicorn-8202.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
3588	4492	WerFault.exe	95
5824	6720	WerFault.exe	246
11464	4132	WerFault.exe	285
1456	3988	WerFault.exe	167
1668	5472	WerFault.exe	282
12496	4132	WerFault.exe	285
16036	2844	WerFault.exe	214
16080	3988	WerFault.exe	167
16140	2844	WerFault.exe	214
15564	5472	WerFault.exe	282

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17700.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe
2872	Unicorn-18659.exe
4444	Unicorn-5550.exe
4492	Unicorn-63474.exe
720	Unicorn-3386.exe
4368	Unicorn-38097.exe
4136	Unicorn-24361.exe
400	Unicorn-2950.exe
1852	Unicorn-47875.exe
4980	Unicorn-47875.exe
2616	Unicorn-19841.exe
1600	Unicorn-6193.exe
2372	Unicorn-53613.exe
4460	Unicorn-41399.exe
2004	Unicorn-10433.exe
4408	Unicorn-50719.exe
2812	Unicorn-51274.exe
3108	Unicorn-51679.exe
1616	Unicorn-39981.exe
2884	Unicorn-38275.exe
4640	Unicorn-45549.exe
1372	Unicorn-63666.exe
3596	Unicorn-50917.exe
4904	Unicorn-33349.exe
116	Unicorn-39811.exe
5116	Unicorn-24627.exe
2908	Unicorn-34832.exe
4632	Unicorn-20713.exe
4888	Unicorn-20713.exe
4000	Unicorn-53599.exe
3548	Unicorn-21289.exe
3260	Unicorn-34295.exe
2012	Unicorn-64537.exe
2636	Unicorn-13298.exe
4468	Unicorn-23504.exe
1376	Unicorn-58607.exe
1236	Unicorn-62691.exe
4428	Unicorn-54913.exe
1632	Unicorn-34293.exe
4884	Unicorn-6282.exe
4356	Unicorn-43978.exe
3324	Unicorn-6282.exe
3456	Unicorn-6017.exe
4140	Unicorn-51954.exe
4788	Unicorn-31747.exe
4272	Unicorn-48254.exe
732	Unicorn-11326.exe
4664	Unicorn-43807.exe
4032	Unicorn-6858.exe
3680	Unicorn-49929.exe
4492	Unicorn-61850.exe
4300	Unicorn-14132.exe
4528	Unicorn-49043.exe
3156	Unicorn-32323.exe
4080	Unicorn-57211.exe
4568	Unicorn-56946.exe
2724	Unicorn-1880.exe
1516	Unicorn-16541.exe
5084	Unicorn-40683.exe
60	Unicorn-37175.exe
2364	Unicorn-29892.exe
3524	Unicorn-45130.exe
3104	Unicorn-17715.exe
1452	Unicorn-25618.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 2872	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	88
PID 1408 wrote to memory of 2872	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	88
PID 1408 wrote to memory of 2872	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	88
PID 2872 wrote to memory of 4444	2872	Unicorn-18659.exe	94
PID 2872 wrote to memory of 4444	2872	Unicorn-18659.exe	94
PID 2872 wrote to memory of 4444	2872	Unicorn-18659.exe	94
PID 1408 wrote to memory of 4492	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	95
PID 1408 wrote to memory of 4492	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	95
PID 1408 wrote to memory of 4492	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	95
PID 4444 wrote to memory of 720	4444	Unicorn-5550.exe	100
PID 4444 wrote to memory of 720	4444	Unicorn-5550.exe	100
PID 4444 wrote to memory of 720	4444	Unicorn-5550.exe	100
PID 2872 wrote to memory of 4136	2872	Unicorn-18659.exe	103
PID 2872 wrote to memory of 4136	2872	Unicorn-18659.exe	103
PID 2872 wrote to memory of 4136	2872	Unicorn-18659.exe	103
PID 1408 wrote to memory of 4368	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	102
PID 1408 wrote to memory of 4368	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	102
PID 1408 wrote to memory of 4368	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	102
PID 720 wrote to memory of 400	720	Unicorn-3386.exe	107
PID 720 wrote to memory of 400	720	Unicorn-3386.exe	107
PID 720 wrote to memory of 400	720	Unicorn-3386.exe	107
PID 4444 wrote to memory of 2616	4444	Unicorn-5550.exe	108
PID 4444 wrote to memory of 2616	4444	Unicorn-5550.exe	108
PID 4444 wrote to memory of 2616	4444	Unicorn-5550.exe	108
PID 4136 wrote to memory of 1852	4136	Unicorn-24361.exe	109
PID 4136 wrote to memory of 1852	4136	Unicorn-24361.exe	109
PID 4136 wrote to memory of 1852	4136	Unicorn-24361.exe	109
PID 4368 wrote to memory of 4980	4368	Unicorn-38097.exe	110
PID 4368 wrote to memory of 4980	4368	Unicorn-38097.exe	110
PID 4368 wrote to memory of 4980	4368	Unicorn-38097.exe	110
PID 2872 wrote to memory of 2372	2872	Unicorn-18659.exe	111
PID 2872 wrote to memory of 2372	2872	Unicorn-18659.exe	111
PID 2872 wrote to memory of 2372	2872	Unicorn-18659.exe	111
PID 1408 wrote to memory of 1600	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	112
PID 1408 wrote to memory of 1600	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	112
PID 1408 wrote to memory of 1600	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	112
PID 400 wrote to memory of 4460	400	Unicorn-2950.exe	113
PID 400 wrote to memory of 4460	400	Unicorn-2950.exe	113
PID 400 wrote to memory of 4460	400	Unicorn-2950.exe	113
PID 720 wrote to memory of 2004	720	Unicorn-3386.exe	114
PID 720 wrote to memory of 2004	720	Unicorn-3386.exe	114
PID 720 wrote to memory of 2004	720	Unicorn-3386.exe	114
PID 1852 wrote to memory of 4408	1852	Unicorn-47875.exe	115
PID 1852 wrote to memory of 4408	1852	Unicorn-47875.exe	115
PID 1852 wrote to memory of 4408	1852	Unicorn-47875.exe	115
PID 4136 wrote to memory of 2812	4136	Unicorn-24361.exe	116
PID 4136 wrote to memory of 2812	4136	Unicorn-24361.exe	116
PID 4136 wrote to memory of 2812	4136	Unicorn-24361.exe	116
PID 4980 wrote to memory of 2884	4980	Unicorn-47875.exe	117
PID 4980 wrote to memory of 2884	4980	Unicorn-47875.exe	117
PID 4980 wrote to memory of 2884	4980	Unicorn-47875.exe	117
PID 2372 wrote to memory of 3108	2372	Unicorn-53613.exe	119
PID 2372 wrote to memory of 3108	2372	Unicorn-53613.exe	119
PID 2372 wrote to memory of 3108	2372	Unicorn-53613.exe	119
PID 4444 wrote to memory of 4640	4444	Unicorn-5550.exe	118
PID 4444 wrote to memory of 4640	4444	Unicorn-5550.exe	118
PID 4444 wrote to memory of 4640	4444	Unicorn-5550.exe	118
PID 4368 wrote to memory of 1616	4368	Unicorn-38097.exe	120
PID 4368 wrote to memory of 1616	4368	Unicorn-38097.exe	120
PID 4368 wrote to memory of 1616	4368	Unicorn-38097.exe	120
PID 1408 wrote to memory of 3596	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	121
PID 1408 wrote to memory of 3596	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	121
PID 1408 wrote to memory of 3596	1408	a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe	121
PID 2872 wrote to memory of 1372	2872	Unicorn-18659.exe	122

C:\Users\Admin\AppData\Local\Temp\a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe
"C:\Users\Admin\AppData\Local\Temp\a8bb749bf0decee96d40d24fe8e6faac2a313fbe3710fb5f598d06a86d0f81f4N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11326.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        9⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        10⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
        10⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10693.exe
        9⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        9⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
        8⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        9⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
        9⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        8⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        9⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        10⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        10⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        9⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        9⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        8⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 464
        9⤵
        Program crash
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
        8⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
        8⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        9⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
        9⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        8⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        8⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35797.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4349.exe
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        7⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        9⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        10⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23816.exe
        10⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        9⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        10⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47822.exe
        10⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        9⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
        9⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        9⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        9⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        9⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        9⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43732.exe
        9⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        8⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52287.exe
        8⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        8⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe
        7⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
        8⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10626.exe
        9⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        9⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48950.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        8⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1372.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55478.exe
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
        7⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        7⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21960.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        7⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
        6⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        6⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        9⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        10⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
        10⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        9⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        9⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        9⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        9⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        8⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23248.exe
        8⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-220.exe
        7⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
        9⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        8⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        8⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        7⤵
        
        PID:13192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48637.exe
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        7⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
        7⤵
        
        PID:15888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        6⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        9⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        9⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19017.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        8⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29976.exe
        8⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        8⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        8⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        7⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61341.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        7⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
        6⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        7⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        6⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
        8⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
        7⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
        6⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25416.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        6⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 604
        7⤵
        Program crash
        
        PID:1668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 612
        7⤵
        Program crash
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        6⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        5⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        6⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        5⤵
        
        PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        8⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        8⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
        7⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        7⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        6⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        7⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9681.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        7⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        6⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        6⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        5⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        6⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        6⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        8⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        8⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        7⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57230.exe
        7⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24569.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        7⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        7⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        6⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        7⤵
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1117.exe
        6⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28076.exe
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        6⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        5⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        5⤵
        
        PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        6⤵
        
        PID:13640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        6⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        5⤵
        
        PID:14848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
        6⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        5⤵
        
        PID:12728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
      4⤵
      PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
      4⤵
      PID:12572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        9⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
        10⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
        9⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        9⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
        8⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        8⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        8⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
        7⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38321.exe
        7⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        9⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        8⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7620.exe
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
        7⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        6⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        7⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        7⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        7⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        6⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        6⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        9⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        8⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        8⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        7⤵
        
        PID:13780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        6⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29892.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        7⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        7⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        6⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41525.exe
        5⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        5⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        5⤵
        
        PID:11288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        6⤵
        Executes dropped EXE
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        8⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        7⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34901.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        7⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 608
        8⤵
        Program crash
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 616
        8⤵
        Program crash
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        7⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        6⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        5⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        8⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        7⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 724
        7⤵
        Program crash
        
        PID:16036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 712
        7⤵
        Program crash
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
        6⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        6⤵
        
        PID:10176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 768
        6⤵
        Program crash
        
        PID:1456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 776
        6⤵
        Program crash
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        6⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        5⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
        6⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        7⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
        6⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
        6⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        5⤵
        
        PID:12608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        6⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        6⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        5⤵
        
        PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        5⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        5⤵
        
        PID:12552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
      4⤵
      PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
      4⤵
      PID:15104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe
        5⤵
        Executes dropped EXE
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        7⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        7⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        6⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        6⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27153.exe
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        5⤵
        
        PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        7⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        7⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27768.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        6⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        6⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        5⤵
        
        PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
        5⤵
        
        PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        5⤵
        
        PID:13044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61282.exe
      4⤵
      PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18099.exe
        5⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        7⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31077.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2865.exe
        5⤵
        
        PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        5⤵
        
        PID:14384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
      4⤵
      PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
      4⤵
      PID:10916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
      4⤵
      PID:14376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
      4⤵
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        6⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        5⤵
        
        PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
        5⤵
        
        PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
    3⤵
    PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
      4⤵
      PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
      4⤵
      PID:10772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
      4⤵
      PID:13304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
    3⤵
    PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
      4⤵
      PID:1364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
    3⤵
    PID:9624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
    3⤵
    PID:3600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4492
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 720
    3⤵
    - Program crash
    PID:3588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62691.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
        8⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        8⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        7⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
        7⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        6⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        7⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10140.exe
        7⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63129.exe
        6⤵
        
        PID:11340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
        6⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30048.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        6⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        5⤵
        
        PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
        7⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23189.exe
        6⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10626.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        6⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        5⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
        5⤵
        
        PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
        5⤵
        
        PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        5⤵
        
        PID:12784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48261.exe
      4⤵
      PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:60
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        7⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        6⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        7⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        6⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        5⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        6⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        5⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
      4⤵
      Executes dropped EXE
      PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        6⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        7⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51365.exe
        6⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        5⤵
        
        PID:12812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
      4⤵
      PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
      4⤵
      PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
      4⤵
      PID:14284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        5⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        6⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
        5⤵
        
        PID:12560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        5⤵
        
        PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44325.exe
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
        5⤵
        
        PID:13416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
      4⤵
      PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27015.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe
        5⤵
        
        PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
      4⤵
      PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
      4⤵
      PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
      4⤵
      PID:4484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
    3⤵
    PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
      4⤵
      PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60686.exe
      4⤵
      PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
      4⤵
      PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
    3⤵
    PID:8220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
    3⤵
    PID:11512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23428.exe
    3⤵
    PID:14644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32323.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        6⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        6⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35965.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
        5⤵
        
        PID:12976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        5⤵
        
        PID:12836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
      4⤵
      PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
      4⤵
      PID:12300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        5⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7208.exe
        5⤵
        
        PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23904.exe
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        5⤵
        
        PID:11688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32378.exe
      4⤵
      PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe
      4⤵
      PID:14260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
      4⤵
      PID:14064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52241.exe
    3⤵
    PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
      4⤵
      PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
      4⤵
      PID:15352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
    3⤵
    PID:10308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
    3⤵
    PID:12912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
      4⤵
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6334.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        6⤵
        
        PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        5⤵
        
        PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        5⤵
        
        PID:13764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54221.exe
      4⤵
      PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
      4⤵
      PID:14132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3469.exe
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
        5⤵
        
        PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59045.exe
      4⤵
      PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
      4⤵
      PID:14640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
    3⤵
    PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52155.exe
      4⤵
      PID:11984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
      4⤵
      PID:15188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
    3⤵
    PID:8804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
    3⤵
    PID:11364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
    3⤵
    PID:15908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
      4⤵
      PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
      4⤵
      PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49969.exe
      4⤵
      PID:13336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
    3⤵
    PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
    3⤵
    PID:10684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
    3⤵
    PID:13264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14358.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14358.exe
  2⤵
  PID:5340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
    3⤵
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
      4⤵
      PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
      4⤵
      PID:11620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe
      4⤵
      PID:14904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
    3⤵
    PID:12160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65345.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65345.exe
  2⤵
  PID:6364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
    3⤵
    PID:9828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
    3⤵
    PID:14024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33549.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33549.exe
  2⤵
  PID:6724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
  2⤵
  PID:11316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
  2⤵
  PID:14444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4492 -ip 4492
1⤵
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6720 -ip 6720
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4132 -ip 4132
1⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3988 -ip 3988
1⤵
PID:13584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5472 -ip 5472
1⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4132 -ip 4132
1⤵
PID:13844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1984 -ip 1984
1⤵
PID:14568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2844 -ip 2844
1⤵
PID:15960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2844 -ip 2844
1⤵
PID:16096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5472 -ip 5472
1⤵
PID:5156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe

Filesize
468KB

MD5
0bf9e36d2df618a56620a2fcd3244dd4

SHA1
d813d2ef66f86e95012dd3ce76d1638ae5b18dfe

SHA256
49ffc03d10e39181cd636c1c431407fd90ca6bf2b65b5ab9ad61d83f108e986d

SHA512
b5b9116971fec28324b16b149bffb1185def99c07c699b23bf4eaf7320fad572c5ac268e72a6d6f51be82f000cc53a83708f6925bb28f6143460f1712e119d19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe

Filesize
468KB

MD5
66bb8435f91cc9d7b3f380607dbe180f

SHA1
fd7914bc5be5b3a204c766148f4ec39134ca70cb

SHA256
08483ba73cd07e58f093bfb63a6f080340c36d129997abfd701c1ba51f8a9c1b

SHA512
2bcc571175b4056d114740c01c78e5fa9e4cfab519b7f4818aeb298d4927bd5750be3193a3dbf41e8a181869202911ceb57fc867daca7f16e58507187c54f7d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe

Filesize
468KB

MD5
f841f44dff8438fb28e633269e4dfb59

SHA1
34927cfe2745747728ba8ff7eb50d9bdb178039b

SHA256
c9a59f38783ae0b3111cf243babee8397e1608b1e4b55bc5d0151fb3fadec30d

SHA512
da12bb2093374da1bb0f6d810840cf4fe325a6e20bd007f635eb72820ec67e08372729624aeba00744e829b5aec6d682e8c08aa07b84358269fb0436b78ebd0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe

Filesize
468KB

MD5
277e7d55041809dd7392c3db3e65e0d4

SHA1
aed6487a0d4146fc3333f81789e6101f605decd7

SHA256
2b366fef1fd4ab2db73a66b3e5b02fc3e02b1a51f0740d2fb6f8d139e981990d

SHA512
0c11c40435b68195923348e6a987026dbcae1a0823b75e2983084e74617e27583633f10de33f32e95a7ad6162ca245516f18f013fad90aacdb78f78e449d0e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe

Filesize
468KB

MD5
9c7d2ce33fb44f4e8f660cde8683557f

SHA1
c55e16a19a9ac009073d523abd83b6263b5dc006

SHA256
b1f49de211280789dd56b4bd463beaf120713e4e7b7449467d971cda6e97cf2a

SHA512
76a8c8006ed736a81d461c7ba0bb100c43b0c42df03a3cdae36c50f9816b27df036d9b93f481a79af74fec95523023240d4c83f1305117936913647e2b0e1ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe

Filesize
468KB

MD5
61f980e29246ac211e6dfa981a176642

SHA1
d98b75436ebf725059b9bb682b421f96bb3147ac

SHA256
461049ebec9753212952728be0800ae9508102a2f355e7b2c67b27fedfe365db

SHA512
c3e24e395674e2875723a015c7790cc5d67af3295314e86ab1d9ac0a170f55080b66eabd233773bf81130c0c68d25c0a86443997cf889ab04caa723e451e1212

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe

Filesize
468KB

MD5
25701450a769488fb548ff14eeee3d76

SHA1
731ae3bdb0e107b3023661058f91d5f157f7f572

SHA256
b0e9329e32dd960cb099c5643741fcf27c8f9cfde3fccb26bdcebeb31dd15a2a

SHA512
3fb880317887de51d0f9a6b5105472bf81b837f6db28340515f8914348a637c4132ffd3d82b57f0c6aed4f25dd62a16f7c29cb3482232afa64cf402943bd8483

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe

Filesize
468KB

MD5
ec5a61acb85c057fd20e277b4a8af5ae

SHA1
b5bce946720dfdacce0e0da41015ded176276409

SHA256
a6960fe1cacb892a5c31ebbcec70191c861f247aebeb42be365515fb19e83a09

SHA512
f96a46c2b57fa179d5cd04a76f20c4f275fdea3371c289485a1863816b433df3c737ed86f4efeb527853368fc4246e58809c33c0b77e9af56eac5be9af2b008f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe

Filesize
468KB

MD5
414eabebaea007b8f085739f5c94469f

SHA1
94a566bbbc2a4330ad5ff0f38f3151bc8f204945

SHA256
07c48b23badde2895de0d11faf106577625e7e2e2072a4e42a087305992f0436

SHA512
7406c5fa55d357968bd11f59d7da4795358bc3e14206453167ef2e92c2739a6be70a538702cd4d0e1f09448b3e85dd3acabc86a1577489caa541fa82d5157125

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe

Filesize
468KB

MD5
91f708f10143dba2cdab55627b319e45

SHA1
9393c53869fd30240f678494ff0f3ded3f7d5373

SHA256
d822a44452f32289d99dda11c10bb3e2858b31b9fad0d5c2db473fb255f5241f

SHA512
4c3366dea492bb78db5a7add34eba34259cc9041a6abf244db078e11eab6d45e5ac6a5f0debd777c3d6b4e47d28affda99fa3cf4c6970aa1b86bccc3df05ac34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe

Filesize
468KB

MD5
1148f9ff746ac41622df2d3aeb87f1c3

SHA1
159971313025832d1b9e892a4d90b99c27f53234

SHA256
32957bc2db0fed30aa5d4219a8ba39bfa0926d6cff391c10095a86f026e2ab1e

SHA512
469a4c1f1a49ca53464a78c66a40fe66d5e686b931982c04248372d73f0172b3c96b54181e10ff84d41c7cbd8a530321722f84bebc5ded63fefa82ce2bfe8122

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe

Filesize
468KB

MD5
c25304db38b14033bd617930d03c64b7

SHA1
bc3fc063631c328220d9da4d2fb80e8afe40fd25

SHA256
14d4c473a20a640a1b6cde9440889c9cb656b9db4608b27abe86e012478ffc0d

SHA512
cdc84f9fb547aff6421c7582faa130b6a6f94ab910b33c5ac488e3273066e8191f25f36d241fd4b19f04abbc1ce9dc91ee3ae18e08aea3df7e164f9317126138

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe

Filesize
468KB

MD5
e3da56e7d458f13bb1621a7b1689301b

SHA1
c9a5e57b73a14279893c67a3ae52bb50376dd323

SHA256
d5ff4bd8a3c0abff42a6c11dcc9d888f1f1b3a2c9dd84407a1a3f315047c216c

SHA512
159f40ad615abfadf4907272e953cd86978d4c98028e7105bf8d0c20cce6c82da1d4f4e86969c6e318e3975ca0305c83575dd29fa8e76032a4604eb1f7396db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe

Filesize
468KB

MD5
bdda47efae31bdf1f7361172343d49d7

SHA1
774761d93c61252f9d9371d9f58f1ea0e3b40af9

SHA256
3831da724cda6810f8bcb7d6eeb13fb8d1763030d093f3919f6fa5e2e478d113

SHA512
bbe96fa23d52969c7e8155ede4181a3cb10f120de4fb8429817b102ff3c0939437a4ee20a110e4543318eb6d4f0006967c3d9e94e58fa73a670b49cbf8099b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe

Filesize
468KB

MD5
e38162f9c94c1f57c2800eb17f42c612

SHA1
7a7a8eba5799221a984c341843650aa95dc66491

SHA256
993bfb18a563de7fa5b6c245848bc2e0f8a5ea6c7cdb2b7fcb1f1a02e5c710f6

SHA512
867c04382939e5a6a2f31196a69e20aeb2a7337b3991079234753f88b05b972a430d689e09f5f815ee9cab00c8e16c1f3d3c9ebb05305c85704cfcc0903bac70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe

Filesize
468KB

MD5
8e86b4181bc20dbb20b2aa2b785c958e

SHA1
838f5ab7f285e022589642f53bfd86256dde1dbd

SHA256
2c14809a598260b9fa15abf2312c45d8b2edef67ac10bf31bd1e63efc1ab76c9

SHA512
d837e2007baa2470c804157ccebc220a6142ced91f0576a93fd4d0b55d3aa3ca10552e57178fd945b37e1a750f2d775c7e79b487c4cfa10fbed9da367a8fb2e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe

Filesize
468KB

MD5
eccaefc1c76a369a06728b0ba4ef8fee

SHA1
6df6c1815d1b9ba02f70ee9bd5e93150432354bd

SHA256
f5a28024b24525b252c0d94be9991a89fd4239a5e963a4ef5bd83bde9cbe6981

SHA512
a3ea0b25ddd2d9d4d1414cf4e44e881a72c2e50ccb9128f3dd2185416ae09eb7a5e4691c30680f774a06d2171710abdb3ee00ba9b84437647fa7a006e515e081

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe

Filesize
468KB

MD5
45f65b5f5f2225dbfe1fefb93e616ad6

SHA1
39d9240633c3503b34bbad39d98d915384c6fee3

SHA256
529f65cebdedf237dfec03fab3acec750142650166bb57b8f7dc764969d4031c

SHA512
f8d12191d52096a6b9c495b7a53d5bbe0fd75f0196b2a47a37760ce71158ea2ec2f254c7c0a8ab8473b080aa653fda6face86255e4965943ecc384f431951eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe

Filesize
468KB

MD5
f658410faf07ea3c7119870b3d1cef75

SHA1
e3c5845efc6cc538835df45641e5aa5b48b4ac26

SHA256
0393e03c7dbf2e42952ce90b7d122675624587939265b5366dc486954fb198f2

SHA512
1c925f58458f0e8ccf31e40585b91bebcbdfb9899ac1737ca57a54ff84f8379b552371d0d36dfd2d9e58c17d3b6ed1e287fa6a4f3a9802c31eb59b9db9f18b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe

Filesize
468KB

MD5
73586df44451c060e7feabfadfb48aa3

SHA1
06f8d8d08332ba89ee64300dfe371dc227a154d8

SHA256
c1d13f641b1239402d195080de6a3d9caa4e246f1c41e84239d9f35db5705b3d

SHA512
e1b9feaf68de15e0fb0aa069aaa983b4f6b60859d2fd44430b74f8c702c2fcf6462093f493ba5a506d4fe457c6137d9f01c3648968bfb9af4c8053cf807b7609

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe

Filesize
468KB

MD5
1e769996f03b1a9d15c96029218797bb

SHA1
4aab505df8c74747ad86daadf8ed2cdab2ccebe2

SHA256
a79f6a2940e94711dd7ff8eac75f8d4b938136e4eb87af55241afd0c1e321f8c

SHA512
ae494d38c452c080169c57b1d8e2cbf9d991324f840fac3fc222847349201cb5eab6e29933635984be5ed9f0a0864a73a74b912073a37c8d184b6dfa2d1b7b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe

Filesize
468KB

MD5
3543ba50776d4619a3422cd2f54cc645

SHA1
39f0054736f6bf24f6550c7fe6c2ac097093d882

SHA256
0235a55daeee73fbce7cd782973b01645a3685b83ce6160186a9268b1d6ed9e7

SHA512
4e213c379d956b60f556b8c27cf24b337b04f2f6d37ee5530aeada9f8a5cf3b6882dd57d9132fce01d874c22df9826718f297059390f1dafac57b1d6fdbc480a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe

Filesize
468KB

MD5
0c56ec88186ed4d4fa957030f8e3fe4c

SHA1
e89c513f2ee83838a34ee2b995263e5a9aadba26

SHA256
75413c953f3fedf6a7983ce6b75233279627e3465dc02c9e2eec8edc7965e72b

SHA512
42115ef587fb15ee7e1f089e012a2f5cd8580e7616ec01fe58b199f7067af56bfb9154528ebf64259f49db774426af01edbd29940d0bc972bbc8adcb097b47d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe

Filesize
468KB

MD5
999299252ff8c6fa8777e1057c80e4c8

SHA1
5f0db6b96847fdff25f5b67b83f004df1bd85916

SHA256
acadc1e68948bb5fe00ac8943322f5b1bb998d5e57dc10ffae531f4c0dec72e3

SHA512
74b670fdecc0768a309c26446e2bbf2f38ebc5bb8ffbbe8a4f8f1581447ffd0c2dfabea2a1f7fd79e7ffa448172ca60d6d9c7c6ee95b3df55f8ec6a88e12ec25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe

Filesize
468KB

MD5
3c51d0928706d9b533088b56fb29def0

SHA1
ffff861719d2a9f6c52ca4e4b8007a00cb69ab33

SHA256
9ead6b8c5d92c128fece735a4a062439e9e2c26449ff4ed4236a929b7eb79096

SHA512
f142cdd889f55237ba66436469e1f439714de7004969e26307d86d5f075c9fed3880ecf6dffcbdf80f630a87c586f6871a4a5e8627b53b9babcefe6a5e91a181

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe

Filesize
468KB

MD5
897ad41bd4c8fa00fc310bdc35558498

SHA1
bcb4185148478022745bbbf3b58fb89574aa59b3

SHA256
cc585efb2c52fd482cd787b98992955a7ca6f35dacbbc436b65e3064e8a377e6

SHA512
03227b220dadee216b97fc2f68f18aa58c38216e4c96281809142925c6ef79a5c67953d6fff2089d0d7a926f5e5e6e5c282e768efa41e82eefc1fc7c9529f05c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe

Filesize
468KB

MD5
485b9597bdb2c8d3a26cebdd63307019

SHA1
e6c63594b2c503ba554f32a455540820d346beb3

SHA256
ac16dfabc3c7f33469b25518971ac0715a2f6c276cf74b82fa14c02c1eed6332

SHA512
5ab3b393c3a5bc58b89b7ab38b5d8c5b0091bdd6f07db8aa11e2c242f9473c20b12084d0586a61273f2c67a90be9f3e072b221827b074208761b5da813660b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe

Filesize
468KB

MD5
096e0c66da4fb08d9139a7f1c3d51f5d

SHA1
23d56c326b1b90ad30565d24fadbe36f172a5bdc

SHA256
237688784231277b8983672e774c0cd8af11b2dd187abbd46784083b27229e22

SHA512
12f1a1057052a02e83e88d13bec1b52a28ed0f94df263882af262f885a8ac9bde9bd5114aa92e3ee331b37036d6666bc6bacf285d86626f1f96a4b0592159914

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe

Filesize
468KB

MD5
0d2ffd1c02322c0dc5e28152b5f6669d

SHA1
c36e74f64656567416cfc2e0aed1c458e043f695

SHA256
46784222d4e6a52d097efde31344c724b67163174c9a14f2c476a508374dd3f9

SHA512
d4e1f3ff792ddbf30be04070a2adc500c8d1ddb6354b79624c9c31f5b23ef5cf7725e5c0acc08e5f0d42ca5e61592fb620e8b67f5d33d308f206b1cdf284ff56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe

Filesize
468KB

MD5
09ae78cf24b434b08fca987865e04084

SHA1
63f2aaca7af45c729d41614716b0de47f70aee2a

SHA256
3d8c367227c7e564ff813f379c22ff101be325f546364b51e9e72de5ce79f811

SHA512
bb7c7d6eb85498b7d08877e3948df28e65e8b5146e75a26395dec7ebd41739e78c4802eb6042f6356aba237d00412ef5a1ef7d4ba6255fef9afa322dc5c79cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe

Filesize
468KB

MD5
66a9f5f4327bee379888e1b246aacbcd

SHA1
27bd3757acb7a6e80030e2fc488ef2f21c739d5e

SHA256
4accffe35c7209f4e9bfe88bb092fe65244bc8b90cfd48122d7132b9f7da5603

SHA512
aa5f54ab98d721a1764f3383583e1a56d9ec79821033472ff6fc61dfcacaec8a37f56f0e88131781905cdfa0a7f33b29a6fbb5216b5f53c120407ca357cb7f26

Download Submit
memory/60-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/116-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/400-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/720-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/732-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1236-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1372-154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1376-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1408-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1452-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1464-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1516-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1600-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1616-150-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1632-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1852-64-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2004-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2256-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2272-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2320-449-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2364-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2364-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2364-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-67-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2540-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2616-59-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2812-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2884-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3092-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3108-139-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3156-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3260-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3296-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3456-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3520-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3524-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3548-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3596-148-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3680-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3988-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4032-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4040-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4136-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4140-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4168-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4272-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4356-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4364-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4408-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4428-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4444-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4460-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4472-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4528-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4568-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4632-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4640-137-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4664-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4788-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4904-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5116-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5188-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5292-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5320-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-504-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5340-510-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5508-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5520-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5588-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5608-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5664-514-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5676-515-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5716-516-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5736-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5752-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5828-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5876-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14428-2638-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14668-2636-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download