5bf54de32f03645a25debb37ffcab3f052decd0f4cf6add085a2d76582034c6b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49dc7529fec339d01ba9230fda945350N.exe
Size

468KB
MD5

49dc7529fec339d01ba9230fda945350
SHA1

1340145486b64378aa7d74ab80e4576484cb02a6
SHA256

5bf54de32f03645a25debb37ffcab3f052decd0f4cf6add085a2d76582034c6b
SHA512

e5b73e4dfaa64a348b3a792a3f641bd01a5abe9d3c2f4eb0347dceecbfc67cf1716eefde9c1ae401da969a54bca90c274f805a79e0bedca456b9c4b779549fd1
SSDEEP

3072:yhoIowLdji8U6mYAfz52ff5EChjGIp6HmHdaV4R7Is3fSNOmrlL:yhDoYbU68f12ffc0LZ7Ii6NOm

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2700	Unicorn-794.exe
2676	Unicorn-22030.exe
2556	Unicorn-63617.exe
2664	Unicorn-15096.exe
2608	Unicorn-48708.exe
1160	Unicorn-40954.exe
1688	Unicorn-51168.exe
2372	Unicorn-31947.exe
1368	Unicorn-44754.exe
1604	Unicorn-28823.exe
2872	Unicorn-59449.exe
2852	Unicorn-42.exe
1496	Unicorn-65314.exe
1064	Unicorn-33461.exe
2992	Unicorn-45434.exe
936	Unicorn-59393.exe
684	Unicorn-42310.exe
1820	Unicorn-22444.exe
1652	Unicorn-33950.exe
3004	Unicorn-27819.exe
1744	Unicorn-58844.exe
3048	Unicorn-2237.exe
2284	Unicorn-2237.exe
1380	Unicorn-37925.exe
2316	Unicorn-37660.exe
896	Unicorn-13975.exe
2256	Unicorn-42947.exe
2248	Unicorn-23125.exe
2688	Unicorn-28147.exe
2596	Unicorn-31485.exe
3024	Unicorn-42284.exe
2156	Unicorn-22418.exe
2064	Unicorn-56207.exe
2020	Unicorn-61774.exe
2176	Unicorn-14427.exe
320	Unicorn-65474.exe
2756	Unicorn-43208.exe
1236	Unicorn-30193.exe
944	Unicorn-35040.exe
1424	Unicorn-63363.exe
2420	Unicorn-43762.exe
844	Unicorn-27832.exe
1860	Unicorn-56975.exe
2260	Unicorn-11303.exe
664	Unicorn-14810.exe
988	Unicorn-16326.exe
2432	Unicorn-36192.exe
756	Unicorn-48444.exe
1752	Unicorn-17233.exe
2296	Unicorn-64951.exe
1952	Unicorn-11386.exe
2308	Unicorn-20109.exe
2320	Unicorn-52227.exe
2576	Unicorn-37353.exe
2552	Unicorn-60011.exe
772	Unicorn-51843.exe
1956	Unicorn-4349.exe
2076	Unicorn-54841.exe
2844	Unicorn-60971.exe
2888	Unicorn-53742.exe
2124	Unicorn-28491.exe
2528	Unicorn-52995.exe
2412	Unicorn-15397.exe
2504	Unicorn-52419.exe

Loads dropped DLL 64 IoCs

pid	Process
2644	49dc7529fec339d01ba9230fda945350N.exe
2644	49dc7529fec339d01ba9230fda945350N.exe
2700	Unicorn-794.exe
2644	49dc7529fec339d01ba9230fda945350N.exe
2644	49dc7529fec339d01ba9230fda945350N.exe
2700	Unicorn-794.exe
2676	Unicorn-22030.exe
2676	Unicorn-22030.exe
2700	Unicorn-794.exe
2700	Unicorn-794.exe
2644	49dc7529fec339d01ba9230fda945350N.exe
2644	49dc7529fec339d01ba9230fda945350N.exe
2556	Unicorn-63617.exe
2556	Unicorn-63617.exe
2664	Unicorn-15096.exe
2664	Unicorn-15096.exe
2676	Unicorn-22030.exe
2676	Unicorn-22030.exe
1160	Unicorn-40954.exe
1160	Unicorn-40954.exe
2644	49dc7529fec339d01ba9230fda945350N.exe
1688	Unicorn-51168.exe
2700	Unicorn-794.exe
2644	49dc7529fec339d01ba9230fda945350N.exe
1688	Unicorn-51168.exe
2700	Unicorn-794.exe
2556	Unicorn-63617.exe
2556	Unicorn-63617.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2372	Unicorn-31947.exe
2372	Unicorn-31947.exe
2664	Unicorn-15096.exe
2664	Unicorn-15096.exe
2608	Unicorn-48708.exe
1368	Unicorn-44754.exe
2608	Unicorn-48708.exe
1368	Unicorn-44754.exe
2392	WerFault.exe
2676	Unicorn-22030.exe
2676	Unicorn-22030.exe
1496	Unicorn-65314.exe
1496	Unicorn-65314.exe
2644	49dc7529fec339d01ba9230fda945350N.exe
2644	49dc7529fec339d01ba9230fda945350N.exe
1064	Unicorn-33461.exe
2872	Unicorn-59449.exe
1064	Unicorn-33461.exe
2872	Unicorn-59449.exe
1604	Unicorn-28823.exe
1604	Unicorn-28823.exe
2700	Unicorn-794.exe
2700	Unicorn-794.exe
1160	Unicorn-40954.exe
1160	Unicorn-40954.exe
1688	Unicorn-51168.exe
1688	Unicorn-51168.exe
2992	Unicorn-45434.exe
2992	Unicorn-45434.exe
2696	WerFault.exe

Program crash 16 IoCs

pid	pid_target	Process	procid_target
2392	2556	WerFault.exe	32
2696	1688	WerFault.exe	36
2908	1064	WerFault.exe	43
3000	2852	WerFault.exe	41
1156	2420	WerFault.exe	72
2524	2064	WerFault.exe	64
2036	2256	WerFault.exe	57
2752	3048	WerFault.exe	53
1984	944	WerFault.exe	70
3228	2284	WerFault.exe	52
3308	2260	WerFault.exe	74
3876	2124	WerFault.exe	94
3944	2584	WerFault.exe	104
3924	3056	WerFault.exe	100
4568	752	WerFault.exe	113
4580	2108	WerFault.exe	114

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12728.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2644	49dc7529fec339d01ba9230fda945350N.exe
2700	Unicorn-794.exe
2556	Unicorn-63617.exe
2676	Unicorn-22030.exe
2664	Unicorn-15096.exe
1160	Unicorn-40954.exe
2608	Unicorn-48708.exe
1688	Unicorn-51168.exe
2372	Unicorn-31947.exe
1368	Unicorn-44754.exe
1604	Unicorn-28823.exe
1496	Unicorn-65314.exe
2852	Unicorn-42.exe
2872	Unicorn-59449.exe
1064	Unicorn-33461.exe
2992	Unicorn-45434.exe
936	Unicorn-59393.exe
684	Unicorn-42310.exe
1820	Unicorn-22444.exe
2284	Unicorn-2237.exe
1744	Unicorn-58844.exe
3004	Unicorn-27819.exe
3048	Unicorn-2237.exe
1652	Unicorn-33950.exe
2316	Unicorn-37660.exe
896	Unicorn-13975.exe
2256	Unicorn-42947.exe
1380	Unicorn-37925.exe
2248	Unicorn-23125.exe
2688	Unicorn-28147.exe
3024	Unicorn-42284.exe
2596	Unicorn-31485.exe
2156	Unicorn-22418.exe
2064	Unicorn-56207.exe
2020	Unicorn-61774.exe
2176	Unicorn-14427.exe
1236	Unicorn-30193.exe
320	Unicorn-65474.exe
944	Unicorn-35040.exe
2756	Unicorn-43208.exe
2420	Unicorn-43762.exe
1424	Unicorn-63363.exe
844	Unicorn-27832.exe
2260	Unicorn-11303.exe
1860	Unicorn-56975.exe
756	Unicorn-48444.exe
2432	Unicorn-36192.exe
664	Unicorn-14810.exe
988	Unicorn-16326.exe
1752	Unicorn-17233.exe
2296	Unicorn-64951.exe
2320	Unicorn-52227.exe
2308	Unicorn-20109.exe
2576	Unicorn-37353.exe
2552	Unicorn-60011.exe
772	Unicorn-51843.exe
1956	Unicorn-4349.exe
2076	Unicorn-54841.exe
2844	Unicorn-60971.exe
2888	Unicorn-53742.exe
2124	Unicorn-28491.exe
2528	Unicorn-52995.exe
2412	Unicorn-15397.exe
2504	Unicorn-52419.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2700	2644	49dc7529fec339d01ba9230fda945350N.exe	30
PID 2644 wrote to memory of 2700	2644	49dc7529fec339d01ba9230fda945350N.exe	30
PID 2644 wrote to memory of 2700	2644	49dc7529fec339d01ba9230fda945350N.exe	30
PID 2644 wrote to memory of 2700	2644	49dc7529fec339d01ba9230fda945350N.exe	30
PID 2644 wrote to memory of 2556	2644	49dc7529fec339d01ba9230fda945350N.exe	32
PID 2644 wrote to memory of 2556	2644	49dc7529fec339d01ba9230fda945350N.exe	32
PID 2644 wrote to memory of 2556	2644	49dc7529fec339d01ba9230fda945350N.exe	32
PID 2644 wrote to memory of 2556	2644	49dc7529fec339d01ba9230fda945350N.exe	32
PID 2700 wrote to memory of 2676	2700	Unicorn-794.exe	31
PID 2700 wrote to memory of 2676	2700	Unicorn-794.exe	31
PID 2700 wrote to memory of 2676	2700	Unicorn-794.exe	31
PID 2700 wrote to memory of 2676	2700	Unicorn-794.exe	31
PID 2676 wrote to memory of 2664	2676	Unicorn-22030.exe	33
PID 2676 wrote to memory of 2664	2676	Unicorn-22030.exe	33
PID 2676 wrote to memory of 2664	2676	Unicorn-22030.exe	33
PID 2676 wrote to memory of 2664	2676	Unicorn-22030.exe	33
PID 2700 wrote to memory of 2608	2700	Unicorn-794.exe	34
PID 2700 wrote to memory of 2608	2700	Unicorn-794.exe	34
PID 2700 wrote to memory of 2608	2700	Unicorn-794.exe	34
PID 2700 wrote to memory of 2608	2700	Unicorn-794.exe	34
PID 2644 wrote to memory of 1160	2644	49dc7529fec339d01ba9230fda945350N.exe	35
PID 2644 wrote to memory of 1160	2644	49dc7529fec339d01ba9230fda945350N.exe	35
PID 2644 wrote to memory of 1160	2644	49dc7529fec339d01ba9230fda945350N.exe	35
PID 2644 wrote to memory of 1160	2644	49dc7529fec339d01ba9230fda945350N.exe	35
PID 2556 wrote to memory of 1688	2556	Unicorn-63617.exe	36
PID 2556 wrote to memory of 1688	2556	Unicorn-63617.exe	36
PID 2556 wrote to memory of 1688	2556	Unicorn-63617.exe	36
PID 2556 wrote to memory of 1688	2556	Unicorn-63617.exe	36
PID 2664 wrote to memory of 2372	2664	Unicorn-15096.exe	37
PID 2664 wrote to memory of 2372	2664	Unicorn-15096.exe	37
PID 2664 wrote to memory of 2372	2664	Unicorn-15096.exe	37
PID 2664 wrote to memory of 2372	2664	Unicorn-15096.exe	37
PID 2676 wrote to memory of 1368	2676	Unicorn-22030.exe	38
PID 2676 wrote to memory of 1368	2676	Unicorn-22030.exe	38
PID 2676 wrote to memory of 1368	2676	Unicorn-22030.exe	38
PID 2676 wrote to memory of 1368	2676	Unicorn-22030.exe	38
PID 1160 wrote to memory of 1604	1160	Unicorn-40954.exe	39
PID 1160 wrote to memory of 1604	1160	Unicorn-40954.exe	39
PID 1160 wrote to memory of 1604	1160	Unicorn-40954.exe	39
PID 1160 wrote to memory of 1604	1160	Unicorn-40954.exe	39
PID 2644 wrote to memory of 1496	2644	49dc7529fec339d01ba9230fda945350N.exe	40
PID 2644 wrote to memory of 1496	2644	49dc7529fec339d01ba9230fda945350N.exe	40
PID 2644 wrote to memory of 1496	2644	49dc7529fec339d01ba9230fda945350N.exe	40
PID 2644 wrote to memory of 1496	2644	49dc7529fec339d01ba9230fda945350N.exe	40
PID 1688 wrote to memory of 2852	1688	Unicorn-51168.exe	41
PID 1688 wrote to memory of 2852	1688	Unicorn-51168.exe	41
PID 1688 wrote to memory of 2852	1688	Unicorn-51168.exe	41
PID 1688 wrote to memory of 2852	1688	Unicorn-51168.exe	41
PID 2700 wrote to memory of 2872	2700	Unicorn-794.exe	42
PID 2700 wrote to memory of 2872	2700	Unicorn-794.exe	42
PID 2700 wrote to memory of 2872	2700	Unicorn-794.exe	42
PID 2700 wrote to memory of 2872	2700	Unicorn-794.exe	42
PID 2556 wrote to memory of 1064	2556	Unicorn-63617.exe	43
PID 2556 wrote to memory of 1064	2556	Unicorn-63617.exe	43
PID 2556 wrote to memory of 1064	2556	Unicorn-63617.exe	43
PID 2556 wrote to memory of 1064	2556	Unicorn-63617.exe	43
PID 2556 wrote to memory of 2392	2556	Unicorn-63617.exe	44
PID 2556 wrote to memory of 2392	2556	Unicorn-63617.exe	44
PID 2556 wrote to memory of 2392	2556	Unicorn-63617.exe	44
PID 2556 wrote to memory of 2392	2556	Unicorn-63617.exe	44
PID 2372 wrote to memory of 2992	2372	Unicorn-31947.exe	45
PID 2372 wrote to memory of 2992	2372	Unicorn-31947.exe	45
PID 2372 wrote to memory of 2992	2372	Unicorn-31947.exe	45
PID 2372 wrote to memory of 2992	2372	Unicorn-31947.exe	45

C:\Users\Admin\AppData\Local\Temp\49dc7529fec339d01ba9230fda945350N.exe
"C:\Users\Admin\AppData\Local\Temp\49dc7529fec339d01ba9230fda945350N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31947.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe
        8⤵
        Executes dropped EXE
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
        9⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        9⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        8⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        9⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        8⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20109.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        8⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        8⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        7⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        7⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        8⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
        6⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10867.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        6⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        7⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
        6⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        7⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61272.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        6⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
        7⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        7⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
        6⤵
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        6⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        5⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49778.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        6⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        6⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1731.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
        5⤵
        
        PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36950.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20291.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        7⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        7⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46467.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        6⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        7⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        6⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        5⤵
        
        PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
        5⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        6⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        7⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9212.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        6⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        5⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        6⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3955.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
      4⤵
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
      4⤵
      PID:6100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        8⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        7⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39342.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
        7⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        6⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4349.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        5⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        5⤵
        
        PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        7⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
        6⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        5⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        6⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        6⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9714.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
        5⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9633.exe
        5⤵
        
        PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
      4⤵
      PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
      4⤵
      PID:5268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
        5⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48133.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
        6⤵
        
        PID:4708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        5⤵
        Program crash
        
        PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        5⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        6⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        6⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39679.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        5⤵
        
        PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
      4⤵
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15605.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        5⤵
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        5⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
      4⤵
      PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
      4⤵
      PID:492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
      4⤵
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
      4⤵
      PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        5⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        6⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        5⤵
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
      4⤵
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38547.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        5⤵
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
      4⤵
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
      4⤵
      PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
      4⤵
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        5⤵
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
      4⤵
      PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
      4⤵
      PID:6044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
    3⤵
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
      4⤵
      PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1918.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
    3⤵
    PID:1040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
    3⤵
    PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35960.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        7⤵
        Program crash
        
        PID:3876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        6⤵
        Program crash
        
        PID:2524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        5⤵
        Program crash
        
        PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        5⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
        6⤵
        
        PID:3096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
        6⤵
        Program crash
        
        PID:3924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        5⤵
        Program crash
        
        PID:2036
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
        7⤵
        Program crash
        
        PID:4568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
        6⤵
        Program crash
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        5⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        6⤵
        
        PID:3748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
        6⤵
        Program crash
        
        PID:4580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        5⤵
        Program crash
        
        PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43762.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        6⤵
        
        PID:2276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        6⤵
        Program crash
        
        PID:3944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        5⤵
        Program crash
        
        PID:1156
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
      4⤵
      Program crash
      PID:2908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        6⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        5⤵
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        6⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        5⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        5⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63860.exe
      4⤵
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        5⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18458.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
      4⤵
      PID:5968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13975.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        5⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        6⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        5⤵
        
        PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
      4⤵
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
      4⤵
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
      4⤵
      PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
      4⤵
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe
        5⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        5⤵
        
        PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
      4⤵
      PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
      4⤵
      PID:5180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
    3⤵
    PID:768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
    3⤵
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
      4⤵
      PID:5668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
    3⤵
    PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
    3⤵
    PID:5928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
        5⤵
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        5⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        5⤵
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
      4⤵
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
      4⤵
      PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
      4⤵
      PID:5172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
      4⤵
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
    3⤵
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
      4⤵
      PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
    3⤵
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
    3⤵
    PID:5212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
      4⤵
      Program crash
      PID:3308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
    3⤵
    PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
      4⤵
      PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
      4⤵
      PID:7032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
    3⤵
    PID:4168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
    3⤵
    PID:5688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35751.exe
    3⤵
    PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
    3⤵
    PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
    3⤵
    PID:4620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
  2⤵
  PID:1712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
  2⤵
  PID:3120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35960.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35960.exe
  2⤵
  PID:6108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe

Filesize
468KB

MD5
77d6c757a049f96892499d677780d059

SHA1
80c72ac89c1d6c8e961c56a2fef6d5e5ae0cdeb2

SHA256
d4286ce809611be2f64259a88ec9984659e9c26e894e0d8b3758de125e5c3ad8

SHA512
87ee0f09a544ff67fb03374920d3874b2ebcd85c89472544b2b4537a3051b4022254945bf8bf9fb67be086ec08ab6e98cb407d02d26c4b3024452586164b76d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe

Filesize
468KB

MD5
ec6f7015d0289e28b4e5da81395b1f79

SHA1
ecbe9db63facff9d0877a965ab7bb60c54ea99a7

SHA256
bc13fd18d4c3643ec67fd7336b0dabc006f1728381c6d28d8c2ce02c820777e0

SHA512
da9ceb9dd4b3e8bf3393519a141d8300462875498e8625032c0b711dc09c352fb254636947bb1f0ce2e261b6af5caab720da88fc18927e65d85979b6b818356a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31947.exe

Filesize
468KB

MD5
29ef64a1d2416bfb5ce394a1c6cda6c1

SHA1
0d28ddee36de6580733d31aaab09812f7e25e8c3

SHA256
9ef840f693dc65fc7b5442241d09bbd58a6b7e774c3b50cb021746951be28305

SHA512
44670613f773e9791c3c6f2172769d643968e0de32469f211162ab3fa68b26932354ce5f584eab71bf29b7a9aef2236df8c5f105b6d12668fe0e00a76d4b4ec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe

Filesize
468KB

MD5
a374ccae60f1a3c4e4a278f110f5ed1a

SHA1
8f400e9552c5fa4db353b24c36a5795d49b238eb

SHA256
a604266bc1a309a09c7d033c04eb01b4a6676019f27dbbd32608d15f200bc6b2

SHA512
931566ce92c8cc059bdb95ec236d2e70f53892b39128c9e90b0086754ffb754de01ae303c60fda7dc0cf2c17f9db435965dabf60d22ec882bb882d0118c3417f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe

Filesize
468KB

MD5
bfeafdf6f6218cd7994cf59e53faf4a8

SHA1
42d00c3f3ac58a991a73dbefbf97af9ccb6b0d9f

SHA256
7158eb239e3999792b9b0867f03cabddbe377f8f2a8243f9f0834bfc2e8a7ff1

SHA512
7f5bf41bac5377cb85a4247473fc118b595d9c047baf64cd6151c8c988015afc5b644180952cbd01f02104ff793db38cd72aef89522c72d85cd0e817a0bc87e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe

Filesize
468KB

MD5
7d9a577afd4dfabc90d59279f065c950

SHA1
8becd29b8e868aa98cbbb005db5fbe2509546cfc

SHA256
ad6a43f677cdae36fb1d0b5bb914c79b353259a22b3de80e18db7963e7859365

SHA512
770bacd4dae388962a61062c49645cfbfd7ea9dffc1517703ffbb2fe1025d6bb4c8b21b7f3e1320269f3a0d6173ea2a039b0e47da9daadd750e6bd04dc09c076

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe

Filesize
468KB

MD5
b4bc6a3bda31934c5360da39cbc4e2e9

SHA1
eca257c91400a69bdbee2bdebee83a2194b02d36

SHA256
5d15f68111be91564a644035e8a08530aa4bca21ade52b82b7d5815c22894f52

SHA512
0e9585d3d0f406ed510198fd480e2000b277819def14742f078e89608f625fef083206d7866e2739cab0c1ebec6fa62bfc45b2c6f5c08ee1a960c8ca7b524d29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe

Filesize
468KB

MD5
da896bfbccbbb4042e639cc404a2cad5

SHA1
a3a30905dfada09ef22eafe904b62e8f4d59128d

SHA256
95df133de7571091ec420d1821ffff9c6d67dd4573eed19f63fcff6d068451fe

SHA512
b72adedcb898c73a5e372e4fbd90b7f07c06478e32d2fb49ad9f63dbfa748b9a4746e4130c4d4ec188f87a82a087c154b758c102f2a38d03687e109c451ff769

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe

Filesize
468KB

MD5
8027494b3bd9c9355824b1cf35813142

SHA1
07069f34e54f9e23e6182b31aa158b5c184144af

SHA256
4467683df52a8e2bd2596e07ac702454c4264cf70a7cc44e33d503f3d1c436e9

SHA512
2880ff4b7fe38a7013c8964d394b76ba08cfa0bd1a16a4e5e9cdebdddbc03c3558ad83ec0e09be79571cc1d461bc4c94940c514dc9b648e71a292a5e20af0a1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe

Filesize
468KB

MD5
8dbf130630471650d28b4d4e059376fb

SHA1
0115f03be8cbc5b19f6cef0d404ea04f20dac3bc

SHA256
e572168fd40cb6d94efbe63d1995aabb3ab51a413e0b1b5294a79b96f0782567

SHA512
7c6506700d0ecfc442d39473a05fab6feeb60c1a8e3a2a7102db804422f28df8c8f520822f5a44a7c7c41f0d1e1fce388e95ede64857911619f8372c2d5baea1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe

Filesize
468KB

MD5
1fa2c9252665f9621e44062b92e3e9e9

SHA1
1981fad0d34eba2af01636caa583d77ac7b9bd76

SHA256
5745635a3ef9ee1116c11be803449bd6bdab06d20673b4178c3e2b28efb16f2c

SHA512
c5c3be503c639ffcc5e2abd2feb4475c3555132963e1b5e14443533c7586ae9ccd94c04224dd137a4fc70240eda425b0c5fb72b301ac5d02d3e5b8276bd1c421

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe

Filesize
468KB

MD5
15ea76893a1e6f7630fa81c2b17ba0e0

SHA1
e5cf9738e222e7a149378c48c9d173f806f6e5e4

SHA256
096ce2105adb10aca395a233b5ec4c193da1131d7044ca8781ba712cec598b21

SHA512
43710ae853ad3035dd0640de1ffd59cf53664a0b315eb6d2165ee351e426b200e891b5a2329a5f3b0a0c638c51e20d8f5ffac66a25ecc1a038cf7daa0f1e36d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe

Filesize
468KB

MD5
a6eeab347ce5d5b3e6464b8a3f87c10e

SHA1
cd9e3e46ea20232afdf29bc08fc11d7d44c18b1a

SHA256
fe48862cf98c213f37a81b3d4de05ce9469a30113bcfeb6c1117d6302a7c992b

SHA512
71f031444afcf3924d6f82a4456c5858ad49e27714b39aa5b0b9910fa947ca38dd7f2751438892d19763419b1670aab2d995c96ca49507b408ca981b767c11fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe

Filesize
468KB

MD5
b79162a60e607301069b985e29eb850f

SHA1
7cbf341e9a70185feef1dafc9e9b8876f4e84dd0

SHA256
8f3acca80d7460e63c1073e856728bb3b3b0a6548334b451a4bf7e27e6cd0e98

SHA512
030431753e6631a62f84fc4355bbfd8ae031989d312b7fc7d4b4f6f45159368d5cb2c80036b7f98ae6f1baf4398299829d6da51b616af4821b12cb6644fe8820

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe

Filesize
468KB

MD5
f93c98eba32796a525dfa1240352ec6c

SHA1
7f8b1ef8f18595ec190dda51ea50d7f39147d4cd

SHA256
00ed96f9c7f36dcf3a94079bac0f6cb4b4f2b20dd28cb0f118b795d851961305

SHA512
db6190296ed8c8b49ebec92c424dcb01c083e008eda146109b7f3582f89cfb969c3cc5ed026778682ca3f8cb15f79248f282fde801e4d62ad5552357e53bd37f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe

Filesize
468KB

MD5
a2d70010d6b3bad4cebf2422998c110f

SHA1
e4a92c0199728579ff76da3cfc0e7b3540f40bf1

SHA256
4845d3e77203aa2fd1a0c596bfb3cbfd275487e78520aca1c30a04745b4dca55

SHA512
45472537847b17581d3a6705e0113862dee657ac2618b44f1f6c816971f86375a7fd3c9c233ddf3a0e3d844e5e6f07e05731904e734ef43478c5c0c419779870

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe

Filesize
468KB

MD5
0b56707bccae38397c92d0ab49877a4f

SHA1
f837073aed5a5e09ffe7c9c32c4cd52aaf73e04a

SHA256
9326c18a98791201fc3b6dd05888866d9e62e1ff642d2747311d565c6139e8e5

SHA512
faf0c9387bf8336a4bad5222aeea4dced4d78437412b117873c13341d5acc4dc6ed2c05605fd647bc0598ae7062e85e92f4a65dea58ff02a2ba70f2e12bde1c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-794.exe

Filesize
468KB

MD5
01a81473774f168d1bb87230469bfd79

SHA1
d93d86fa7457fca35bd34606ca64c8a5243de729

SHA256
4a6022a3eb7f8b3c3cb0850484355f90dc8eab15add8d195964899099804fbd5

SHA512
25b121a869372c89173ffcbea5b46ce9c3d6b0d4af385d2d2376daed96213861b04f70fd9cb864cca73808bb3c7352d615e0ddd942295035375c15a3bcce90d2

Download Submit
memory/320-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/684-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/684-338-0x0000000003450000-0x00000000034C5000-memory.dmp

Filesize
468KB

Download
memory/684-342-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/896-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/936-391-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/936-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/936-392-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/1064-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-259-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/1160-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1160-289-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/1160-123-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/1160-294-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/1368-225-0x00000000006B0000-0x0000000000725000-memory.dmp

Filesize
468KB

Download
memory/1368-355-0x00000000006B0000-0x0000000000725000-memory.dmp

Filesize
468KB

Download
memory/1368-226-0x00000000006B0000-0x0000000000725000-memory.dmp

Filesize
468KB

Download
memory/1368-357-0x00000000006B0000-0x0000000000725000-memory.dmp

Filesize
468KB

Download
memory/1368-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1380-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-248-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1496-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-249-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1604-275-0x00000000029A0000-0x0000000002A15000-memory.dmp

Filesize
468KB

Download
memory/1604-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1604-281-0x00000000029A0000-0x0000000002A15000-memory.dmp

Filesize
468KB

Download
memory/1652-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-308-0x0000000003390000-0x0000000003405000-memory.dmp

Filesize
468KB

Download
memory/1688-299-0x0000000003390000-0x0000000003405000-memory.dmp

Filesize
468KB

Download
memory/1688-150-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/1688-156-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/1744-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1820-356-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1820-358-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1820-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2020-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2064-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2156-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2176-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2256-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-411-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2316-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-197-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2372-198-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2372-328-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2372-332-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2556-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2556-170-0x0000000002760000-0x00000000027D5000-memory.dmp

Filesize
468KB

Download
memory/2556-164-0x0000000002760000-0x00000000027D5000-memory.dmp

Filesize
468KB

Download
memory/2596-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2608-227-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2608-224-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2608-381-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2608-382-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2644-39-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2644-258-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2644-6-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2644-145-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2644-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2644-11-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2644-38-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2644-263-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2644-154-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2644-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2664-210-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2664-99-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2664-403-0x00000000025A0000-0x0000000002615000-memory.dmp

Filesize
468KB

Download
memory/2664-53-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2664-205-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2676-111-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2676-246-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2676-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2676-247-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2676-51-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2676-52-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2688-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2700-65-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2700-153-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2700-287-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2700-276-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2700-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2700-21-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2852-368-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2852-372-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2872-261-0x0000000002840000-0x00000000028B5000-memory.dmp

Filesize
468KB

Download
memory/2872-260-0x0000000002840000-0x00000000028B5000-memory.dmp

Filesize
468KB

Download
memory/2872-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-322-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/2992-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-321-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/3004-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3048-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download