fb7f9d3c9e0ef3a2494eb238ff56c6db0303171039ecbb14e6c2bd57becef7e1

Analysis

max time kernel
117s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ad06e2840c2a1e7905ec47528ee40e0N.exe
Size

468KB
MD5

8ad06e2840c2a1e7905ec47528ee40e0
SHA1

92916a7579238d3da283530b232e2e7aa52788bc
SHA256

fb7f9d3c9e0ef3a2494eb238ff56c6db0303171039ecbb14e6c2bd57becef7e1
SHA512

ea3c8cd1781b13b3c11f627306f574e1d2abec7e42451f467ba338256504158514c00ed047cf8bc10937ae352dcc32cc2d9ddfc74e555762d6cd0e88c6649a1a
SSDEEP

3072:kbXIog5ZP88U2aYVPxsvff8/WCkAZ4pchdHeZVSFbY2NcJeOsrYc:kbYoyRU2dP+vffaEJWbYKIeOs

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2248	Unicorn-52132.exe
2816	Unicorn-21489.exe
2956	Unicorn-13875.exe
2740	Unicorn-82.exe
1872	Unicorn-23195.exe
2720	Unicorn-8250.exe
2092	Unicorn-63573.exe
2552	Unicorn-14555.exe
1168	Unicorn-6942.exe
1980	Unicorn-22724.exe
2204	Unicorn-59572.exe
1292	Unicorn-46963.exe
2948	Unicorn-47228.exe
2524	Unicorn-47228.exe
2260	Unicorn-8888.exe
1480	Unicorn-41281.exe
596	Unicorn-61701.exe
2580	Unicorn-41835.exe
864	Unicorn-2286.exe
2572	Unicorn-51395.exe
2432	Unicorn-28837.exe
1876	Unicorn-59298.exe
1552	Unicorn-48442.exe
704	Unicorn-49833.exe
2608	Unicorn-49833.exe
872	Unicorn-51871.exe
548	Unicorn-57239.exe
2800	Unicorn-23923.exe
2984	Unicorn-4057.exe
2836	Unicorn-62817.exe
2972	Unicorn-56687.exe
2772	Unicorn-59288.exe
3052	Unicorn-57363.exe
2876	Unicorn-23107.exe
2460	Unicorn-59309.exe
2132	Unicorn-54463.exe
1936	Unicorn-63393.exe
2120	Unicorn-63393.exe
2016	Unicorn-62059.exe
1656	Unicorn-42458.exe
1660	Unicorn-52018.exe
1728	Unicorn-1840.exe
3048	Unicorn-41712.exe
2284	Unicorn-60741.exe
1628	Unicorn-53964.exe
1512	Unicorn-17784.exe
2008	Unicorn-63455.exe
1500	Unicorn-25952.exe
2680	Unicorn-37939.exe
2488	Unicorn-12738.exe
1576	Unicorn-56.exe
1408	Unicorn-57446.exe
2892	Unicorn-38972.exe
2952	Unicorn-35442.exe
2708	Unicorn-14010.exe
2704	Unicorn-61338.exe
636	Unicorn-3969.exe
3056	Unicorn-47503.exe
1960	Unicorn-18259.exe
2396	Unicorn-6683.exe
2168	Unicorn-6683.exe
1700	Unicorn-43995.exe
532	Unicorn-57730.exe
2416	Unicorn-16916.exe

Loads dropped DLL 64 IoCs

pid	Process
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe
2248	Unicorn-52132.exe
2248	Unicorn-52132.exe
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe
2816	Unicorn-21489.exe
2816	Unicorn-21489.exe
2248	Unicorn-52132.exe
2248	Unicorn-52132.exe
2956	Unicorn-13875.exe
2956	Unicorn-13875.exe
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe
2740	Unicorn-82.exe
2740	Unicorn-82.exe
2816	Unicorn-21489.exe
2816	Unicorn-21489.exe
1872	Unicorn-23195.exe
1872	Unicorn-23195.exe
2248	Unicorn-52132.exe
2248	Unicorn-52132.exe
2092	Unicorn-63573.exe
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe
2956	Unicorn-13875.exe
2720	Unicorn-8250.exe
2092	Unicorn-63573.exe
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe
2956	Unicorn-13875.exe
2720	Unicorn-8250.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
1880	WerFault.exe
1880	WerFault.exe
1880	WerFault.exe
1880	WerFault.exe
1880	WerFault.exe
2400	WerFault.exe
2552	Unicorn-14555.exe
2552	Unicorn-14555.exe
1168	Unicorn-6942.exe
2740	Unicorn-82.exe
1168	Unicorn-6942.exe
2740	Unicorn-82.exe
2816	Unicorn-21489.exe
2816	Unicorn-21489.exe
2204	Unicorn-59572.exe
2204	Unicorn-59572.exe
1980	Unicorn-22724.exe
1980	Unicorn-22724.exe
2248	Unicorn-52132.exe
2248	Unicorn-52132.exe
1872	Unicorn-23195.exe
1872	Unicorn-23195.exe
2260	Unicorn-8888.exe
1292	Unicorn-46963.exe
2260	Unicorn-8888.exe
1292	Unicorn-46963.exe
2956	Unicorn-13875.exe
2956	Unicorn-13875.exe
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2400	2948	WerFault.exe
1880	2524	WerFault.exe
3012	2008	WerFault.exe	79

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9288.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe
2248	Unicorn-52132.exe
2816	Unicorn-21489.exe
2956	Unicorn-13875.exe
2740	Unicorn-82.exe
1872	Unicorn-23195.exe
2720	Unicorn-8250.exe
2092	Unicorn-63573.exe
2552	Unicorn-14555.exe
1168	Unicorn-6942.exe
1980	Unicorn-22724.exe
2204	Unicorn-59572.exe
1292	Unicorn-46963.exe
2524	Unicorn-47228.exe
2260	Unicorn-8888.exe
2948	Unicorn-47228.exe
1480	Unicorn-41281.exe
2580	Unicorn-41835.exe
596	Unicorn-61701.exe
864	Unicorn-2286.exe
2572	Unicorn-51395.exe
2432	Unicorn-28837.exe
1876	Unicorn-59298.exe
1552	Unicorn-48442.exe
2608	Unicorn-49833.exe
704	Unicorn-49833.exe
872	Unicorn-51871.exe
548	Unicorn-57239.exe
2800	Unicorn-23923.exe
2984	Unicorn-4057.exe
2836	Unicorn-62817.exe
2972	Unicorn-56687.exe
2772	Unicorn-59288.exe
3052	Unicorn-57363.exe
2460	Unicorn-59309.exe
2876	Unicorn-23107.exe
1936	Unicorn-63393.exe
2120	Unicorn-63393.exe
2132	Unicorn-54463.exe
2016	Unicorn-62059.exe
1656	Unicorn-42458.exe
1660	Unicorn-52018.exe
1728	Unicorn-1840.exe
3048	Unicorn-41712.exe
2284	Unicorn-60741.exe
2008	Unicorn-63455.exe
1628	Unicorn-53964.exe
1512	Unicorn-17784.exe
2680	Unicorn-37939.exe
1500	Unicorn-25952.exe
2488	Unicorn-12738.exe
1576	Unicorn-56.exe
1408	Unicorn-57446.exe
2952	Unicorn-35442.exe
2892	Unicorn-38972.exe
2708	Unicorn-14010.exe
2704	Unicorn-61338.exe
636	Unicorn-3969.exe
3056	Unicorn-47503.exe
1960	Unicorn-18259.exe
2396	Unicorn-6683.exe
2168	Unicorn-6683.exe
1700	Unicorn-43995.exe
532	Unicorn-57730.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 2248	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	31
PID 1176 wrote to memory of 2248	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	31
PID 1176 wrote to memory of 2248	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	31
PID 1176 wrote to memory of 2248	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	31
PID 2248 wrote to memory of 2816	2248	Unicorn-52132.exe	32
PID 2248 wrote to memory of 2816	2248	Unicorn-52132.exe	32
PID 2248 wrote to memory of 2816	2248	Unicorn-52132.exe	32
PID 2248 wrote to memory of 2816	2248	Unicorn-52132.exe	32
PID 1176 wrote to memory of 2956	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	33
PID 1176 wrote to memory of 2956	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	33
PID 1176 wrote to memory of 2956	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	33
PID 1176 wrote to memory of 2956	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	33
PID 2816 wrote to memory of 2740	2816	Unicorn-21489.exe	34
PID 2816 wrote to memory of 2740	2816	Unicorn-21489.exe	34
PID 2816 wrote to memory of 2740	2816	Unicorn-21489.exe	34
PID 2816 wrote to memory of 2740	2816	Unicorn-21489.exe	34
PID 2248 wrote to memory of 1872	2248	Unicorn-52132.exe	35
PID 2248 wrote to memory of 1872	2248	Unicorn-52132.exe	35
PID 2248 wrote to memory of 1872	2248	Unicorn-52132.exe	35
PID 2248 wrote to memory of 1872	2248	Unicorn-52132.exe	35
PID 2956 wrote to memory of 2720	2956	Unicorn-13875.exe	36
PID 2956 wrote to memory of 2720	2956	Unicorn-13875.exe	36
PID 2956 wrote to memory of 2720	2956	Unicorn-13875.exe	36
PID 2956 wrote to memory of 2720	2956	Unicorn-13875.exe	36
PID 1176 wrote to memory of 2092	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	37
PID 1176 wrote to memory of 2092	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	37
PID 1176 wrote to memory of 2092	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	37
PID 1176 wrote to memory of 2092	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	37
PID 2740 wrote to memory of 2552	2740	Unicorn-82.exe	38
PID 2740 wrote to memory of 2552	2740	Unicorn-82.exe	38
PID 2740 wrote to memory of 2552	2740	Unicorn-82.exe	38
PID 2740 wrote to memory of 2552	2740	Unicorn-82.exe	38
PID 2816 wrote to memory of 1168	2816	Unicorn-21489.exe	39
PID 2816 wrote to memory of 1168	2816	Unicorn-21489.exe	39
PID 2816 wrote to memory of 1168	2816	Unicorn-21489.exe	39
PID 2816 wrote to memory of 1168	2816	Unicorn-21489.exe	39
PID 1872 wrote to memory of 1980	1872	Unicorn-23195.exe	40
PID 1872 wrote to memory of 1980	1872	Unicorn-23195.exe	40
PID 1872 wrote to memory of 1980	1872	Unicorn-23195.exe	40
PID 1872 wrote to memory of 1980	1872	Unicorn-23195.exe	40
PID 2248 wrote to memory of 2204	2248	Unicorn-52132.exe	41
PID 2248 wrote to memory of 2204	2248	Unicorn-52132.exe	41
PID 2248 wrote to memory of 2204	2248	Unicorn-52132.exe	41
PID 2248 wrote to memory of 2204	2248	Unicorn-52132.exe	41
PID 2092 wrote to memory of 2948	2092	Unicorn-63573.exe	42
PID 2092 wrote to memory of 2948	2092	Unicorn-63573.exe	42
PID 2092 wrote to memory of 2948	2092	Unicorn-63573.exe	42
PID 2092 wrote to memory of 2948	2092	Unicorn-63573.exe	42
PID 1176 wrote to memory of 1292	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	44
PID 1176 wrote to memory of 1292	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	44
PID 1176 wrote to memory of 1292	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	44
PID 1176 wrote to memory of 1292	1176	8ad06e2840c2a1e7905ec47528ee40e0N.exe	44
PID 2720 wrote to memory of 2524	2720	Unicorn-8250.exe	43
PID 2720 wrote to memory of 2524	2720	Unicorn-8250.exe	43
PID 2720 wrote to memory of 2524	2720	Unicorn-8250.exe	43
PID 2720 wrote to memory of 2524	2720	Unicorn-8250.exe	43
PID 2956 wrote to memory of 2260	2956	Unicorn-13875.exe	45
PID 2956 wrote to memory of 2260	2956	Unicorn-13875.exe	45
PID 2956 wrote to memory of 2260	2956	Unicorn-13875.exe	45
PID 2956 wrote to memory of 2260	2956	Unicorn-13875.exe	45
PID 2524 wrote to memory of 1880	2524	Unicorn-47228.exe	46
PID 2524 wrote to memory of 1880	2524	Unicorn-47228.exe	46
PID 2524 wrote to memory of 1880	2524	Unicorn-47228.exe	46
PID 2524 wrote to memory of 1880	2524	Unicorn-47228.exe	46

C:\Users\Admin\AppData\Local\Temp\8ad06e2840c2a1e7905ec47528ee40e0N.exe
"C:\Users\Admin\AppData\Local\Temp\8ad06e2840c2a1e7905ec47528ee40e0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        7⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        7⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
        7⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
        7⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        6⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35468.exe
        6⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        6⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60134.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        7⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        6⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        6⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
        6⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        5⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        5⤵
        
        PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        7⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
        7⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30917.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        7⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
        6⤵
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
        6⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        6⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
        6⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        6⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        6⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60512.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2286.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        6⤵
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
        5⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61006.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        5⤵
        
        PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50737.exe
      4⤵
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
      4⤵
      PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28837.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        7⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        7⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        7⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
        6⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42458.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52158.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40839.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        6⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15877.exe
        5⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
        5⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        7⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        6⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        6⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-575.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        6⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        5⤵
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
        5⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        6⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        6⤵
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        6⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        6⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20637.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        5⤵
        
        PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
      4⤵
      Executes dropped EXE
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
      4⤵
      PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
      4⤵
      PID:6096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        7⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        7⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24420.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        6⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        6⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27161.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        5⤵
        
        PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
      4⤵
      PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52038.exe
      4⤵
      PID:6052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
        5⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        6⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50295.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
      4⤵
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36916.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27161.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
      4⤵
      PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
      4⤵
      PID:5320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
      4⤵
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
      4⤵
      PID:5748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
    3⤵
    PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
    3⤵
    PID:4520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
    3⤵
    PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
    3⤵
    PID:5400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 200
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
      4⤵
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
      4⤵
      PID:5868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        6⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12852.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
        5⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        6⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        5⤵
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        5⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        5⤵
        Program crash
        
        PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11051.exe
      4⤵
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
      4⤵
      PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
      4⤵
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
      4⤵
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55583.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9292.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17456.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
      4⤵
      PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
      4⤵
      PID:6012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        5⤵
        
        PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
      4⤵
      PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
      4⤵
      PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
    3⤵
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57776.exe
      4⤵
      PID:5428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26348.exe
    3⤵
    PID:3736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47271.exe
    3⤵
    PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45857.exe
    3⤵
    PID:4944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
    3⤵
    PID:5720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 200
      4⤵
      Loads dropped DLL
      Program crash
      PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
    3⤵
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
      4⤵
      PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
      4⤵
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
      4⤵
      PID:5312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
    3⤵
    PID:1172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38759.exe
    3⤵
    PID:6068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        5⤵
        
        PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37500.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
        5⤵
        
        PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9292.exe
      4⤵
      PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
      4⤵
      PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        5⤵
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        5⤵
        
        PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
      4⤵
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41899.exe
      4⤵
      PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
      4⤵
      PID:5272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
    3⤵
    PID:2988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
    3⤵
    PID:3220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
    3⤵
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
    3⤵
    PID:4116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
    3⤵
    PID:5780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        5⤵
        
        PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
      4⤵
      PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
      4⤵
      PID:352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
      4⤵
      PID:6112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14311.exe
    3⤵
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27406.exe
      4⤵
      PID:6120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24722.exe
    3⤵
    PID:3952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
    3⤵
    PID:5676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
    3⤵
    PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41630.exe
    3⤵
    PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
    3⤵
    PID:4100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
    3⤵
    PID:5504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
    3⤵
    PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
    3⤵
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
    3⤵
    PID:5148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
  2⤵
  PID:3384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
  2⤵
  PID:4748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23168.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23168.exe
  2⤵
  PID:6020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe

Filesize
468KB

MD5
c272374ba6794c04e0c7f659c27251d7

SHA1
90f0cff8f4e6761a499705f6080c89d465ad8d09

SHA256
e7795277e40efea41b49f1b4996e8b3ddddf22085cb18d6521bfca7ee1c13518

SHA512
a8edbb12f3dde48a6766850171dab7c4e57bf430d61b0affb2580ebeb777f1c61666b9a14a0727faa4bca2beb60fb2b2c570150b971ace19950aec6c978d4e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe

Filesize
468KB

MD5
4f3baffe06ba0216a13bba12ef4881b4

SHA1
0844b9c8996c3cfa9f8322c414f6d0353662b905

SHA256
45a00b2fab52f8a77e0b525f0318efa63bf031b4bd8dcf232b69449d0b56b576

SHA512
506c156044d16c45ec592c97d74e10e703e774c365856d677b35245c3e840ba2c3ebb0c226ad9fccb87926f2c1a08fb82e3ad4a40ebfb43b926a069dacfb2f54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe

Filesize
468KB

MD5
d053c619c5c70dcb9fc6d4700c607aa3

SHA1
76f2df79ff97e7ed3aadb1b79706519c35ee86d1

SHA256
fea112620e23eb068c8b3cb358944e55e886143ed7bfccc7a16712d173275e6c

SHA512
31555bdcd343b52a3bf03e4d15d2e066192917f7738a7b415be32387cd5fc885101df5e7b0ad9e957c7210393b618fc26d5b88b369f55715ed4aca8a200669ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe

Filesize
468KB

MD5
eaaca07618fcd95d06b4689707f94a40

SHA1
f9ea0022554c59e2f483308998d2aa007d91f298

SHA256
e7b480e60fa3714605a198a89eb9d092d68a6c3e8e5fa72f2b314f711093a63b

SHA512
6e334525ef9bc0e06cb44f75f01c1eb4677fc89d825595dcb45efa950d4d874a38f1bb348f10d67355b3fa785230ca226c26a5967da3a619abb1b89ca7b6c92e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe

Filesize
468KB

MD5
0132355a20064f23a827c2adf77b28e6

SHA1
8a1c8b6217946f25f5e82c42ab2cfa457480a1c3

SHA256
d0ac77db585264a7a47ebc7786ec8963d71354b93cc017b02a59698bdadb3c4e

SHA512
8bd42a2f8709cc2867b8d1100dfdf008cc5cbb56f9cbe76dbee73f4ac3c191c9085a1789eb66ed3d26969134922bc2ea21548f71c3cb120bfdb10bd0fdf970a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe

Filesize
468KB

MD5
3d8c49c685b36ecd2c3578679324a966

SHA1
934538137294a08201d5f4bb167e6848db0ac1d9

SHA256
888e385895b0cd843376c85666874f50239fa2241b84bb94ad678ec0ef87a1de

SHA512
b32c4b64fb95486457f7e1187da7cdfdd94bf00d6de75e781aba24eeaa536173521708bdaa5d71381917f4bc92fdb8c8b507eb8603922a120cc8ac9eceb17f59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe

Filesize
468KB

MD5
df441ab71fa9fd2eb74212f01470ecf1

SHA1
f51bd4bb18f456fd15be6535209b14ecae617608

SHA256
aa5412d8d98f5a66943e14863cabbb3675c25fd3f1abde57d2f9f020369857f8

SHA512
2884c923d3737113edebb0fd586ddd3266c2fe23d27a4343d88a29b0fbed6b7734b3ae0bda3102267ea7807ccf2bed87224d28990a0e79b1bd6cd34137a349ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe

Filesize
468KB

MD5
22a1f50038b6b935882f3e3bca87d0d1

SHA1
08f249aee8e9ff5e7ef893422b701fed035d3377

SHA256
e077fb8d54f5760d0a962fc4dd9670273199be9f72e9491619f1bb55c2189b37

SHA512
e364ae00813bc20c460fb2d795295ebbc6d9fe33f40c74f99a7a93eff2d1babf564f86a9eaf8736264abde03623ed319945c858db5a0d89bdfd921db73091fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe

Filesize
468KB

MD5
9a4fa5c971b964d51e9ac287e03de234

SHA1
6909bcba350a9dcc46390ba78cfe3947b2247bda

SHA256
9c3e611fa74350c57d007c73adf278900702447856a2b75a73a9386d92666922

SHA512
0b0eba25dc9b931aae27623fffa509d336a1c4aa2f0b9812740ec980a9c5dee958e22749231300d2eff5951e70539420e2da38ab8ac5c4947ac8a7033001adda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe

Filesize
468KB

MD5
77b6a80bfb81146a45cc4dcd3e253b4f

SHA1
9f721bfebe35ed4721aad8f3e7fa707a6d80ddb0

SHA256
9ee17e4ced77771e29f71857f97a387daa37bb0a8e1421d601fa9c2a0f145671

SHA512
cf8e65cde37a613f042685cc1fc764f3e4e1d8c3eea6e856374ef537122c5f3a02e35eded688474ea8825538be8bd258bdf57920978e59751311fca7e564e9ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe

Filesize
468KB

MD5
961f4043f5032b0eb3329aa7bf83efc9

SHA1
7ced200a8bb3f6a20253ccd9a1bcafe66ec23a3f

SHA256
bb47c6a3381718d579d8b85d1473de34c126824a46bb03267726bd7a3bf8f4a8

SHA512
396a51903bbf74f019eb53199bda4c1419d3d03d23c9a06319a7b9c1c927963eb204591aaa7faff60e3ae439cb13a5ad5cb639d058d667e2a4ad9a5dda6125b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe

Filesize
468KB

MD5
44955f66a6370286f87b705fb5160a05

SHA1
6257a2817e4f0cf2797e7f0ca97379383956adcc

SHA256
cdf6e7c2b2ffdafb2a65ef64da9878b35557b28d81223511fdd431119cc1857c

SHA512
1d3f467c865e3334ca13a3d002d9057f7f4316aad39fb3d76a8b94a8ccfb1028b0e8fdd543ee0db497bd4338df0d1c060426d739cab78e331b7e9338f8426b92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe

Filesize
468KB

MD5
1ab86f648c4ad45d9b5a2b383e5bc7d2

SHA1
41fa1d8143d289987187b527e26d2c0e29bccf95

SHA256
2ce71c353ca45b25f9fd66eadea4c9cf448dda39dbd84440cc2b94b37c93a237

SHA512
1d6d1b3534c4e3cdffe5d31d69480a5c6747fe5eeb13951eab269a2c2315f1cb8d089efd5cee3dd293f01bcc415f313069264a8f62cec8d27dbd77e1cc505a8f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe

Filesize
468KB

MD5
8f318960aa093c01ccdbb63178ff67ca

SHA1
d3d3c4ebabb6e9eb89d962cc6cf573d58ad4f9f7

SHA256
f10a8219db375ed4bd6cabe8f5e9496f0f614031d7c6ddfc6a71970c6fc09031

SHA512
afadfd13229b220deda4feffd09ab806a2b17c73b7eda7999efb21e9b637c2d6825d1c2474b58d66dabf4bbddb11aead83ecc5179c4d5fb5491fcbc91f5f45f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe

Filesize
468KB

MD5
2567bf721d463a094a58632c15dfced7

SHA1
84dc3e75d602cc2cc5fe3bf10f1da07d50e34048

SHA256
7faec36d464388dc949fac50245a58cab3a363b1cba1cf9a43b0443b9f094a2e

SHA512
ee2becad1888def6bf31983fef5fab87565bc39be41eec9d43be2d457897441e53c847b926e6e1df5534612054e440c62f49f6af9648b573daef4974dcccccbf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe

Filesize
468KB

MD5
456c6285bc8ace6c1759a8a5e428ec09

SHA1
001782eb48f1989593e9357356e76fbc3a77c205

SHA256
79c44cab4e64c46d479894d025cca8685dcdfa32840bbb87d3e2101ab3230232

SHA512
34949fc8c335e6062737523bbf6ec4788fe4ed1e5ab1dc13a9ec695675a02079443cfddbd161dd95a92579b959b6e165d44d849a17384ac87dfe1d37f024ba0a

Download Submit
memory/548-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/596-218-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/596-322-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download
memory/596-330-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download
memory/704-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/864-390-0x0000000002C70000-0x0000000002CE5000-memory.dmp

Filesize
468KB

Download
memory/864-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/872-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1168-350-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1168-217-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1168-215-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1168-351-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1168-109-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-31-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1176-298-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1176-297-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1176-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-162-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1176-6-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1176-159-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1292-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1292-280-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/1292-278-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/1480-310-0x0000000002580000-0x00000000025F5000-memory.dmp

Filesize
468KB

Download
memory/1480-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1552-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1872-269-0x0000000000660000-0x00000000006D5000-memory.dmp

Filesize
468KB

Download
memory/1872-267-0x0000000000660000-0x00000000006D5000-memory.dmp

Filesize
468KB

Download
memory/1872-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1872-121-0x0000000000660000-0x00000000006D5000-memory.dmp

Filesize
468KB

Download
memory/1876-379-0x0000000000550000-0x00000000005C5000-memory.dmp

Filesize
468KB

Download
memory/1876-378-0x0000000000550000-0x00000000005C5000-memory.dmp

Filesize
468KB

Download
memory/1980-246-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1980-250-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1980-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2092-169-0x0000000002CE0000-0x0000000002D55000-memory.dmp

Filesize
468KB

Download
memory/2092-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2092-148-0x0000000002CE0000-0x0000000002D55000-memory.dmp

Filesize
468KB

Download
memory/2132-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2204-369-0x00000000024F0000-0x0000000002565000-memory.dmp

Filesize
468KB

Download
memory/2204-368-0x00000000024F0000-0x0000000002565000-memory.dmp

Filesize
468KB

Download
memory/2204-237-0x00000000024F0000-0x0000000002565000-memory.dmp

Filesize
468KB

Download
memory/2204-233-0x00000000024F0000-0x0000000002565000-memory.dmp

Filesize
468KB

Download
memory/2204-135-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-256-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2248-60-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2248-392-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2248-257-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2248-391-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2248-134-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2248-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-24-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2248-22-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2248-133-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2248-388-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2260-277-0x00000000037B0000-0x0000000003825000-memory.dmp

Filesize
468KB

Download
memory/2260-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-389-0x0000000002710000-0x0000000002785000-memory.dmp

Filesize
468KB

Download
memory/2432-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2460-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2552-199-0x0000000003790000-0x0000000003805000-memory.dmp

Filesize
468KB

Download
memory/2552-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2552-319-0x0000000002C60000-0x0000000002CD5000-memory.dmp

Filesize
468KB

Download
memory/2552-312-0x0000000002C60000-0x0000000002CD5000-memory.dmp

Filesize
468KB

Download
memory/2572-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-360-0x0000000002760000-0x00000000027D5000-memory.dmp

Filesize
468KB

Download
memory/2580-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2608-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2720-168-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2720-167-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2720-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2740-97-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2740-331-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2740-332-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2740-216-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2740-219-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2772-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2800-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2816-25-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2816-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2816-225-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2816-44-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2816-229-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2836-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2948-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2956-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2956-165-0x0000000002D60000-0x0000000002DD5000-memory.dmp

Filesize
468KB

Download
memory/2956-161-0x0000000002D60000-0x0000000002DD5000-memory.dmp

Filesize
468KB

Download
memory/2956-72-0x0000000002D60000-0x0000000002DD5000-memory.dmp

Filesize
468KB

Download
memory/2956-289-0x0000000002D60000-0x0000000002DD5000-memory.dmp

Filesize
468KB

Download
memory/2956-288-0x0000000003890000-0x0000000003905000-memory.dmp

Filesize
468KB

Download
memory/2972-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2984-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download