df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
Size

468KB
MD5

3d569e3a2bfee52b6d162fe6da5b9520
SHA1

15cc766dc01ed18f9054245070a1caf28c2c702b
SHA256

df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07
SHA512

98c98295e6d9983a61578cafff6190ec1a55301da6182be7f0a7a943b2553db656dbebb5a3e93c0c4b53f603f9d9feffbc1aea5dcbe0d350d6c312071c48104a
SSDEEP

3072:mrp7ogKxjz8UFbYWPz3yqf8/Eptj7PpgPmHx+lOvElM0Ac71SDlk:mrpotAUF1PDyqf/BtlEl1J71S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2236	Unicorn-34713.exe
628	Unicorn-16130.exe
2144	Unicorn-57717.exe
2640	Unicorn-60260.exe
2900	Unicorn-13259.exe
2564	Unicorn-26994.exe
2588	Unicorn-33125.exe
2884	Unicorn-10120.exe
2264	Unicorn-6036.exe
2396	Unicorn-47624.exe
2612	Unicorn-11801.exe
1936	Unicorn-24986.exe
2864	Unicorn-13711.exe
520	Unicorn-34132.exe
2092	Unicorn-11251.exe
2316	Unicorn-30624.exe
2076	Unicorn-25724.exe
2044	Unicorn-53566.exe
1308	Unicorn-49958.exe
2352	Unicorn-29254.exe
1040	Unicorn-31703.exe
828	Unicorn-27884.exe
1488	Unicorn-40251.exe
2208	Unicorn-43051.exe
2300	Unicorn-29315.exe
1244	Unicorn-49181.exe
2976	Unicorn-49181.exe
1888	Unicorn-535.exe
3004	Unicorn-43535.exe
1556	Unicorn-23669.exe
1044	Unicorn-43535.exe
928	Unicorn-919.exe
2728	Unicorn-20785.exe
2676	Unicorn-37889.exe
2828	Unicorn-1495.exe
2576	Unicorn-54125.exe
2748	Unicorn-2886.exe
692	Unicorn-46176.exe
2344	Unicorn-60831.exe
264	Unicorn-44858.exe
2848	Unicorn-9300.exe
2896	Unicorn-11884.exe
560	Unicorn-28434.exe
1316	Unicorn-28434.exe
1104	Unicorn-35018.exe
1632	Unicorn-11054.exe
1188	Unicorn-30920.exe
2376	Unicorn-13000.exe
1616	Unicorn-14391.exe
1304	Unicorn-9300.exe
892	Unicorn-6607.exe
2036	Unicorn-48609.exe
1460	Unicorn-49586.exe
836	Unicorn-59954.exe
1740	Unicorn-14282.exe
3064	Unicorn-45101.exe
2152	Unicorn-59399.exe
2952	Unicorn-3976.exe
2696	Unicorn-20047.exe
2556	Unicorn-51039.exe
3044	Unicorn-3022.exe
2228	Unicorn-10582.exe
2400	Unicorn-63767.exe
2840	Unicorn-39455.exe

Loads dropped DLL 64 IoCs

pid	Process
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
2236	Unicorn-34713.exe
2236	Unicorn-34713.exe
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
628	Unicorn-16130.exe
628	Unicorn-16130.exe
2236	Unicorn-34713.exe
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
2236	Unicorn-34713.exe
2144	Unicorn-57717.exe
2144	Unicorn-57717.exe
2640	Unicorn-60260.exe
2640	Unicorn-60260.exe
2564	Unicorn-26994.exe
628	Unicorn-16130.exe
2564	Unicorn-26994.exe
628	Unicorn-16130.exe
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
2236	Unicorn-34713.exe
2900	Unicorn-13259.exe
2588	Unicorn-33125.exe
2144	Unicorn-57717.exe
2236	Unicorn-34713.exe
2900	Unicorn-13259.exe
2588	Unicorn-33125.exe
2144	Unicorn-57717.exe
2884	Unicorn-10120.exe
2884	Unicorn-10120.exe
2640	Unicorn-60260.exe
2640	Unicorn-60260.exe
2396	Unicorn-47624.exe
2396	Unicorn-47624.exe
628	Unicorn-16130.exe
628	Unicorn-16130.exe
1936	Unicorn-24986.exe
1936	Unicorn-24986.exe
2236	Unicorn-34713.exe
2236	Unicorn-34713.exe
2092	Unicorn-11251.exe
2092	Unicorn-11251.exe
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
2144	Unicorn-57717.exe
2564	Unicorn-26994.exe
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
2144	Unicorn-57717.exe
2564	Unicorn-26994.exe
2864	Unicorn-13711.exe
2612	Unicorn-11801.exe
2864	Unicorn-13711.exe
2612	Unicorn-11801.exe
2588	Unicorn-33125.exe
2588	Unicorn-33125.exe
2900	Unicorn-13259.exe
2900	Unicorn-13259.exe
520	Unicorn-34132.exe
2316	Unicorn-30624.exe
2316	Unicorn-30624.exe
520	Unicorn-34132.exe
2884	Unicorn-10120.exe
2044	Unicorn-53566.exe

Program crash 36 IoCs

pid	pid_target	Process	procid_target
1504	1308	WerFault.exe	48
1628	1244	WerFault.exe	55
2868	828	WerFault.exe	51
1796	2896	WerFault.exe	71
2768	1040	WerFault.exe	50
2080	576	WerFault.exe	95
2132	2228	WerFault.exe	91
3572	2588	WerFault.exe	36
3588	2564	WerFault.exe	35
3652	2728	WerFault.exe	62
3724	1488	WerFault.exe	52
3712	2300	WerFault.exe	54
3900	2336	WerFault.exe	168
3120	1556	WerFault.exe	58
3128	2496	WerFault.exe	94
3264	2320	WerFault.exe	101
3584	2848	WerFault.exe	70
3640	692	WerFault.exe	67
3444	560	WerFault.exe	73
1804	532	WerFault.exe	107
2104	3068	WerFault.exe	109
3988	2804	WerFault.exe	143
4080	2152	WerFault.exe	86
4040	2748	WerFault.exe	66
4284	2344	WerFault.exe	68
4784	2884	WerFault.exe	37
4828	1936	WerFault.exe	41
5076	2780	WerFault.exe	111
4780	892	WerFault.exe	80
5184	1760	WerFault.exe	118
5280	2556	WerFault.exe	89
5740	1044	WerFault.exe	60
6060	2576	WerFault.exe	65
5224	1008	WerFault.exe	106
5596	2996	WerFault.exe	100
6052	2376	WerFault.exe	77

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24031.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
2236	Unicorn-34713.exe
628	Unicorn-16130.exe
2144	Unicorn-57717.exe
2640	Unicorn-60260.exe
2564	Unicorn-26994.exe
2900	Unicorn-13259.exe
2588	Unicorn-33125.exe
2884	Unicorn-10120.exe
2396	Unicorn-47624.exe
2264	Unicorn-6036.exe
2612	Unicorn-11801.exe
2864	Unicorn-13711.exe
520	Unicorn-34132.exe
2092	Unicorn-11251.exe
1936	Unicorn-24986.exe
2316	Unicorn-30624.exe
2076	Unicorn-25724.exe
2044	Unicorn-53566.exe
1308	Unicorn-49958.exe
2352	Unicorn-29254.exe
828	Unicorn-27884.exe
928	Unicorn-919.exe
2676	Unicorn-37889.exe
1044	Unicorn-43535.exe
1040	Unicorn-31703.exe
1244	Unicorn-49181.exe
2208	Unicorn-43051.exe
2300	Unicorn-29315.exe
2976	Unicorn-49181.exe
1488	Unicorn-40251.exe
3004	Unicorn-43535.exe
1888	Unicorn-535.exe
1556	Unicorn-23669.exe
2344	Unicorn-60831.exe
2728	Unicorn-20785.exe
2828	Unicorn-1495.exe
2576	Unicorn-54125.exe
2748	Unicorn-2886.exe
692	Unicorn-46176.exe
2848	Unicorn-9300.exe
264	Unicorn-44858.exe
2896	Unicorn-11884.exe
1316	Unicorn-28434.exe
560	Unicorn-28434.exe
1104	Unicorn-35018.exe
1188	Unicorn-30920.exe
2376	Unicorn-13000.exe
1616	Unicorn-14391.exe
1632	Unicorn-11054.exe
2036	Unicorn-48609.exe
836	Unicorn-59954.exe
1460	Unicorn-49586.exe
892	Unicorn-6607.exe
3064	Unicorn-45101.exe
1304	Unicorn-9300.exe
2952	Unicorn-3976.exe
2152	Unicorn-59399.exe
1740	Unicorn-14282.exe
2556	Unicorn-51039.exe
2696	Unicorn-20047.exe
2228	Unicorn-10582.exe
3044	Unicorn-3022.exe
2400	Unicorn-63767.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2236	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	30
PID 2124 wrote to memory of 2236	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	30
PID 2124 wrote to memory of 2236	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	30
PID 2124 wrote to memory of 2236	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	30
PID 2236 wrote to memory of 628	2236	Unicorn-34713.exe	31
PID 2236 wrote to memory of 628	2236	Unicorn-34713.exe	31
PID 2236 wrote to memory of 628	2236	Unicorn-34713.exe	31
PID 2236 wrote to memory of 628	2236	Unicorn-34713.exe	31
PID 2124 wrote to memory of 2144	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	32
PID 2124 wrote to memory of 2144	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	32
PID 2124 wrote to memory of 2144	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	32
PID 2124 wrote to memory of 2144	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	32
PID 628 wrote to memory of 2640	628	Unicorn-16130.exe	33
PID 628 wrote to memory of 2640	628	Unicorn-16130.exe	33
PID 628 wrote to memory of 2640	628	Unicorn-16130.exe	33
PID 628 wrote to memory of 2640	628	Unicorn-16130.exe	33
PID 2124 wrote to memory of 2564	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	35
PID 2124 wrote to memory of 2564	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	35
PID 2124 wrote to memory of 2564	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	35
PID 2124 wrote to memory of 2564	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	35
PID 2236 wrote to memory of 2900	2236	Unicorn-34713.exe	34
PID 2236 wrote to memory of 2900	2236	Unicorn-34713.exe	34
PID 2236 wrote to memory of 2900	2236	Unicorn-34713.exe	34
PID 2236 wrote to memory of 2900	2236	Unicorn-34713.exe	34
PID 2144 wrote to memory of 2588	2144	Unicorn-57717.exe	36
PID 2144 wrote to memory of 2588	2144	Unicorn-57717.exe	36
PID 2144 wrote to memory of 2588	2144	Unicorn-57717.exe	36
PID 2144 wrote to memory of 2588	2144	Unicorn-57717.exe	36
PID 2640 wrote to memory of 2884	2640	Unicorn-60260.exe	37
PID 2640 wrote to memory of 2884	2640	Unicorn-60260.exe	37
PID 2640 wrote to memory of 2884	2640	Unicorn-60260.exe	37
PID 2640 wrote to memory of 2884	2640	Unicorn-60260.exe	37
PID 2564 wrote to memory of 2264	2564	Unicorn-26994.exe	38
PID 2564 wrote to memory of 2264	2564	Unicorn-26994.exe	38
PID 2564 wrote to memory of 2264	2564	Unicorn-26994.exe	38
PID 2564 wrote to memory of 2264	2564	Unicorn-26994.exe	38
PID 628 wrote to memory of 2396	628	Unicorn-16130.exe	39
PID 628 wrote to memory of 2396	628	Unicorn-16130.exe	39
PID 628 wrote to memory of 2396	628	Unicorn-16130.exe	39
PID 628 wrote to memory of 2396	628	Unicorn-16130.exe	39
PID 2124 wrote to memory of 2612	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	40
PID 2124 wrote to memory of 2612	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	40
PID 2124 wrote to memory of 2612	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	40
PID 2124 wrote to memory of 2612	2124	df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe	40
PID 2236 wrote to memory of 1936	2236	Unicorn-34713.exe	41
PID 2236 wrote to memory of 1936	2236	Unicorn-34713.exe	41
PID 2236 wrote to memory of 1936	2236	Unicorn-34713.exe	41
PID 2236 wrote to memory of 1936	2236	Unicorn-34713.exe	41
PID 2900 wrote to memory of 520	2900	Unicorn-13259.exe	42
PID 2900 wrote to memory of 520	2900	Unicorn-13259.exe	42
PID 2900 wrote to memory of 520	2900	Unicorn-13259.exe	42
PID 2900 wrote to memory of 520	2900	Unicorn-13259.exe	42
PID 2588 wrote to memory of 2864	2588	Unicorn-33125.exe	43
PID 2588 wrote to memory of 2864	2588	Unicorn-33125.exe	43
PID 2588 wrote to memory of 2864	2588	Unicorn-33125.exe	43
PID 2588 wrote to memory of 2864	2588	Unicorn-33125.exe	43
PID 2144 wrote to memory of 2092	2144	Unicorn-57717.exe	44
PID 2144 wrote to memory of 2092	2144	Unicorn-57717.exe	44
PID 2144 wrote to memory of 2092	2144	Unicorn-57717.exe	44
PID 2144 wrote to memory of 2092	2144	Unicorn-57717.exe	44
PID 2884 wrote to memory of 2316	2884	Unicorn-10120.exe	45
PID 2884 wrote to memory of 2316	2884	Unicorn-10120.exe	45
PID 2884 wrote to memory of 2316	2884	Unicorn-10120.exe	45
PID 2884 wrote to memory of 2316	2884	Unicorn-10120.exe	45

C:\Users\Admin\AppData\Local\Temp\df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe
"C:\Users\Admin\AppData\Local\Temp\df6f2da393959945b3e269ce89951887e3c473ed48a3bb0876a6a945f8bfdc07N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        10⤵
        Program crash
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        8⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
        8⤵
        Program crash
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23977.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
        8⤵
        Program crash
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        7⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8293.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17484.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 220
        8⤵
        Program crash
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
        8⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48417.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48404.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        7⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62998.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10563.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        6⤵
        
        PID:3116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        6⤵
        Program crash
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30237.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48711.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54639.exe
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        8⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        7⤵
        Program crash
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        7⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46254.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
        6⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        7⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        7⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        6⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48417.exe
        6⤵
        
        PID:4744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        6⤵
        Program crash
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31506.exe
        5⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-973.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        8⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50846.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        7⤵
        Program crash
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        7⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
        7⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23977.exe
        6⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        7⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5852.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        6⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54757.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        6⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54365.exe
        6⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
        5⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        7⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        6⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29662.exe
        6⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
        5⤵
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        6⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
        6⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1500.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
        5⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
        6⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        7⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        6⤵
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        6⤵
        
        PID:3888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        6⤵
        Program crash
        
        PID:4040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
        5⤵
        Program crash
        
        PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        5⤵
        
        PID:1156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        5⤵
        Program crash
        
        PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
      4⤵
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
        5⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        6⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        6⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        5⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
      4⤵
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4638.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        5⤵
        
        PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
      4⤵
      PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37869.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
      4⤵
      PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        7⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        7⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        6⤵
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        6⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43679.exe
        5⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        5⤵
        
        PID:1752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
        5⤵
        Program crash
        
        PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16979.exe
      4⤵
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        5⤵
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        5⤵
        
        PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
      4⤵
      PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
      4⤵
      PID:5168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        7⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        6⤵
        
        PID:3756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
        6⤵
        Program crash
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37731.exe
        6⤵
        
        PID:3284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        6⤵
        Program crash
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        5⤵
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5106.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15714.exe
        5⤵
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        5⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        6⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        6⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        5⤵
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        5⤵
        
        PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
      4⤵
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        5⤵
        
        PID:4044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        5⤵
        Program crash
        
        PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
      4⤵
      PID:4752
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
      4⤵
      Program crash
      PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
        5⤵
        Program crash
        
        PID:4080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 216
      4⤵
      Program crash
      PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
      4⤵
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
      4⤵
      PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4642.exe
    3⤵
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe
      4⤵
      PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
    3⤵
    PID:3828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
    3⤵
    PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
    3⤵
    PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
    3⤵
    PID:6152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
        7⤵
        
        PID:5528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
        6⤵
        Program crash
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        6⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        7⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        7⤵
        Program crash
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        6⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        6⤵
        
        PID:5124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 220
        6⤵
        Program crash
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38027.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        7⤵
        
        PID:5608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        6⤵
        Program crash
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43939.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
        6⤵
        
        PID:4676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        6⤵
        Program crash
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        5⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        5⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        5⤵
        
        PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
      4⤵
      PID:1736
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
      4⤵
      Program crash
      PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        7⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
        7⤵
        Program crash
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        6⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
        7⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
        7⤵
        Program crash
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        6⤵
        Program crash
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        6⤵
        
        PID:5240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
        5⤵
        Program crash
        
        PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        6⤵
        Program crash
        
        PID:2132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        5⤵
        Program crash
        
        PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
      4⤵
      PID:236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
      4⤵
      PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
      4⤵
      PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43051.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        5⤵
        
        PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
      4⤵
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
      4⤵
      PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
      4⤵
      PID:5140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
      4⤵
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
      4⤵
      PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
    3⤵
    PID:636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
    3⤵
    PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56352.exe
    3⤵
    PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47452.exe
    3⤵
    PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
    3⤵
    PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
    3⤵
    PID:4640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1758.exe
        5⤵
        
        PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        5⤵
        
        PID:5984
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
      4⤵
      Program crash
      PID:3712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
    3⤵
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
    3⤵
    - Program crash
    PID:3588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
      4⤵
      PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        5⤵
        
        PID:3400
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 236
        5⤵
        Program crash
        
        PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
      4⤵
      PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12296.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
      4⤵
      PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
      4⤵
      PID:5028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 220
      4⤵
      Program crash
      PID:5224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
    3⤵
    PID:1312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
    3⤵
    PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
    3⤵
    PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
    3⤵
    PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41350.exe
    3⤵
    PID:5408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
    3⤵
    PID:2320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 220
      4⤵
      Program crash
      PID:3264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2720
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 220
    3⤵
    - Program crash
    PID:3724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20119.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20119.exe
  2⤵
  PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
    3⤵
    PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
    3⤵
    PID:5112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49842.exe
    3⤵
    PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
    3⤵
    PID:6224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
  2⤵
  PID:3544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
  2⤵
  PID:3496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
  2⤵
  PID:4508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
  2⤵
  PID:5416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe

Filesize
468KB

MD5
917cb69e1235d0b01a56a41b4d06c490

SHA1
3f4cf912c93e4f50af8412f786e24ed6fc03002a

SHA256
68ee784f796d13a5ddaab9f5a5cf1a9666f958de2d4c690a9145ff6c6c263a4a

SHA512
8b70e2fbf5e01e4eace2abb643bf90dcd87bc4fa2f9581b2f4ed222633a6bdcf3965e3afd94622dd6124c1c23106d6aa8dbea795bb9797a440f3fa23f8e819b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe

Filesize
468KB

MD5
125be2fe696052afb04b0ae55d772970

SHA1
af9034f58ce319d812afef3fdee5b84357c41729

SHA256
93cadefc56f5a2e83971e522261c4c8d8070244a84b5c8660a919adad809228c

SHA512
699f6851bae6412b7a3dfe30a05a17fd4f44c6eb5ac07d92b5911cf8dcf6033e9bdf9c506a6e302ebb0f289fd96559470da9b76d3cd73133501221d11f7e126d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe

Filesize
468KB

MD5
82b211d10df63a7a164d1fd673e831e6

SHA1
10a0e58916a4d7f7d96034fdee9f3be3c4810db9

SHA256
6d5fbf9bfe59ede9672005bfc5e317561932b4b6c0d19d856c5b69dc8bb18364

SHA512
5053b18f7caeb54f1b40cbbab792e7bd23131e7548e4e4e121da3cebd24dd0a40d8bb5292e7ec07eba292dda19b1699f4757db9a13817bf135058615f322f874

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe

Filesize
468KB

MD5
bfbcd813e884f578b5e004fa66997244

SHA1
155e0a82bf5ca690e723b58f28049e0b7ba687b7

SHA256
d8b8237828f5de9486748ca99c1d083c5a0c3112466de42aaf588e2d71cdbf1d

SHA512
8412f2c63d8b52bb775a41e1f6446086be54af6259c03d8c5a3b43cc236e7958deb6f79da31c9fda0b3e9b985aa01ce651410848ecf99bd78d198e5042dfcd93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe

Filesize
468KB

MD5
925adba53e8d009bd212aa163a631725

SHA1
2f9d83a7d7b781969b4a45927a6a8a286417a77a

SHA256
4bae74bbf1691a63a4bfafbc8954e05af8418894ba34037f411efe0af83f38d7

SHA512
eb9390d554d126a025f97b12e8c9c22e9749f46d67224d41f50a3309fd265d7f5535ae3bdbcf778b7e392b2a43e0ed04275e5ac5c1c8dbce4d860d560c5d74a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe

Filesize
468KB

MD5
f747a742147e1171d506b828df1bf006

SHA1
619b98893a61566be7aed9c378a707b431e6376a

SHA256
91403253912c6665248639405e45539686e83bf1a3e71c930cc25fc3dff7cce0

SHA512
0fdb9f9fa22d658df4a2aa1f70df7ec6dd6699182591f8c36e30931d74999d353391e7745c6f36f2565dc8c754cce48fb8979b4b585b0365d574ce644e4b5c4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe

Filesize
468KB

MD5
3319a16662c827ecf707fedc2c086c9c

SHA1
a0695cafff4fa1bdbcc6d212991bcf432b565b97

SHA256
399c7a5e81ddecb5067851e341d3b8b0113c865cdd3f93667cb7c6f770230b52

SHA512
17a525351b6429f2f7af1aca37de404e0a5341677d6c698b51517065f80e7c0a8540e1a3b0eb0f93bcc98004cfab2ddfc6d40082c31bd49afdb04d8b0ff7fa6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe

Filesize
468KB

MD5
af241248ddad26ba99d616e15036f67f

SHA1
be783210ef5844f565690971219718d5b522a970

SHA256
d54a98b922a8e3d9ad7d3f8c0bc91d0f37b662a15b0c51519aa41a60496c39cb

SHA512
12d476637a437a085255723a886bed9055cc34dbc19573e98e4db77bfe422d620762fe66c4b199ba51095610d0afee047de0613d05303f7e0e16903df1df083e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe

Filesize
468KB

MD5
5dc1673ae962049e73708983014ee04c

SHA1
0c96ed24de67afc39591e231c3c5dca5b9a75277

SHA256
990d3e35d8c2143b6e7db357e13dff052135ae2c6ba4ba569c40d7753aed8071

SHA512
c7504db23fc72ccb4299bdabfb5656932ffb455057ca607512cc3ba17189d4ea868dd59d676f6e3b9e2a94207d258628ed5d13a7a379df2e7c4ac2ffa87a5691

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe

Filesize
468KB

MD5
2644fb1e8bf8023f90c796cfbf71d975

SHA1
00c81927b5be398cd24c7cac3c7b3f422bd0f561

SHA256
652ab88f182e83353a701520bc28dd811b20c47791b4351b5ea757d939bdeda2

SHA512
c41f27d59d896f75c1e1e102fbd3b546020de35dc8bd8c0c908a1c8fc12e0994b823f534f71982ef65c3d068471a1cb70dcf0453f85cb5a13a024e4f0cd80176

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe

Filesize
468KB

MD5
57ec6fbe21aa0f0cc9fbcd27b730fe33

SHA1
a54f3823efb0ec04587f71e229acd5724208ebe4

SHA256
9f5025c87c20355055a1ec1b9e692d1850fa3c449a0e0626bebf95ec44624d8e

SHA512
82e0da0719ce04655971e685dcce90379acc7c1e7020d62ea4e81b209aab7b9961da3b1ab28aeea17d8546a387d4af9b1f95300ae9bdff658dead1ef293259a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe

Filesize
468KB

MD5
94f6aa059789461e4a9e76f54eb81b31

SHA1
591d7cbafea54b5b194aeb0735e7d68dd1200ca3

SHA256
1b5be011bec144d63c854159708aa6d0f432add3360eb76a14b3d8f941d23705

SHA512
f7b3f7396b26c6028189cc72680c72575fa69058f35321a457e82b13cb7797973a06c189fad81e0043eea850bcff14b955ab4ab401b700333e99dbe870934224

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe

Filesize
468KB

MD5
1a12ef2a4a5daba1c4ef67dc5adebf75

SHA1
c3ba337cf9174b651c74ca0f419778475e5febde

SHA256
a6ab89e2dced9017a4ae373487033abb058ba09ad550a465df96c493d43368b7

SHA512
640ecbdc716c533bca3e68f33b11e71a1a61402376dda3adfdfb6512560954a22fad4c4d88b1bd56ebd1244e61de2e28fc6ef57c437162349a08a922f9738fed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe

Filesize
468KB

MD5
0da5d5c5ce49d6ba2e804f9af659ed07

SHA1
ed18e8e46cd502808a9ca80bd83f26056f39ed76

SHA256
2082f4f99e2d30c7f6b0779f723405200bed46b01b4a610efbd5cfdf9429c569

SHA512
0c70524b591f413b764b5a929fb1e8c1f75e8e460deb4d08a21697b5bc2feaacfba8fd66ed09c7fb617923087c58ef78d281ba010bfc96c15c178bce0ec40257

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe

Filesize
468KB

MD5
7cd68e16cc327e37a2289a973a5dd698

SHA1
e102712fe4109fc6ee31d94ca154a9c296bcca5a

SHA256
441a8e6a956164098fb71ea73120b3cbb579d39e95023dc683553b2b426dbd7e

SHA512
97744151c60a459f46bedb1029538a214cce2d2688b7fdfa564ead4708792702f181dfffea4b89b6f7bc4252b8a592875b8fc64097152b8c21d55c9d653ba72a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe

Filesize
468KB

MD5
9e4be44fb890497c0cb7db2f15fbe4ab

SHA1
267c2a4452357a6e2001e98b0df444aad884bd4d

SHA256
ed575816c1162902c2d745a7148d49e16773b7866d790bf9a36b5606d480a1c7

SHA512
2c0d63b5102f558fe93219485b4a50410c4af26d29c20114369a31092892ef3c3d968a58068d746dcebf2563a084a9a70eb7a620b6b553ddc3839238b49c0b55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe

Filesize
468KB

MD5
12eaf852a4f295867dfd1fdb96dd6ebc

SHA1
2fd3f82e5d81598fbbc6dd46224d7deb5d85b7a4

SHA256
49e8cb1a718bc28894b1ebf284f0ccce55cbafdf5113d96b5724025b8e230aae

SHA512
e31a1925dc5ae1f80619994b1bf5a57a231d31834bd120ccc6c7c8fab6b570a5d0d8c2405142211c03877bf9801dc6725d177103ecf3dc7cbce53df24d70eaa5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe

Filesize
468KB

MD5
8b845f25326f83de85f94a9366751cd3

SHA1
6d4e3abc451fb190e8ce18c3b0d0de8b497d0816

SHA256
2d5648cf44d9d2e3dabf5575712616b608b4d10df2d5511c5cc2d5c928e1f65e

SHA512
5224df150364a7ec46fa4aa3d7a214ec872f6f916026682bc8279da337982fac933f4b31c05c1aea5fe164dfa21cca72f03dcfd2a8f79a2c9a81b577a00b759d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe

Filesize
468KB

MD5
b108bbd31c4544d950687f5fa05ddb60

SHA1
b1e8cdc50a32f246235d1620930be843688a7b56

SHA256
70f01b59f1399491a366d1e0ffe21fdc180be200996d2ddd034c2188cdfd1fe8

SHA512
990ad6a022ab314de039b6efea24272f2351261016829bffa4f866a01b9353c017ec8727cf90d3a2754651176f6eb26eeb6c814543f8b30e8aa215aaa88c5674

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe

Filesize
468KB

MD5
84713eb50cefeaedd2e76d33298341ca

SHA1
275bf32635792f543c8f8b25a06fc729db5ce478

SHA256
2a526bd8314031ea8cf6ce6599ef4f44afb412ada89840d9740aee79f1176d45

SHA512
ac84c93cc1cd3c4a2a539e52c85df80413c6b80941b151944979731ca5689ba5d773de92d033cc7d6936315f6440e9b969e1e6b9afc734903a572c51bf470758

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe

Filesize
468KB

MD5
45394fd7f4a256808ca3b873b0bb410a

SHA1
54a46afff7df7f061ff9b1b04fc1fafbc71c00fd

SHA256
f03bf1c31dea8918d5702c7474d1a57fae9259038551d016fcda3580749e4cd0

SHA512
41ae7a8a5e10b62e2e880ec4bb67606a4d2ddb8e8eb2380006758ebb893525b9e06198fe640e872945da98b9b1f960610ea705f4380c0e8ab1d5fc660d4ed288

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe

Filesize
468KB

MD5
1816935264c250f03367230b4bf990f3

SHA1
209fab5b4bc11018799f835cbe1094fcf4e9a800

SHA256
1a4425cb174388e1d30ae462d9d59f9f2df35f5b4dc66857c989430f2b8f5380

SHA512
30e6717d1bcfd6393d27676655db5f91ef8b5f92e78ff6d26adf361248fb81557c4a9f90ce833f64aa317018494ac4fa2593a9417e985396664531018176a34e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe

Filesize
468KB

MD5
e62a3e4b57d004d50998ef89dbf1866e

SHA1
9a565f47140f52075e31e0cbf17972baa122d51d

SHA256
e6d50005bc250bf17576a5b34fac0a0dc27125d70cb836451dc317024c9074ec

SHA512
1088e80b95b2781ea634e8aae4f747462d7676994b04d6b2674c783b19293e95b94fa0a644ef0575eed551c648d40f670142d9e68e9eddea683b3b29012d799c

Download Submit
memory/264-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/520-309-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/520-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/520-312-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/628-46-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/628-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/628-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/628-231-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/628-47-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/628-381-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/692-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/828-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/928-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1040-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1244-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1308-373-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/1308-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1488-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1556-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1888-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-409-0x0000000001E10000-0x0000000001E85000-memory.dmp

Filesize
468KB

Download
memory/1936-150-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-241-0x0000000001E10000-0x0000000001E85000-memory.dmp

Filesize
468KB

Download
memory/1936-237-0x0000000001E10000-0x0000000001E85000-memory.dmp

Filesize
468KB

Download
memory/1936-408-0x0000000001E10000-0x0000000001E85000-memory.dmp

Filesize
468KB

Download
memory/2044-325-0x00000000024E0000-0x0000000002555000-memory.dmp

Filesize
468KB

Download
memory/2044-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-338-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2076-343-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2092-259-0x00000000025A0000-0x0000000002615000-memory.dmp

Filesize
468KB

Download
memory/2092-260-0x00000000025A0000-0x0000000002615000-memory.dmp

Filesize
468KB

Download
memory/2092-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2124-267-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2124-118-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2124-6-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2124-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2124-284-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2124-30-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2124-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2124-124-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2124-371-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2144-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-147-0x0000000000550000-0x00000000005C5000-memory.dmp

Filesize
468KB

Download
memory/2144-270-0x0000000000550000-0x00000000005C5000-memory.dmp

Filesize
468KB

Download
memory/2144-285-0x0000000000550000-0x00000000005C5000-memory.dmp

Filesize
468KB

Download
memory/2208-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-252-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2236-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-253-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2236-31-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2236-148-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2264-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2300-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-311-0x00000000025A0000-0x0000000002615000-memory.dmp

Filesize
468KB

Download
memory/2316-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2344-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-389-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/2352-390-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/2352-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2396-220-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/2396-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2396-347-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/2396-221-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/2564-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-271-0x0000000001D90000-0x0000000001E05000-memory.dmp

Filesize
468KB

Download
memory/2564-282-0x0000000001D90000-0x0000000001E05000-memory.dmp

Filesize
468KB

Download
memory/2576-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-140-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2588-299-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2588-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-161-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2588-301-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2612-283-0x0000000001EF0000-0x0000000001F65000-memory.dmp

Filesize
468KB

Download
memory/2612-290-0x0000000001EF0000-0x0000000001F65000-memory.dmp

Filesize
468KB

Download
memory/2640-362-0x0000000001C30000-0x0000000001CA5000-memory.dmp

Filesize
468KB

Download
memory/2640-205-0x0000000001C30000-0x0000000001CA5000-memory.dmp

Filesize
468KB

Download
memory/2640-206-0x0000000001C30000-0x0000000001CA5000-memory.dmp

Filesize
468KB

Download
memory/2640-94-0x0000000001C30000-0x0000000001CA5000-memory.dmp

Filesize
468KB

Download
memory/2640-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2676-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2728-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2748-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2828-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2864-288-0x0000000003260000-0x00000000032D5000-memory.dmp

Filesize
468KB

Download
memory/2864-289-0x0000000003260000-0x00000000032D5000-memory.dmp

Filesize
468KB

Download
memory/2864-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2884-194-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2884-326-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2884-324-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2884-188-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2900-137-0x0000000002840000-0x00000000028B5000-memory.dmp

Filesize
468KB

Download
memory/2900-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2900-307-0x0000000002840000-0x00000000028B5000-memory.dmp

Filesize
468KB

Download
memory/2900-155-0x0000000002840000-0x00000000028B5000-memory.dmp

Filesize
468KB

Download
memory/2900-308-0x0000000002840000-0x00000000028B5000-memory.dmp

Filesize
468KB

Download