9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
Size

468KB
MD5

73bf0698443509403c080100b58a0270
SHA1

7cf0fb9501e3cef7ff682e492a1aa97ac246c558
SHA256

9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872
SHA512

5dba89303030d72677aac03dc2cd11a41bcf711f4d8fd19d3716dd2bfb4eff4229aa6cc967f9ebea24ae288c07119e278f417118104b0004ac2714dbca5eaef7
SSDEEP

3072:Xrz7ogKxjz8UFbYyPz3Tqf8/Eptj7PpgPmHx+lO7Ekj05Fo1SDlT:XrfotAUFpPDTqf/Bt9EkQro1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1460	Unicorn-22073.exe
2620	Unicorn-46484.exe
2476	Unicorn-9597.exe
2604	Unicorn-2050.exe
2532	Unicorn-23265.exe
2544	Unicorn-17134.exe
3048	Unicorn-36263.exe
2144	Unicorn-35004.exe
1732	Unicorn-35580.exe
2256	Unicorn-37011.exe
2708	Unicorn-61988.exe
2264	Unicorn-44097.exe
2356	Unicorn-30169.exe
1672	Unicorn-50035.exe
340	Unicorn-58800.exe
1040	Unicorn-8551.exe
1772	Unicorn-6998.exe
976	Unicorn-13128.exe
1044	Unicorn-23491.exe
1536	Unicorn-43357.exe
1548	Unicorn-11042.exe
1740	Unicorn-10777.exe
2376	Unicorn-30480.exe
1016	Unicorn-8359.exe
540	Unicorn-28225.exe
864	Unicorn-23264.exe
1952	Unicorn-36315.exe
2492	Unicorn-48394.exe
2764	Unicorn-15914.exe
3008	Unicorn-24269.exe
2036	Unicorn-12182.exe
1748	Unicorn-57854.exe
880	Unicorn-11917.exe
2952	Unicorn-35124.exe
1920	Unicorn-17661.exe
2944	Unicorn-3952.exe
2188	Unicorn-59624.exe
604	Unicorn-25528.exe
520	Unicorn-31659.exe
2252	Unicorn-60803.exe
2316	Unicorn-17195.exe
2040	Unicorn-4196.exe
2956	Unicorn-17195.exe
2368	Unicorn-37061.exe
1516	Unicorn-37061.exe
1852	Unicorn-59702.exe
1520	Unicorn-50797.exe
736	Unicorn-34394.exe
2224	Unicorn-17358.exe
1008	Unicorn-61371.exe
1076	Unicorn-56009.exe
2208	Unicorn-61874.exe
2304	Unicorn-38450.exe
2760	Unicorn-32507.exe
1252	Unicorn-52373.exe
2496	Unicorn-52373.exe
2516	Unicorn-56981.exe
1480	Unicorn-25596.exe
928	Unicorn-3020.exe
2896	Unicorn-63587.exe
2284	Unicorn-49638.exe
548	Unicorn-39161.exe
1972	Unicorn-36857.exe
1308	Unicorn-49680.exe

Loads dropped DLL 64 IoCs

pid	Process
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
1460	Unicorn-22073.exe
1460	Unicorn-22073.exe
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
2620	Unicorn-46484.exe
2620	Unicorn-46484.exe
2476	Unicorn-9597.exe
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
1460	Unicorn-22073.exe
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
2476	Unicorn-9597.exe
1460	Unicorn-22073.exe
2604	Unicorn-2050.exe
2604	Unicorn-2050.exe
2620	Unicorn-46484.exe
2620	Unicorn-46484.exe
2544	Unicorn-17134.exe
2544	Unicorn-17134.exe
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
2476	Unicorn-9597.exe
1460	Unicorn-22073.exe
2532	Unicorn-23265.exe
2476	Unicorn-9597.exe
1460	Unicorn-22073.exe
2532	Unicorn-23265.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2544	Unicorn-17134.exe
2620	Unicorn-46484.exe
2544	Unicorn-17134.exe
2620	Unicorn-46484.exe
2144	Unicorn-35004.exe
2144	Unicorn-35004.exe
1732	Unicorn-35580.exe
1732	Unicorn-35580.exe
2604	Unicorn-2050.exe
2604	Unicorn-2050.exe
2264	Unicorn-44097.exe
2264	Unicorn-44097.exe
2356	Unicorn-30169.exe
1460	Unicorn-22073.exe
2356	Unicorn-30169.exe
1460	Unicorn-22073.exe
932	WerFault.exe
932	WerFault.exe
932	WerFault.exe
932	WerFault.exe
2476	Unicorn-9597.exe
2476	Unicorn-9597.exe
2532	Unicorn-23265.exe
1672	Unicorn-50035.exe
2532	Unicorn-23265.exe
1672	Unicorn-50035.exe
2708	Unicorn-61988.exe
2708	Unicorn-61988.exe
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
932	WerFault.exe

Program crash 36 IoCs

pid	pid_target	Process	procid_target
2672	3048	WerFault.exe	36
932	2256	WerFault.exe	38
1924	1952	WerFault.exe	58
2976	1044	WerFault.exe	50
940	784	WerFault.exe	101
1980	2544	WerFault.exe	35
1660	2952	WerFault.exe	65
1568	880	WerFault.exe	64
2948	736	WerFault.exe	79
2120	1516	WerFault.exe	76
888	1008	WerFault.exe	81
3012	2376	WerFault.exe	54
1564	1732	WerFault.exe	39
948	3008	WerFault.exe	61
3100	2596	WerFault.exe	105
3636	1536	WerFault.exe	51
4076	2760	WerFault.exe	85
3888	520	WerFault.exe	70
3240	1016	WerFault.exe	56
3348	2356	WerFault.exe	42
3336	2144	WerFault.exe	37
3716	2708	WerFault.exe	40
4144	1852	WerFault.exe	77
4280	2284	WerFault.exe	93
4268	2944	WerFault.exe	67
5008	2368	WerFault.exe	75
5076	2316	WerFault.exe	72
4956	1520	WerFault.exe	78
5016	2496	WerFault.exe	86
4440	2112	WerFault.exe	115
4336	1508	WerFault.exe	103
4264	2764	WerFault.exe	60
4180	2896	WerFault.exe	92
4884	1972	WerFault.exe	95
4996	1968	WerFault.exe	109
5440	1920	WerFault.exe	66

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24340.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
1460	Unicorn-22073.exe
2620	Unicorn-46484.exe
2476	Unicorn-9597.exe
2604	Unicorn-2050.exe
2544	Unicorn-17134.exe
2532	Unicorn-23265.exe
3048	Unicorn-36263.exe
1732	Unicorn-35580.exe
2256	Unicorn-37011.exe
2144	Unicorn-35004.exe
2264	Unicorn-44097.exe
2356	Unicorn-30169.exe
1672	Unicorn-50035.exe
2708	Unicorn-61988.exe
976	Unicorn-13128.exe
1740	Unicorn-10777.exe
864	Unicorn-23264.exe
2376	Unicorn-30480.exe
1952	Unicorn-36315.exe
540	Unicorn-28225.exe
1536	Unicorn-43357.exe
1040	Unicorn-8551.exe
1772	Unicorn-6998.exe
1044	Unicorn-23491.exe
340	Unicorn-58800.exe
1548	Unicorn-11042.exe
1016	Unicorn-8359.exe
2492	Unicorn-48394.exe
2036	Unicorn-12182.exe
2764	Unicorn-15914.exe
880	Unicorn-11917.exe
3008	Unicorn-24269.exe
2944	Unicorn-3952.exe
1748	Unicorn-57854.exe
2952	Unicorn-35124.exe
1920	Unicorn-17661.exe
2252	Unicorn-60803.exe
2368	Unicorn-37061.exe
2316	Unicorn-17195.exe
2188	Unicorn-59624.exe
2040	Unicorn-4196.exe
520	Unicorn-31659.exe
604	Unicorn-25528.exe
2956	Unicorn-17195.exe
1516	Unicorn-37061.exe
1852	Unicorn-59702.exe
1520	Unicorn-50797.exe
736	Unicorn-34394.exe
2224	Unicorn-17358.exe
1008	Unicorn-61371.exe
2208	Unicorn-61874.exe
1076	Unicorn-56009.exe
2760	Unicorn-32507.exe
2304	Unicorn-38450.exe
1480	Unicorn-25596.exe
1252	Unicorn-52373.exe
2496	Unicorn-52373.exe
928	Unicorn-3020.exe
2516	Unicorn-56981.exe
2896	Unicorn-63587.exe
2284	Unicorn-49638.exe
1972	Unicorn-36857.exe
2892	Unicorn-1522.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 1460	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	30
PID 2992 wrote to memory of 1460	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	30
PID 2992 wrote to memory of 1460	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	30
PID 2992 wrote to memory of 1460	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	30
PID 1460 wrote to memory of 2620	1460	Unicorn-22073.exe	31
PID 1460 wrote to memory of 2620	1460	Unicorn-22073.exe	31
PID 1460 wrote to memory of 2620	1460	Unicorn-22073.exe	31
PID 1460 wrote to memory of 2620	1460	Unicorn-22073.exe	31
PID 2992 wrote to memory of 2476	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	32
PID 2992 wrote to memory of 2476	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	32
PID 2992 wrote to memory of 2476	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	32
PID 2992 wrote to memory of 2476	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	32
PID 2620 wrote to memory of 2604	2620	Unicorn-46484.exe	33
PID 2620 wrote to memory of 2604	2620	Unicorn-46484.exe	33
PID 2620 wrote to memory of 2604	2620	Unicorn-46484.exe	33
PID 2620 wrote to memory of 2604	2620	Unicorn-46484.exe	33
PID 2992 wrote to memory of 2544	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	35
PID 2992 wrote to memory of 2544	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	35
PID 2992 wrote to memory of 2544	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	35
PID 2992 wrote to memory of 2544	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	35
PID 2476 wrote to memory of 2532	2476	Unicorn-9597.exe	34
PID 2476 wrote to memory of 2532	2476	Unicorn-9597.exe	34
PID 2476 wrote to memory of 2532	2476	Unicorn-9597.exe	34
PID 2476 wrote to memory of 2532	2476	Unicorn-9597.exe	34
PID 1460 wrote to memory of 3048	1460	Unicorn-22073.exe	36
PID 1460 wrote to memory of 3048	1460	Unicorn-22073.exe	36
PID 1460 wrote to memory of 3048	1460	Unicorn-22073.exe	36
PID 1460 wrote to memory of 3048	1460	Unicorn-22073.exe	36
PID 2604 wrote to memory of 2144	2604	Unicorn-2050.exe	37
PID 2604 wrote to memory of 2144	2604	Unicorn-2050.exe	37
PID 2604 wrote to memory of 2144	2604	Unicorn-2050.exe	37
PID 2604 wrote to memory of 2144	2604	Unicorn-2050.exe	37
PID 2620 wrote to memory of 2256	2620	Unicorn-46484.exe	38
PID 2620 wrote to memory of 2256	2620	Unicorn-46484.exe	38
PID 2620 wrote to memory of 2256	2620	Unicorn-46484.exe	38
PID 2620 wrote to memory of 2256	2620	Unicorn-46484.exe	38
PID 2544 wrote to memory of 1732	2544	Unicorn-17134.exe	39
PID 2544 wrote to memory of 1732	2544	Unicorn-17134.exe	39
PID 2544 wrote to memory of 1732	2544	Unicorn-17134.exe	39
PID 2544 wrote to memory of 1732	2544	Unicorn-17134.exe	39
PID 2992 wrote to memory of 2708	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	40
PID 2992 wrote to memory of 2708	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	40
PID 2992 wrote to memory of 2708	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	40
PID 2992 wrote to memory of 2708	2992	9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe	40
PID 3048 wrote to memory of 2672	3048	Unicorn-36263.exe	41
PID 3048 wrote to memory of 2672	3048	Unicorn-36263.exe	41
PID 3048 wrote to memory of 2672	3048	Unicorn-36263.exe	41
PID 3048 wrote to memory of 2672	3048	Unicorn-36263.exe	41
PID 1460 wrote to memory of 2264	1460	Unicorn-22073.exe	43
PID 1460 wrote to memory of 2264	1460	Unicorn-22073.exe	43
PID 1460 wrote to memory of 2264	1460	Unicorn-22073.exe	43
PID 1460 wrote to memory of 2264	1460	Unicorn-22073.exe	43
PID 2476 wrote to memory of 2356	2476	Unicorn-9597.exe	42
PID 2476 wrote to memory of 2356	2476	Unicorn-9597.exe	42
PID 2476 wrote to memory of 2356	2476	Unicorn-9597.exe	42
PID 2476 wrote to memory of 2356	2476	Unicorn-9597.exe	42
PID 2532 wrote to memory of 1672	2532	Unicorn-23265.exe	44
PID 2532 wrote to memory of 1672	2532	Unicorn-23265.exe	44
PID 2532 wrote to memory of 1672	2532	Unicorn-23265.exe	44
PID 2532 wrote to memory of 1672	2532	Unicorn-23265.exe	44
PID 2256 wrote to memory of 932	2256	Unicorn-37011.exe	45
PID 2256 wrote to memory of 932	2256	Unicorn-37011.exe	45
PID 2256 wrote to memory of 932	2256	Unicorn-37011.exe	45
PID 2256 wrote to memory of 932	2256	Unicorn-37011.exe	45

C:\Users\Admin\AppData\Local\Temp\9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe
"C:\Users\Admin\AppData\Local\Temp\9db8105543bd4c1c743924f72c32aa4365e4cf935ba0a5d7547036560f705872N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        8⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 520 -s 236
        8⤵
        Program crash
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
        8⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        8⤵
        Program crash
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        7⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        7⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        7⤵
        Program crash
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        6⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        6⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        6⤵
        
        PID:3196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        6⤵
        Program crash
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23491.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        7⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        7⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        7⤵
        Program crash
        
        PID:4268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
        6⤵
        Program crash
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
        6⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24097.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        7⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35992.exe
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        7⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        6⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12290.exe
        5⤵
        
        PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        5⤵
        
        PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2256
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        6⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        7⤵
        
        PID:4172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 216
        6⤵
        Program crash
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57630.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
        6⤵
        Program crash
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1710.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        5⤵
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        5⤵
        
        PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
      4⤵
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
      4⤵
      PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
      4⤵
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
      4⤵
      PID:5380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43357.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32425.exe
        7⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        6⤵
        Program crash
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        5⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24474.exe
        6⤵
        
        PID:4228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        6⤵
        Program crash
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
        5⤵
        
        PID:2360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
        5⤵
        Program crash
        
        PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        6⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        6⤵
        
        PID:4604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 220
        6⤵
        Program crash
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        5⤵
        
        PID:3840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
        5⤵
        Program crash
        
        PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3558.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        5⤵
        
        PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
      4⤵
      PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29197.exe
      4⤵
      PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
      4⤵
      PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
      4⤵
      PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
      4⤵
      PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        5⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10556.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10919.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
        5⤵
        
        PID:4012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        5⤵
        Program crash
        
        PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26403.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
      4⤵
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        5⤵
        
        PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
      4⤵
      PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
      4⤵
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
      4⤵
      PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
      4⤵
      PID:4408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39905.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
    3⤵
    PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
    3⤵
    PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
    3⤵
    PID:5036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
    3⤵
    PID:5420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5433.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47375.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
        7⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        6⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        7⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        7⤵
        Program crash
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        6⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35124.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
        6⤵
        Executes dropped EXE
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        7⤵
        
        PID:4460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        6⤵
        Program crash
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        5⤵
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        6⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe
        5⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        5⤵
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34394.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49446.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        7⤵
        
        PID:4204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 236
        6⤵
        Program crash
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13914.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        5⤵
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
        5⤵
        
        PID:3324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
        5⤵
        Program crash
        
        PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        5⤵
        
        PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
      4⤵
      PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
      4⤵
      PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        6⤵
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        6⤵
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        6⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        6⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12037.exe
        5⤵
        
        PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2574.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44366.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
        5⤵
        
        PID:4664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        5⤵
        Program crash
        
        PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
      4⤵
      PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9348.exe
      4⤵
      PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
      4⤵
      PID:3088
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
      4⤵
      Program crash
      PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        6⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33106.exe
        6⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25700.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39674.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        5⤵
        
        PID:4424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        5⤵
        Program crash
        
        PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17235.exe
      4⤵
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61847.exe
        5⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20120.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        5⤵
        
        PID:5560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
      4⤵
      Program crash
      PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
        5⤵
        
        PID:3344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 220
        5⤵
        Program crash
        
        PID:4884
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
      4⤵
      Program crash
      PID:1568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
    3⤵
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
      4⤵
      PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
      4⤵
      PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
    3⤵
    PID:3076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
    3⤵
    PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57107.exe
    3⤵
    PID:2676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        7⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20120.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        7⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        6⤵
        
        PID:3960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        6⤵
        Program crash
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        5⤵
        
        PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2482.exe
        5⤵
        
        PID:784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
        6⤵
        Program crash
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        5⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        5⤵
        
        PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56866.exe
      4⤵
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 220
        5⤵
        Program crash
        
        PID:4336
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
      4⤵
      Program crash
      PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        5⤵
        
        PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
      4⤵
      PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
      4⤵
      PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
      4⤵
      PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
      4⤵
      PID:4252
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
    3⤵
    - Program crash
    PID:1980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23264.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27870.exe
        6⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        5⤵
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        5⤵
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22036.exe
        5⤵
        
        PID:1940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        5⤵
        Program crash
        
        PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
      4⤵
      PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
      4⤵
      PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
      4⤵
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
      4⤵
      PID:5484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
      4⤵
      PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
      4⤵
      PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
      4⤵
      PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
      4⤵
      PID:5512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
    3⤵
    PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
    3⤵
    PID:3156
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
    3⤵
    - Program crash
    PID:3716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36315.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36315.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24269.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2140
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
      4⤵
      Program crash
      PID:948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
    3⤵
    - Program crash
    PID:1924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
    3⤵
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
    3⤵
    PID:3280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
    3⤵
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
    3⤵
    PID:5056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 216
    3⤵
    - Program crash
    PID:5440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37869.exe
  2⤵
  PID:3020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
  2⤵
  PID:2116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
  2⤵
  PID:3796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61516.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61516.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
  2⤵
  PID:4968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
  2⤵
  PID:5568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe

Filesize
468KB

MD5
64d3bfa04bcc87e6225e6c4a94ee0948

SHA1
e6bc20b0caec6f209a16270e6e685386ca2cdf5a

SHA256
5a5b38b281e034012871f6a219413d356bb154b818ede66b011c6d95e3ee7179

SHA512
8ec9264d6e6bdd8e9fcf8fe1defe62e39a14fb512d8fae8b6c422bdd9b698cb039c3ca5730680c5c8ada590a5526bf01b85c00b32beb99b910801f2f78ce4f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe

Filesize
468KB

MD5
ae3f692a4524060cf998779ea4f40c37

SHA1
6961bdd6b7caba7589529f6d00e8da099f729ca7

SHA256
7b248d8394481baac9c9fd2134b82b579b0b0d84d5e645dc2bf54af5d4d54ea6

SHA512
1839cc08f707afd25e2935bda7d4b838e40039db54090f23785996953388c34eb55b652cd9d970e2e4302e9796a9f0361841ddca86023de05b24f5a890900e2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe

Filesize
468KB

MD5
87578c6dd2d116e9e7149330673f20fc

SHA1
3bff2f99867728bc768ad2dbe5d37599e022b552

SHA256
8040418bdf2bd5f3cb357554b5ee21dd50afe342dddb47fbf22a79ba23b60ff4

SHA512
76a9cf974ceb98ac9c2bd0ca0f7ddc8d61d66255e80df066a380f91d898f118eac43bcee1306b5cbde29d69da0cc79bcb32849311743767ebd8abac079567526

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe

Filesize
468KB

MD5
6a9d951b5416bda4cf6141da1bf75a26

SHA1
56eaec1acfd4f5ea56c6873d5db8687fa4687e34

SHA256
dbc9d6cc41f7c0112ceee573f3d58629724ec6b5304b85ce99c69919307cde94

SHA512
da7da931755bc0def660856b9c4c3d582b00826f127228fe61caf6c997b55d037930d433bf05e8eeeb4dd7a42934a080f3fa5c28157329b749d740ec32bccc19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe

Filesize
468KB

MD5
688f8c30a4e5fc62e8452ccef2ec8b04

SHA1
eab9ea92959bb79ba3672c98bac156a0aa8e3066

SHA256
02aec4cca1e1978685e69ac039e970fac1654dd55414609c432f7260f2ffb714

SHA512
6518fd1045c141a9b46d9d221f14091325d33f815ce7b08a68c035d76fa2526ec52e11bdf811a04e41f8982a83fd7f53ea46f5956a82b5c7d65fa400430d9215

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe

Filesize
468KB

MD5
9460705a5f8bdec68ed55b9efad30903

SHA1
576d2f80b0eeaa9463590ee658704e42b3b659dd

SHA256
a37ac3ceb360074c803a17d2b8840d15e8cb2dea544d5dc27d61413b78703e65

SHA512
6265edd8aaa0fb2f839e84a5415f023f9ad14bc9b248f599edab0846edb6383e46e5a121f0a0cf18ef3fd5cf6b1f5931f15be4488f6f4a23a6f7f8fee457615f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe

Filesize
468KB

MD5
61aa7c3aa2fada552786dd65da79884a

SHA1
9bf3539479ea50aa4e6daab5ebb276a8f676193a

SHA256
afe00fc60295d91cb6ff229a605747a1f41cc0c7b522084e921ace88ed5b51ff

SHA512
3b35966c6ac22c758438396312248de9aa2bab2a949539d377bc96a154a13e8ece15ad255ac9fb65cd9b2754a4af02d861c6033b6440d6107b95282e3307ab9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe

Filesize
468KB

MD5
a87351b9a75ddf75431a9c9fca8cc27a

SHA1
f97a435935b6fb60e479813d7d33099863128226

SHA256
531be8a003e2d4a0f19ab8d4c5c6518285aaac934150dc10b73a50b90e986c4f

SHA512
50ec5c0baeb4b08bbce0ec02c7adf7ee55be76e2ad0a401ea5efb60fec0d5767c9caf2cf228f70f75c51cd8875561936931569b5d6b266be57f2d68d3991e4a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe

Filesize
468KB

MD5
819a5598c6a6baae0781dd27aa133041

SHA1
93a38a5856fc85b2589ae5a5f47b259798dd2609

SHA256
61a4e9d60f536ea011c324b8684e08cf60bec759dd059e49fd79412cf263ab23

SHA512
c8bd1fff2d7f3d2b3da5c1729b7d27459f8547f7fed67006d35c991999b6c57e89f5ac119780adfb2bbbb8fb432909cc140bdb6c4c28a54c05d31287feb8ea98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe

Filesize
468KB

MD5
c3c8622ce548a5da0441da25c3249332

SHA1
8fe6979e5b9012656bde97b081ab198074d0116a

SHA256
d6f833fab52cf071f4cbb99aedc6d3403212e9b662b0ab62a109ab21b12ee0be

SHA512
38298bf0e25489694abfe67ac867d4fd60817d8c9c01f6baa04dfbf519360ce2ecd3239bce206f3b48f99f6e8a34580297e2736e0ca9178158c99bf66e9ac35e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe

Filesize
468KB

MD5
55236f83ec723e55e3fa5b89a3481559

SHA1
610e422b467deead9ff2cec86f58f246060cc3ba

SHA256
cc0bbaa19767d2458b2e78dceeb7a85c806495a0fa11769b88a30c2ccb607b3a

SHA512
4c8d4ef70385b30674a0785f156eec4b9e3c6970e8bd69871bae330b67bd3e3a76e6bd51c388adbceb52f71f1910e622a0731be415a9a6a86e70337127278e35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe

Filesize
468KB

MD5
3e57dd676ac0d1c1362b6738308a653a

SHA1
48a98a21243567f41260daee85b8e833a55bf813

SHA256
4d22fc75f62b7c1325c0c7bc7a5ed39e9e986ecf7793b56b63e66dea18a57115

SHA512
d16e0953da2e2061ad47c0bcb3daec8d600187669ca24758d7e6465170da48c05fc5bce911e07f80ffd50faefecce8f64bfbbad414014cc1f3185eb573033970

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe

Filesize
468KB

MD5
f216b0dfa4294a738998f3aa22b19e1e

SHA1
e0274d9fdcc1777adacfc64d6e12fdb57c875166

SHA256
0ffc963d65848b3eb3712d6f8c78a027418f6bcabea07aadc944a5a5bda68d88

SHA512
8bd6a5666f43b35ff95c085e1b7b215c72536e5b28a5be3efe60f5f63b6ad8e58ec6a58411b4c1d1f46648840a9dd8267180734333c24812764f88528ed8c354

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe

Filesize
468KB

MD5
22a502d893639cf0ba8f491f13eedf5c

SHA1
4db4eba03b27bd91d64d0f488858de7e77120230

SHA256
c81f27235ed506d73aeb822c7f3bb5875ddd5cf90b54410c81692fc6f20ffb2b

SHA512
41c306cbac84a11ac3383de1de5385ecc7fbabc23e4707a77f2ddcd4892c2b398f859af53beb34bc6db1ef4f7331e1c6490c216c16aa33b6d18a61710dd85b2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe

Filesize
468KB

MD5
3ed7262c8ada2b53d46d1023140ed51a

SHA1
c793641c7be9978df0d58ab58d8ff0d492bcf01e

SHA256
1016fe63b4d451c9c11bddb731b39d2ee8a4571bdb512a5d5a9b61c98e0d1020

SHA512
238c837740e04e8206acc69b55639812abbee079c90ebfb7461be62e09f80cf2b14f4ac0e293ffeadc42a2f598114e4ddc9ef7524cc8cf631fbca4bdc6766cc4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe

Filesize
468KB

MD5
c6e4d00031f9ad3d9cb58210b8e0d74d

SHA1
df3c3bb1d731b8c5c883e7d913f6bb018c32182a

SHA256
7197f6dd29c3f87625a54d433aac4a2d3ce58fbc1800e94a83c5819b5d71b67d

SHA512
2a2c9ed37b6bcc2510742c4b3e5241e1fa2731feb68a4504d4fcafbae4f76168cc22a0de76ee7cb24f1fe9659573286e3268d78bfc11af2ed47aa1e35679259a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe

Filesize
468KB

MD5
85a4fe360be8747ee0f30806a3254b84

SHA1
dc77761193b7af341e6143acfc427e4aa9448944

SHA256
1c73652a8962d37559eb0edc224564b9450b6b5976d89177af9ec63d2839d069

SHA512
0acf040246660ca1263767383fa8927f2ee5cc1eda796fed9995bfc7904b159439295f8b611b8d873f4466aa84a6f3afd68aaf2095377bd330d8f5ae65a21213

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe

Filesize
468KB

MD5
5409cb3ff3cbdb0ba63c0dc7db448723

SHA1
dc0d41c997998d918f604b26f6a6db9484719694

SHA256
7cfd49d4e63941e2fd45220521076d1c56afeadf9d415902f3e0ce244e6d8b2a

SHA512
82b39a06bd452ad33fec1fcaa919e2e0d52e4968d4007caf302530650786e44f9663e2f88c6d63d3ffaf550c98f7b195e24316a0504c106ef44b7b0ea9654d88

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe

Filesize
468KB

MD5
3f456d9edd4a97f5adc147f2dad30efa

SHA1
08f66ecfb03d25c1dadd60d0eb60c94639d876f5

SHA256
79ccf3de04a876ad934f3635b07c11a7152794571d1b9286a3f26a058da6d26f

SHA512
fce1c207a463d7a54c47d0f02b69338ce7dbc1ac1d6b2fe610ca586126b50c7465db54f53302f5d2dda4ee8e760ad1d6e47dc27677a16ab12a45f3890380941d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe

Filesize
468KB

MD5
8be39425435c9c9af4df88543be1a9dd

SHA1
f34961c00c57cc62f263acc2d21a8b91f94a916a

SHA256
9187887403e9aaf468d1019edca0c8b01d5aa559a7c60980a5c9dde2b5cfb497

SHA512
10a9abcf896d4a0f43a1fd85e53d63642edcad646f2d37c3401cd54902ad70e8a9c4b09fe72a126c466dad9653f7b93401cb2b38157ad2e7cdd009e25217bb48

Download Submit
memory/340-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/540-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/540-367-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/604-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/864-331-0x0000000003450000-0x00000000034C5000-memory.dmp

Filesize
468KB

Download
memory/864-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/864-330-0x0000000003450000-0x00000000034C5000-memory.dmp

Filesize
468KB

Download
memory/976-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/976-409-0x0000000001D80000-0x0000000001DF5000-memory.dmp

Filesize
468KB

Download
memory/1016-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1040-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1044-395-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/1044-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1044-391-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/1460-148-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/1460-254-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/1460-246-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/1460-164-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/1460-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1460-25-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/1460-26-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/1460-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1536-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1672-269-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/1672-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1672-279-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/1672-376-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/1732-229-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/1732-218-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/1732-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1740-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1748-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1772-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1952-347-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1952-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1952-346-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2036-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-215-0x0000000001EA0000-0x0000000001F15000-memory.dmp

Filesize
468KB

Download
memory/2144-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-214-0x0000000001EA0000-0x0000000001F15000-memory.dmp

Filesize
468KB

Download
memory/2188-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2256-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-235-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2264-239-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2356-253-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2356-245-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2356-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2376-332-0x0000000002430000-0x00000000024A5000-memory.dmp

Filesize
468KB

Download
memory/2376-340-0x0000000002430000-0x00000000024A5000-memory.dmp

Filesize
468KB

Download
memory/2376-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-258-0x0000000001FA0000-0x0000000002015000-memory.dmp

Filesize
468KB

Download
memory/2476-369-0x0000000001FA0000-0x0000000002015000-memory.dmp

Filesize
468KB

Download
memory/2476-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-147-0x0000000001FA0000-0x0000000002015000-memory.dmp

Filesize
468KB

Download
memory/2476-262-0x0000000001FA0000-0x0000000002015000-memory.dmp

Filesize
468KB

Download
memory/2476-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-163-0x0000000001FA0000-0x0000000002015000-memory.dmp

Filesize
468KB

Download
memory/2492-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-274-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2532-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-268-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2532-165-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2532-149-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2544-212-0x0000000002820000-0x0000000002895000-memory.dmp

Filesize
468KB

Download
memory/2544-210-0x0000000002820000-0x0000000002895000-memory.dmp

Filesize
468KB

Download
memory/2544-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-53-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-97-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2604-232-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2604-231-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2604-423-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2620-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-211-0x00000000005C0000-0x0000000000635000-memory.dmp

Filesize
468KB

Download
memory/2620-52-0x00000000005C0000-0x0000000000635000-memory.dmp

Filesize
468KB

Download
memory/2708-353-0x0000000000340000-0x00000000003B5000-memory.dmp

Filesize
468KB

Download
memory/2708-366-0x0000000000340000-0x00000000003B5000-memory.dmp

Filesize
468KB

Download
memory/2708-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-282-0x0000000000340000-0x00000000003B5000-memory.dmp

Filesize
468KB

Download
memory/2708-288-0x0000000000340000-0x00000000003B5000-memory.dmp

Filesize
468KB

Download
memory/2764-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2944-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-298-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2992-378-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2992-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-377-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2992-289-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2992-133-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2992-10-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2992-11-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3008-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3048-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3048-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download