04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
Size

468KB
MD5

ecc540dae41e8a5d00e0cc42bfcc87f0
SHA1

5398f3e51439e97f97105bdbb2b4732dbe060b7f
SHA256

04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817
SHA512

84b785cab233878bf4bcfbbdd5797ca635af2c50d27032ad975e6ab7c92b2049bc1e3e528c552878c434dcf73e1ea8e27c4e50a0a5e212e6165fc9dbe320787d
SSDEEP

3072:9qMFo7Lgjy8nBbYkPzhjtfLKYqjWRp9nmHeoVWOWG3FUGsNY9ll:9qmooLnB3PtjtfnXLCWGVnsNY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2904	Unicorn-37274.exe
1528	Unicorn-31932.exe
900	Unicorn-45315.exe
2748	Unicorn-51045.exe
2620	Unicorn-34024.exe
2768	Unicorn-33679.exe
1664	Unicorn-19944.exe
2416	Unicorn-12358.exe
2832	Unicorn-57986.exe
2192	Unicorn-43259.exe
2852	Unicorn-10778.exe
1144	Unicorn-28303.exe
2692	Unicorn-16315.exe
1972	Unicorn-36181.exe
2860	Unicorn-30050.exe
2068	Unicorn-47987.exe
2384	Unicorn-27545.exe
1944	Unicorn-19565.exe
1728	Unicorn-55029.exe
2016	Unicorn-64043.exe
1320	Unicorn-8437.exe
1844	Unicorn-14567.exe
2188	Unicorn-39586.exe
956	Unicorn-33455.exe
3048	Unicorn-33394.exe
2520	Unicorn-52995.exe
2140	Unicorn-53260.exe
2036	Unicorn-39180.exe
3060	Unicorn-50116.exe
2544	Unicorn-59046.exe
2536	Unicorn-3628.exe
344	Unicorn-38953.exe
2728	Unicorn-24262.exe
2840	Unicorn-32778.exe
1036	Unicorn-19043.exe
2608	Unicorn-46522.exe
2044	Unicorn-41352.exe
1028	Unicorn-51047.exe
560	Unicorn-24679.exe
2376	Unicorn-59765.exe
2024	Unicorn-37694.exe
2836	Unicorn-46268.exe
1752	Unicorn-16662.exe
2508	Unicorn-5007.exe
2208	Unicorn-38099.exe
2368	Unicorn-49076.exe
3012	Unicorn-44754.exe
2496	Unicorn-21422.exe
328	Unicorn-50840.exe
1672	Unicorn-47758.exe
1968	Unicorn-9365.exe
3032	Unicorn-34411.exe
2432	Unicorn-30222.exe
1476	Unicorn-15368.exe
2124	Unicorn-24117.exe
2740	Unicorn-45327.exe
2528	Unicorn-45327.exe
2828	Unicorn-20226.exe
2820	Unicorn-9483.exe
2816	Unicorn-29157.exe
2708	Unicorn-30421.exe
1524	Unicorn-54149.exe
2924	Unicorn-34824.exe
1864	Unicorn-19566.exe

Loads dropped DLL 64 IoCs

pid	Process
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
2904	Unicorn-37274.exe
2904	Unicorn-37274.exe
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
1528	Unicorn-31932.exe
1528	Unicorn-31932.exe
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
900	Unicorn-45315.exe
900	Unicorn-45315.exe
2904	Unicorn-37274.exe
2904	Unicorn-37274.exe
2748	Unicorn-51045.exe
2748	Unicorn-51045.exe
1528	Unicorn-31932.exe
1528	Unicorn-31932.exe
2768	Unicorn-33679.exe
2768	Unicorn-33679.exe
2620	Unicorn-34024.exe
2620	Unicorn-34024.exe
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
1664	Unicorn-19944.exe
900	Unicorn-45315.exe
2904	Unicorn-37274.exe
1664	Unicorn-19944.exe
900	Unicorn-45315.exe
2904	Unicorn-37274.exe
2416	Unicorn-12358.exe
2416	Unicorn-12358.exe
2748	Unicorn-51045.exe
2748	Unicorn-51045.exe
2192	Unicorn-43259.exe
2192	Unicorn-43259.exe
2768	Unicorn-33679.exe
2768	Unicorn-33679.exe
2832	Unicorn-57986.exe
2832	Unicorn-57986.exe
2692	Unicorn-16315.exe
1528	Unicorn-31932.exe
2692	Unicorn-16315.exe
1528	Unicorn-31932.exe
900	Unicorn-45315.exe
900	Unicorn-45315.exe
2860	Unicorn-30050.exe
2860	Unicorn-30050.exe
2620	Unicorn-34024.exe
2620	Unicorn-34024.exe
2852	Unicorn-10778.exe
2904	Unicorn-37274.exe
2904	Unicorn-37274.exe
2852	Unicorn-10778.exe
1664	Unicorn-19944.exe
1664	Unicorn-19944.exe
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
1972	Unicorn-36181.exe
2416	Unicorn-12358.exe
1944	Unicorn-19565.exe
1972	Unicorn-36181.exe
2416	Unicorn-12358.exe
1944	Unicorn-19565.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2064	916	WerFault.exe	154
2228	2040	WerFault.exe	155
3732	3988	WerFault.exe	221
3700	3980	WerFault.exe	219
3744	3096	WerFault.exe	231
3800	3080	WerFault.exe	230
3844	2052	WerFault.exe	228

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-81.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24967.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
2904	Unicorn-37274.exe
1528	Unicorn-31932.exe
900	Unicorn-45315.exe
2748	Unicorn-51045.exe
2620	Unicorn-34024.exe
2768	Unicorn-33679.exe
1664	Unicorn-19944.exe
2416	Unicorn-12358.exe
2832	Unicorn-57986.exe
2192	Unicorn-43259.exe
2692	Unicorn-16315.exe
1144	Unicorn-28303.exe
2860	Unicorn-30050.exe
1972	Unicorn-36181.exe
2852	Unicorn-10778.exe
2068	Unicorn-47987.exe
2384	Unicorn-27545.exe
1944	Unicorn-19565.exe
1728	Unicorn-55029.exe
2016	Unicorn-64043.exe
1320	Unicorn-8437.exe
1844	Unicorn-14567.exe
2188	Unicorn-39586.exe
2544	Unicorn-59046.exe
344	Unicorn-38953.exe
2520	Unicorn-52995.exe
2536	Unicorn-3628.exe
3048	Unicorn-33394.exe
956	Unicorn-33455.exe
2140	Unicorn-53260.exe
3060	Unicorn-50116.exe
2728	Unicorn-24262.exe
1036	Unicorn-19043.exe
2840	Unicorn-32778.exe
2608	Unicorn-46522.exe
1028	Unicorn-51047.exe
2044	Unicorn-41352.exe
2376	Unicorn-59765.exe
560	Unicorn-24679.exe
2024	Unicorn-37694.exe
2836	Unicorn-46268.exe
1752	Unicorn-16662.exe
2508	Unicorn-5007.exe
2208	Unicorn-38099.exe
2368	Unicorn-49076.exe
3012	Unicorn-44754.exe
2496	Unicorn-21422.exe
328	Unicorn-50840.exe
1672	Unicorn-47758.exe
3032	Unicorn-34411.exe
1968	Unicorn-9365.exe
2124	Unicorn-24117.exe
1476	Unicorn-15368.exe
2432	Unicorn-30222.exe
2740	Unicorn-45327.exe
2528	Unicorn-45327.exe
2828	Unicorn-20226.exe
1524	Unicorn-54149.exe
2820	Unicorn-9483.exe
2708	Unicorn-30421.exe
2816	Unicorn-29157.exe
1960	Unicorn-64216.exe
1864	Unicorn-19566.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 2904	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	29
PID 1480 wrote to memory of 2904	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	29
PID 1480 wrote to memory of 2904	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	29
PID 1480 wrote to memory of 2904	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	29
PID 2904 wrote to memory of 1528	2904	Unicorn-37274.exe	30
PID 2904 wrote to memory of 1528	2904	Unicorn-37274.exe	30
PID 2904 wrote to memory of 1528	2904	Unicorn-37274.exe	30
PID 2904 wrote to memory of 1528	2904	Unicorn-37274.exe	30
PID 1480 wrote to memory of 900	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	31
PID 1480 wrote to memory of 900	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	31
PID 1480 wrote to memory of 900	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	31
PID 1480 wrote to memory of 900	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	31
PID 1528 wrote to memory of 2748	1528	Unicorn-31932.exe	32
PID 1528 wrote to memory of 2748	1528	Unicorn-31932.exe	32
PID 1528 wrote to memory of 2748	1528	Unicorn-31932.exe	32
PID 1528 wrote to memory of 2748	1528	Unicorn-31932.exe	32
PID 1480 wrote to memory of 2768	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	33
PID 1480 wrote to memory of 2768	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	33
PID 1480 wrote to memory of 2768	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	33
PID 1480 wrote to memory of 2768	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	33
PID 900 wrote to memory of 2620	900	Unicorn-45315.exe	34
PID 900 wrote to memory of 2620	900	Unicorn-45315.exe	34
PID 900 wrote to memory of 2620	900	Unicorn-45315.exe	34
PID 900 wrote to memory of 2620	900	Unicorn-45315.exe	34
PID 2904 wrote to memory of 1664	2904	Unicorn-37274.exe	35
PID 2904 wrote to memory of 1664	2904	Unicorn-37274.exe	35
PID 2904 wrote to memory of 1664	2904	Unicorn-37274.exe	35
PID 2904 wrote to memory of 1664	2904	Unicorn-37274.exe	35
PID 2748 wrote to memory of 2416	2748	Unicorn-51045.exe	36
PID 2748 wrote to memory of 2416	2748	Unicorn-51045.exe	36
PID 2748 wrote to memory of 2416	2748	Unicorn-51045.exe	36
PID 2748 wrote to memory of 2416	2748	Unicorn-51045.exe	36
PID 1528 wrote to memory of 2832	1528	Unicorn-31932.exe	37
PID 1528 wrote to memory of 2832	1528	Unicorn-31932.exe	37
PID 1528 wrote to memory of 2832	1528	Unicorn-31932.exe	37
PID 1528 wrote to memory of 2832	1528	Unicorn-31932.exe	37
PID 2768 wrote to memory of 2192	2768	Unicorn-33679.exe	38
PID 2768 wrote to memory of 2192	2768	Unicorn-33679.exe	38
PID 2768 wrote to memory of 2192	2768	Unicorn-33679.exe	38
PID 2768 wrote to memory of 2192	2768	Unicorn-33679.exe	38
PID 2620 wrote to memory of 2852	2620	Unicorn-34024.exe	39
PID 2620 wrote to memory of 2852	2620	Unicorn-34024.exe	39
PID 2620 wrote to memory of 2852	2620	Unicorn-34024.exe	39
PID 2620 wrote to memory of 2852	2620	Unicorn-34024.exe	39
PID 1480 wrote to memory of 1144	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	40
PID 1480 wrote to memory of 1144	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	40
PID 1480 wrote to memory of 1144	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	40
PID 1480 wrote to memory of 1144	1480	04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe	40
PID 1664 wrote to memory of 1972	1664	Unicorn-19944.exe	41
PID 1664 wrote to memory of 1972	1664	Unicorn-19944.exe	41
PID 1664 wrote to memory of 1972	1664	Unicorn-19944.exe	41
PID 1664 wrote to memory of 1972	1664	Unicorn-19944.exe	41
PID 900 wrote to memory of 2692	900	Unicorn-45315.exe	42
PID 900 wrote to memory of 2692	900	Unicorn-45315.exe	42
PID 900 wrote to memory of 2692	900	Unicorn-45315.exe	42
PID 900 wrote to memory of 2692	900	Unicorn-45315.exe	42
PID 2904 wrote to memory of 2860	2904	Unicorn-37274.exe	43
PID 2904 wrote to memory of 2860	2904	Unicorn-37274.exe	43
PID 2904 wrote to memory of 2860	2904	Unicorn-37274.exe	43
PID 2904 wrote to memory of 2860	2904	Unicorn-37274.exe	43
PID 2416 wrote to memory of 2068	2416	Unicorn-12358.exe	44
PID 2416 wrote to memory of 2068	2416	Unicorn-12358.exe	44
PID 2416 wrote to memory of 2068	2416	Unicorn-12358.exe	44
PID 2416 wrote to memory of 2068	2416	Unicorn-12358.exe	44

C:\Users\Admin\AppData\Local\Temp\04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe
"C:\Users\Admin\AppData\Local\Temp\04c58543b95a5d0f2291f8b093d9c9bed10f6bc4846241c1417b6b8965068817N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12358.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30421.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40085.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        7⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        7⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
        6⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        6⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        7⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
        6⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe
        6⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        6⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        6⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        6⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        6⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        6⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16323.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
        5⤵
        
        PID:916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 188
        6⤵
        Program crash
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        7⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        7⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        7⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        6⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 188
        7⤵
        Program crash
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        6⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        6⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        5⤵
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        7⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
        6⤵
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
        6⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 188
        7⤵
        Program crash
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        6⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        5⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        5⤵
        
        PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
        6⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        6⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        6⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64216.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        5⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        5⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
      4⤵
      PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
      4⤵
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe
      4⤵
      PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6918.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        8⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47206.exe
        7⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        7⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 188
        8⤵
        Program crash
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44827.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe
        7⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        6⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        6⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        6⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
        6⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        5⤵
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
      4⤵
      Executes dropped EXE
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17331.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45162.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        6⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        5⤵
        
        PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
      4⤵
      PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55511.exe
      4⤵
      PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
      4⤵
      PID:4276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30050.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39586.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        6⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        6⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        6⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        5⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        5⤵
        
        PID:3988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 188
        6⤵
        Program crash
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50840.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
      4⤵
      PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        5⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        5⤵
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
      4⤵
      PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6918.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe
      4⤵
      PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
      4⤵
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
      4⤵
      PID:612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46778.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56047.exe
      4⤵
      PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51232.exe
    3⤵
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
    3⤵
    PID:4088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
    3⤵
    PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
    3⤵
    PID:4400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        6⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        6⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        6⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12037.exe
        5⤵
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        5⤵
        
        PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        5⤵
        
        PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        5⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
        5⤵
        
        PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
      4⤵
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25534.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
        7⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        6⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        6⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47408.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        5⤵
        
        PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        5⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        5⤵
        
        PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        5⤵
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
      4⤵
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
      4⤵
      PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
      4⤵
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
      4⤵
      PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
      4⤵
      PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
      4⤵
      PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
    3⤵
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
      4⤵
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
      4⤵
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50660.exe
      4⤵
      PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
      4⤵
      PID:4160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
    3⤵
    PID:2040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 188
      4⤵
      Program crash
      PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
    3⤵
    PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
    3⤵
    PID:4684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60903.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35964.exe
        6⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        5⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        5⤵
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        5⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        5⤵
        Executes dropped EXE
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        5⤵
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16472.exe
      4⤵
      PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
      4⤵
      PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36429.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
      4⤵
      PID:4640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55029.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        5⤵
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        5⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        5⤵
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22960.exe
      4⤵
      PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      4⤵
      PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
      4⤵
      PID:4224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41352.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
      4⤵
      PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
      4⤵
      PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
      4⤵
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
      4⤵
      PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
    3⤵
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
    3⤵
    PID:3196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
    3⤵
    PID:3764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
    3⤵
    PID:4284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
      4⤵
      PID:440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
      4⤵
      PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
      4⤵
      PID:3096
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 188
        5⤵
        Program crash
        
        PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
      4⤵
      PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
    3⤵
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34692.exe
    3⤵
    PID:1104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
    3⤵
    PID:3964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
    3⤵
    PID:4852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50116.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50116.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
    3⤵
    PID:336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
    3⤵
    PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
    3⤵
    PID:2056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
  2⤵
  PID:2380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
  2⤵
  PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
  2⤵
  PID:3592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
  2⤵
  PID:4704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe

Filesize
468KB

MD5
dbec0eb92136dc2a552fd53bde1b040b

SHA1
87aefdd4ad6b11d72a2635dd9457cff6066f7218

SHA256
d4023842313bb393545fb1d1c9f1ce1bc84648830e89db042b3e87e1bb8c8587

SHA512
a160ee9aec1083d95a2c361d66e15d9a8080264b62975833178aaa57d9f0dc5a6d2acc315363a058af8e2ef415409496b09a6353d3e5c0d5aaf4f8b91e125fe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16323.exe

Filesize
468KB

MD5
a2bb99d41dd621cba6db0da82144f419

SHA1
8bce5072840dec4ca271e83de8b080ebacd73e81

SHA256
45a852b537a2b01c27f82adbbd5816df190b3ee5f9c8cf578d4df7d85745a4c8

SHA512
52a67cb2315d464ff0102d3474d0000a1a418f9afe6634d5382d9968889ab642b87eba95838c63f5743a3b15f3532ca3b2f525d316e2f36cae85a459ac7878c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe

Filesize
468KB

MD5
c967df9157590aa7afe94bf4116c9663

SHA1
6fb93e63ebbd14af076ce89461fdd1dd16c0da9d

SHA256
fa9b0d2a1b3a592ea8e3a38edfebf86bf91706b6e1a938acc2e08fda9b9e433f

SHA512
46cf2864a02afebd7982e345490d4f9e838563707dc02e13943be5ce5c03e52a2bd002ce6f0ba23bf3a9022ba768ce77b152e1a4076546a189e9b64f4bcb1957

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe

Filesize
468KB

MD5
28088a0b91415a8a32752c6fd9747621

SHA1
ed77820b81d8671d599ed34ff677f71221989b27

SHA256
41fad988225a16094158bc253f527070234439dec975ac792bc15d859b546dd7

SHA512
6281103c824ac220f47e7b19dab5768e44b7d19deb796ba6dad356d3a09f0f23c2a980020bfd98e2c7cf763b278bc490e46108e392ae7db0406c9ca1feeb0a37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe

Filesize
468KB

MD5
092ec32792e16c36faded5a917aa4e00

SHA1
b41a76fdb325ddc07e52f282bfecd53c534d8640

SHA256
30155441fa6d80fc50a1d0e00877e2ea5d46a7683d891f25bb0665e5bdf9bb53

SHA512
b08bf0ea815c13d40cd9e81f352988373e1dcfede3b139aa64362611ac9aeb4931415c155558320cdc9677f036462a4fa983597ef74c8dfdbf7942fdfcfc2d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe

Filesize
468KB

MD5
99f090ff8850e5df66dcd120ee123a54

SHA1
3b30c1e7cd50b1b4b6bc6f182c7a96f1c01e7ffc

SHA256
9695382c98b89e6d93986df95522ab75c11a5c0440449bb5f1734afa1bedff86

SHA512
fbf3c8b4fc987e1a9b7e05a67f232ae3f247138acefcaccb0dc86ad13b21d4be2b0c40c9dbe9c9641bccd7c7cb9cc6a9f3e79c9fbd84b639927c57b0365f166e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12358.exe

Filesize
468KB

MD5
f25f66ad81e69ddac57a769046f4c203

SHA1
ce9c59197c41443b9ddd1ca5b1cc7489bdb5aeb6

SHA256
95cf220a148322c846649a4d0bcab35d2c1bd0df9d62b247708ed953d6cae7b7

SHA512
6a5bca704122f1406acc629d0b0098ca111bb23f28dcc1d2b7832b89f5eb12abf22bc9b8a5f962d2504e6cb1f670ec175205e7ff28c33ec0adf53ac4ab2f073a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe

Filesize
468KB

MD5
2deebdb79e7eb84b4a4623824fd69acd

SHA1
a35c526d4f774d860c92551dbbb163e3fd357c83

SHA256
0420859f453c0249dcc804a270211cfcedabf69a198173c4aa3a1940fae7e8c6

SHA512
609dcaf86c1e6f61ea33fd7f1d8325e6735f69e900dc5ce2bbb69d9d6cdb76f9e0d3f8b77cd2fa10ada5f4b5059a9f68c7ff82fd98284ceb31dbe1e4fd688eba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe

Filesize
468KB

MD5
5ca9129fb22af2e8e836a17ffcc28d76

SHA1
58ee021c7f4d712063e9e58780fd09a64f7f73b9

SHA256
20ac0aaf08fe6d917824d8f745984d32e1f64cd4bb6e2849c45767ed2b5b03ba

SHA512
bff69abc2d4b49ffad2229afcb7a33b43be4750c4796478aeddf1a82ea14b40eec1abd5be40b5657e80e6ab5f930b3e3ff52f1392b1adaa0d116d66a92291705

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe

Filesize
468KB

MD5
df936bf015280e771b36df34f0e0a23d

SHA1
901e269d848748aaf1a30bf5ca2f61bee874039a

SHA256
f24d34629c95052a3ea1613d7dfcb39764f3388eaf6095516915609b82c8d515

SHA512
f6e4cc15cf29d1ae3a7a0d7fbc5365501fcc432f14fce5a70d09ee59a9367cde86382bc0593a5c601b8ebbd1e93a11fe5b42226c9293d1ed3e3757811fa3019e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30050.exe

Filesize
468KB

MD5
5d6029887a1e0df7d41f2e6713366c7b

SHA1
660e8bc5fecec1bfe1cf2cd661fb921cad5ee5a9

SHA256
e10c5022209825a2a005bad62b55026cc5ecc09f8a28f97d5d646f25225171b7

SHA512
1e3ef242d0356a5272e8d8c61b8c3b2abf90fd4c8f2186f13a247ab56f36dab8f92d24147958565669c39a82a26e9a51973c86187f576cc0fb865a20e729258e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe

Filesize
468KB

MD5
f90020bc733400878258df4570cdd843

SHA1
5a85749d2668a80d1f39e04c35bd3163b8a56158

SHA256
24f42dc0428d8bff23d65dd083ce20552794c75babe3a9579d38b7c2bfa20af5

SHA512
08fd78233a83d1a62188bb90ead514e163616821e294354db75b2febb9bb6e8876149503b654b9f146dcd4587dfcb9769222ec96f9f64cc43f4f4dbee5af65da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe

Filesize
468KB

MD5
eaf4bd941d6669eaa2a7b8e9077b1b98

SHA1
3aacf6616ec9714da7222f564b533701c985b51c

SHA256
20ea60444473586ce39d6b1c6c7cc5e9183f7f581a526c25f3c848b328c1ec82

SHA512
a72653f741ec86c04ed33b6d16e1cf100a45d6335cd8e2ee0d513a489194ac891cc1c276e6b8b7b87b15d5a9b71cb4d1e31b63dc264880edf44113527f785b9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe

Filesize
468KB

MD5
654814c6506396fec870fa838168646d

SHA1
0d9c59ef63bfc69b6bea92458f422a7c954c59d6

SHA256
0b216821013ff18ec9ff89de1e3d67afcd90c98af7642ac3bb74dfae06914615

SHA512
c11f1a1cadd04d123f98c873d6d21d69af7ec7681c3f46e93b34406cde8ebfb843c5a9489cb8b203ac36e432a9c88d7be72af35d666683e0c57ca1b840ae1e08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe

Filesize
468KB

MD5
6966b600014edd6d42b43bb45f314f97

SHA1
d482098e53db3613fa4ce1dcd683d1e70cb2e9be

SHA256
b43c6e54782ef5c975cd762789521901ebbe6d1398c4a13e00bd1c3bcbde2b33

SHA512
839d8a71cdf681515f082433d87975d409cecf282d34c53078d7abd3e75a060c304797e523984d39eed9c751956907a02d8dc5a3d1d7c96db7c943440f05276b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe

Filesize
468KB

MD5
52ddbb1ba8759b2aab46ac2d079df7cd

SHA1
8bd9165b726861a58ddb7b2c939ea47251b39bee

SHA256
242d826374379b1647e79aa16058e2b72f2b11fe04ee51d6a23bf7f02e5fde67

SHA512
c86c70a57af7c468741a7bede7388cc6ae99f779d6dafcf10efca32491338c1c97a28f7f42df835d0e2aeaadaa0dd136a8eb48912ad9b6d12b2e631190ccf578

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe

Filesize
468KB

MD5
4d8869bbf87a003dc236a86b1893c686

SHA1
2ef97480d2ba1f2656a5d849ed55eafd6495099b

SHA256
80251685aaefea49d72614b3fee3b6ade418f0aa3d61a05a84cc4f1c1b4840e1

SHA512
6f6a514980d7eee001b092f7232b2e4f3b32998cefbf6fa2785840673903c8c3f0a1da7023ba9c6e28780ad8eda31caf6d66fda89fb544855eb3f8f74f442244

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe

Filesize
468KB

MD5
91b7548c00f0443976f21375b6f231d5

SHA1
788443d1f918957d5fd5aa5e123f335a892118cf

SHA256
cf2c7a1a3744289f9a2009a3b9c25db0f2ddd637e387917840261b13e71ab683

SHA512
cea8c6bb88772cd7993d8d9064fb1e4cdadc84e1f2135e20da278bbb352713c2c36ee7ac46f24a307359835b940b4e90439f46aa4567d2da5f3a21e17f7bd8c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55029.exe

Filesize
468KB

MD5
10ac7bcf16f36b3667d90306257c03d3

SHA1
8cdffae4fd8bb23a5de53ce637b801f2e9a298ac

SHA256
8f56de88423d8a92bd96421540e61813b2a2127e8ecbd94849e97a42ace3e7fa

SHA512
0230dc4b4abbb7c194b48dfbc16191861900b13565bb1d902b0734fb767626981dc8489926e8ef961ad9c498b2dc0f31d3ed82d601de0e3aa7b036409a0fb97e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe

Filesize
468KB

MD5
b2e061791d50e2b87da696fa7a7f0b34

SHA1
62c21569c148393e7458b0654faf86b450809c3c

SHA256
2db03d1b8d921f30e173fc87dce1b80ea8ee27dc042d5e07521645622fe8bd5c

SHA512
60ac308b34efec317e843216318638d96c91c4830ad49b8a7e8e9d48ac60c711f84aa94d2c1a070865bb7a6a1ca584d8ebb6aaacfeabbe5a7e764ab68008cda4

Download Submit
memory/344-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/900-165-0x0000000002110000-0x0000000002185000-memory.dmp

Filesize
468KB

Download
memory/900-279-0x0000000002110000-0x0000000002185000-memory.dmp

Filesize
468KB

Download
memory/900-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/900-278-0x0000000002110000-0x0000000002185000-memory.dmp

Filesize
468KB

Download
memory/900-151-0x0000000002110000-0x0000000002185000-memory.dmp

Filesize
468KB

Download
memory/956-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1036-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1144-425-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/1144-145-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1320-405-0x0000000001D90000-0x0000000001E05000-memory.dmp

Filesize
468KB

Download
memory/1320-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1480-353-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/1480-134-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/1480-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1480-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1480-142-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/1480-345-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/1480-11-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/1480-6-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/1528-260-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/1528-258-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/1528-45-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/1664-148-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/1664-164-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/1664-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1664-320-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/1664-318-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/1728-392-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1728-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1728-386-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1844-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1944-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1944-351-0x0000000002400000-0x0000000002475000-memory.dmp

Filesize
468KB

Download
memory/1944-347-0x0000000002400000-0x0000000002475000-memory.dmp

Filesize
468KB

Download
memory/1972-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1972-348-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1972-346-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2016-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2036-704-0x0000000002A70000-0x0000000002BCC000-memory.dmp

Filesize
1.4MB

Download
memory/2036-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2044-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2068-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2140-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2188-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-380-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/2192-368-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/2192-223-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/2192-222-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/2384-357-0x0000000002980000-0x00000000029F5000-memory.dmp

Filesize
468KB

Download
memory/2384-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2384-361-0x0000000002980000-0x00000000029F5000-memory.dmp

Filesize
468KB

Download
memory/2416-195-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2416-349-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2416-196-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2520-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2544-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2608-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-127-0x0000000002410000-0x0000000002485000-memory.dmp

Filesize
468KB

Download
memory/2620-296-0x0000000002410000-0x0000000002485000-memory.dmp

Filesize
468KB

Download
memory/2620-294-0x0000000002410000-0x0000000002485000-memory.dmp

Filesize
468KB

Download
memory/2692-259-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2692-257-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2692-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2728-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2748-378-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/2748-206-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/2748-379-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/2748-90-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/2748-207-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/2748-51-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2768-233-0x00000000023B0000-0x0000000002425000-memory.dmp

Filesize
468KB

Download
memory/2768-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2768-234-0x00000000023B0000-0x0000000002425000-memory.dmp

Filesize
468KB

Download
memory/2768-394-0x00000000023B0000-0x0000000002425000-memory.dmp

Filesize
468KB

Download
memory/2832-244-0x0000000002150000-0x00000000021C5000-memory.dmp

Filesize
468KB

Download
memory/2832-243-0x0000000002150000-0x00000000021C5000-memory.dmp

Filesize
468KB

Download
memory/2832-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2852-306-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2852-303-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2860-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2860-280-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2860-281-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2904-305-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2904-154-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2904-174-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2904-295-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2904-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-20-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2904-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3048-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3060-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download