d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5c

Analysis

max time kernel
118s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
Size

468KB
MD5

6e7ff3ec8d527d248995ab7cbe8b0630
SHA1

56372168574f10017587fd4c4428a55c53114359
SHA256

d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5c
SHA512

c657e593a138ce0e2e231fa659ac66c5c16293a0a9da77ef15b00a516f18151e1c12e8822cafce4d8cbebcec96d745c844bd71b5e34809866a205a0b7103d9c4
SSDEEP

3072:tXsmogM9wb8U2bYfUz54ffDMnCbTtIXC+mHe3VGnfyVMB/13mHl9:tXloUYU2wU14ffpCx+fyax13m

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
908	Unicorn-21337.exe
2936	Unicorn-2857.exe
2600	Unicorn-22680.exe
1252	Unicorn-62743.exe
2464	Unicorn-1845.exe
3000	Unicorn-62935.exe
1192	Unicorn-31532.exe
2212	Unicorn-7870.exe
2256	Unicorn-27736.exe
2716	Unicorn-56303.exe
336	Unicorn-55814.exe
2708	Unicorn-61944.exe
1440	Unicorn-29080.exe
1056	Unicorn-52634.exe
2124	Unicorn-31144.exe
2192	Unicorn-40813.exe
1516	Unicorn-8362.exe
1844	Unicorn-13532.exe
2788	Unicorn-1866.exe
1964	Unicorn-51332.exe
920	Unicorn-56822.exe
1992	Unicorn-5020.exe
584	Unicorn-11150.exe
2032	Unicorn-40677.exe
1560	Unicorn-4435.exe
2152	Unicorn-11732.exe
2260	Unicorn-48950.exe
2236	Unicorn-29084.exe
2612	Unicorn-60989.exe
2476	Unicorn-13309.exe
2488	Unicorn-32067.exe
2512	Unicorn-38198.exe
2588	Unicorn-37933.exe
1796	Unicorn-10055.exe
1480	Unicorn-2079.exe
2940	Unicorn-30497.exe
2456	Unicorn-60438.exe
1456	Unicorn-26195.exe
604	Unicorn-6329.exe
1496	Unicorn-39424.exe
2960	Unicorn-3951.exe
1096	Unicorn-59861.exe
340	Unicorn-19213.exe
1804	Unicorn-19213.exe
2368	Unicorn-12258.exe
1248	Unicorn-14754.exe
2888	Unicorn-18977.exe
1536	Unicorn-24843.exe
2440	Unicorn-25108.exe
1016	Unicorn-30775.exe
2332	Unicorn-30775.exe
1952	Unicorn-30967.exe
1460	Unicorn-1781.exe
2924	Unicorn-13051.exe
2816	Unicorn-18916.exe
2484	Unicorn-45305.exe
2280	Unicorn-53784.exe
2088	Unicorn-11864.exe
2944	Unicorn-30951.exe
3016	Unicorn-51874.exe
2660	Unicorn-52835.exe
1972	Unicorn-52835.exe
2016	Unicorn-52835.exe
2564	Unicorn-57474.exe

Loads dropped DLL 64 IoCs

pid	Process
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
908	Unicorn-21337.exe
908	Unicorn-21337.exe
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
2936	Unicorn-2857.exe
2936	Unicorn-2857.exe
908	Unicorn-21337.exe
908	Unicorn-21337.exe
2600	Unicorn-22680.exe
2600	Unicorn-22680.exe
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
2936	Unicorn-2857.exe
2936	Unicorn-2857.exe
3000	Unicorn-62935.exe
3000	Unicorn-62935.exe
2600	Unicorn-22680.exe
2600	Unicorn-22680.exe
908	Unicorn-21337.exe
2464	Unicorn-1845.exe
908	Unicorn-21337.exe
2464	Unicorn-1845.exe
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
1192	Unicorn-31532.exe
1192	Unicorn-31532.exe
1252	Unicorn-62743.exe
1252	Unicorn-62743.exe
2212	Unicorn-7870.exe
2212	Unicorn-7870.exe
2936	Unicorn-2857.exe
2936	Unicorn-2857.exe
336	Unicorn-55814.exe
336	Unicorn-55814.exe
908	Unicorn-21337.exe
908	Unicorn-21337.exe
2716	Unicorn-56303.exe
2716	Unicorn-56303.exe
3000	Unicorn-62935.exe
3000	Unicorn-62935.exe
2600	Unicorn-22680.exe
2600	Unicorn-22680.exe
2256	Unicorn-27736.exe
2256	Unicorn-27736.exe
2464	Unicorn-1845.exe
2464	Unicorn-1845.exe
1056	Unicorn-52634.exe
1056	Unicorn-52634.exe
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
1192	Unicorn-31532.exe
2192	Unicorn-40813.exe
2192	Unicorn-40813.exe
1192	Unicorn-31532.exe
2212	Unicorn-7870.exe
2212	Unicorn-7870.exe
3060	WerFault.exe
3060	WerFault.exe
3060	WerFault.exe
3060	WerFault.exe
2124	Unicorn-31144.exe
2124	Unicorn-31144.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3060	1440	WerFault.exe	43
1676	604	WerFault.exe	70

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-75.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8852.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
908	Unicorn-21337.exe
2936	Unicorn-2857.exe
2600	Unicorn-22680.exe
1252	Unicorn-62743.exe
3000	Unicorn-62935.exe
2464	Unicorn-1845.exe
1192	Unicorn-31532.exe
2212	Unicorn-7870.exe
2256	Unicorn-27736.exe
336	Unicorn-55814.exe
2716	Unicorn-56303.exe
2708	Unicorn-61944.exe
1056	Unicorn-52634.exe
1440	Unicorn-29080.exe
2124	Unicorn-31144.exe
2192	Unicorn-40813.exe
1516	Unicorn-8362.exe
1844	Unicorn-13532.exe
1964	Unicorn-51332.exe
2788	Unicorn-1866.exe
920	Unicorn-56822.exe
2152	Unicorn-11732.exe
584	Unicorn-11150.exe
1992	Unicorn-5020.exe
2260	Unicorn-48950.exe
2032	Unicorn-40677.exe
2612	Unicorn-60989.exe
1560	Unicorn-4435.exe
2476	Unicorn-13309.exe
2488	Unicorn-32067.exe
2588	Unicorn-37933.exe
2512	Unicorn-38198.exe
1796	Unicorn-10055.exe
1480	Unicorn-2079.exe
2940	Unicorn-30497.exe
2456	Unicorn-60438.exe
1456	Unicorn-26195.exe
1984	Unicorn-18603.exe
604	Unicorn-6329.exe
1496	Unicorn-39424.exe
2960	Unicorn-3951.exe
1536	Unicorn-24843.exe
1096	Unicorn-59861.exe
1804	Unicorn-19213.exe
340	Unicorn-19213.exe
2440	Unicorn-25108.exe
1248	Unicorn-14754.exe
2368	Unicorn-12258.exe
2888	Unicorn-18977.exe
2332	Unicorn-30775.exe
1016	Unicorn-30775.exe
1952	Unicorn-30967.exe
1460	Unicorn-1781.exe
2816	Unicorn-18916.exe
2924	Unicorn-13051.exe
2484	Unicorn-45305.exe
2280	Unicorn-53784.exe
2088	Unicorn-11864.exe
2944	Unicorn-30951.exe
2660	Unicorn-52835.exe
2564	Unicorn-57474.exe
1972	Unicorn-52835.exe
3016	Unicorn-51874.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 908	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	30
PID 2656 wrote to memory of 908	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	30
PID 2656 wrote to memory of 908	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	30
PID 2656 wrote to memory of 908	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	30
PID 908 wrote to memory of 2936	908	Unicorn-21337.exe	31
PID 908 wrote to memory of 2936	908	Unicorn-21337.exe	31
PID 908 wrote to memory of 2936	908	Unicorn-21337.exe	31
PID 908 wrote to memory of 2936	908	Unicorn-21337.exe	31
PID 2656 wrote to memory of 2600	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	32
PID 2656 wrote to memory of 2600	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	32
PID 2656 wrote to memory of 2600	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	32
PID 2656 wrote to memory of 2600	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	32
PID 2936 wrote to memory of 1252	2936	Unicorn-2857.exe	33
PID 2936 wrote to memory of 1252	2936	Unicorn-2857.exe	33
PID 2936 wrote to memory of 1252	2936	Unicorn-2857.exe	33
PID 2936 wrote to memory of 1252	2936	Unicorn-2857.exe	33
PID 908 wrote to memory of 2464	908	Unicorn-21337.exe	34
PID 908 wrote to memory of 2464	908	Unicorn-21337.exe	34
PID 908 wrote to memory of 2464	908	Unicorn-21337.exe	34
PID 908 wrote to memory of 2464	908	Unicorn-21337.exe	34
PID 2600 wrote to memory of 3000	2600	Unicorn-22680.exe	35
PID 2600 wrote to memory of 3000	2600	Unicorn-22680.exe	35
PID 2600 wrote to memory of 3000	2600	Unicorn-22680.exe	35
PID 2600 wrote to memory of 3000	2600	Unicorn-22680.exe	35
PID 2656 wrote to memory of 1192	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	36
PID 2656 wrote to memory of 1192	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	36
PID 2656 wrote to memory of 1192	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	36
PID 2656 wrote to memory of 1192	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	36
PID 2936 wrote to memory of 2212	2936	Unicorn-2857.exe	37
PID 2936 wrote to memory of 2212	2936	Unicorn-2857.exe	37
PID 2936 wrote to memory of 2212	2936	Unicorn-2857.exe	37
PID 2936 wrote to memory of 2212	2936	Unicorn-2857.exe	37
PID 3000 wrote to memory of 2256	3000	Unicorn-62935.exe	38
PID 3000 wrote to memory of 2256	3000	Unicorn-62935.exe	38
PID 3000 wrote to memory of 2256	3000	Unicorn-62935.exe	38
PID 3000 wrote to memory of 2256	3000	Unicorn-62935.exe	38
PID 2600 wrote to memory of 2716	2600	Unicorn-22680.exe	39
PID 2600 wrote to memory of 2716	2600	Unicorn-22680.exe	39
PID 2600 wrote to memory of 2716	2600	Unicorn-22680.exe	39
PID 2600 wrote to memory of 2716	2600	Unicorn-22680.exe	39
PID 908 wrote to memory of 336	908	Unicorn-21337.exe	40
PID 908 wrote to memory of 336	908	Unicorn-21337.exe	40
PID 908 wrote to memory of 336	908	Unicorn-21337.exe	40
PID 908 wrote to memory of 336	908	Unicorn-21337.exe	40
PID 2464 wrote to memory of 2708	2464	Unicorn-1845.exe	41
PID 2464 wrote to memory of 2708	2464	Unicorn-1845.exe	41
PID 2464 wrote to memory of 2708	2464	Unicorn-1845.exe	41
PID 2464 wrote to memory of 2708	2464	Unicorn-1845.exe	41
PID 2656 wrote to memory of 1056	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	42
PID 2656 wrote to memory of 1056	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	42
PID 2656 wrote to memory of 1056	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	42
PID 2656 wrote to memory of 1056	2656	d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe	42
PID 1192 wrote to memory of 1440	1192	Unicorn-31532.exe	43
PID 1192 wrote to memory of 1440	1192	Unicorn-31532.exe	43
PID 1192 wrote to memory of 1440	1192	Unicorn-31532.exe	43
PID 1192 wrote to memory of 1440	1192	Unicorn-31532.exe	43
PID 1252 wrote to memory of 2124	1252	Unicorn-62743.exe	44
PID 1252 wrote to memory of 2124	1252	Unicorn-62743.exe	44
PID 1252 wrote to memory of 2124	1252	Unicorn-62743.exe	44
PID 1252 wrote to memory of 2124	1252	Unicorn-62743.exe	44
PID 2212 wrote to memory of 2192	2212	Unicorn-7870.exe	45
PID 2212 wrote to memory of 2192	2212	Unicorn-7870.exe	45
PID 2212 wrote to memory of 2192	2212	Unicorn-7870.exe	45
PID 2212 wrote to memory of 2192	2212	Unicorn-7870.exe	45

C:\Users\Admin\AppData\Local\Temp\d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe
"C:\Users\Admin\AppData\Local\Temp\d0fd307c6de03fc42826fb5df2a7cf3003b040bc8185ff028d3c0f3d3d130f5cN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        7⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        7⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
        6⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        6⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        6⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe
        7⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48272.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63707.exe
        7⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        7⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        6⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
        6⤵
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
        5⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-75.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-75.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59733.exe
        5⤵
        
        PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48950.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14297.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41220.exe
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        7⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26884.exe
        7⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37662.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        7⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
        7⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64006.exe
        7⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe
        6⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44795.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9780.exe
        6⤵
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        6⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe
        5⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60874.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44723.exe
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 220
        6⤵
        Program crash
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8018.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36129.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-223.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        5⤵
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31843.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
      4⤵
      PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65014.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
      4⤵
      PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
        6⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        6⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        6⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
        5⤵
        
        PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        5⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        6⤵
        Executes dropped EXE
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        6⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        6⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        6⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        6⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39607.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11449.exe
        5⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        6⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
      4⤵
      PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
      4⤵
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
      4⤵
      PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64174.exe
        6⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6608.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        6⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        5⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
        6⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        5⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
        5⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        5⤵
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6970.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        5⤵
        
        PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
      4⤵
      PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
      4⤵
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54593.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
      4⤵
      PID:5128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        5⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62719.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        6⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        5⤵
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        5⤵
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
      4⤵
      PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
      4⤵
      PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
      4⤵
      PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
      4⤵
      PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
      4⤵
      PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
      4⤵
      PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
      4⤵
      PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
    3⤵
    PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30697.exe
    3⤵
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51517.exe
    3⤵
    PID:4836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        7⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        7⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
        6⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        7⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        6⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        6⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55157.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
        5⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
        5⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48460.exe
        5⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
        5⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        5⤵
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        5⤵
        
        PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        6⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        6⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        5⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        6⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
        7⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41537.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25075.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3773.exe
        5⤵
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
        5⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        6⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        6⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        5⤵
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59395.exe
      4⤵
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
        5⤵
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
      4⤵
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
      4⤵
      PID:6092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58538.exe
        6⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        6⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        6⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        5⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22771.exe
        6⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        6⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        6⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        5⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        5⤵
        
        PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
      4⤵
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52397.exe
      4⤵
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44723.exe
      4⤵
      PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29483.exe
        5⤵
        
        PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        5⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
        5⤵
        
        PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
      4⤵
      PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
      4⤵
      PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
      4⤵
      PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
      4⤵
      PID:5272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
    3⤵
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6493.exe
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
    3⤵
    PID:3376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
    3⤵
    PID:3620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
    3⤵
    PID:5244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1440
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
    3⤵
    - Executes dropped EXE
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
        5⤵
        
        PID:796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
      4⤵
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        5⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
        5⤵
        
        PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
      4⤵
      PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
      4⤵
      PID:5912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
      4⤵
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
      4⤵
      PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
      4⤵
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
      4⤵
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
      4⤵
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
      4⤵
      PID:5736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
    3⤵
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37662.exe
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25673.exe
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
      4⤵
      PID:5632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
    3⤵
    PID:1128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
    3⤵
    PID:4012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
    3⤵
    PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4435.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
      4⤵
      PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65174.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
      4⤵
      PID:5416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
    3⤵
    PID:1212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
    3⤵
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
    3⤵
    PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
    3⤵
    PID:5972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
    3⤵
    PID:612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
    3⤵
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
    3⤵
    PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
    3⤵
    PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
    3⤵
    PID:5304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
  2⤵
  PID:1040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
  2⤵
  PID:3108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
  2⤵
  PID:4292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29615.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29615.exe
  2⤵
  PID:6040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe

Filesize
468KB

MD5
e71e63d4352ccd026f504b181af63f40

SHA1
ade9dcb8fa7d24a8f172f628a5645f91fae42d3b

SHA256
f321971a8e95c50a4f600ec825de469ccb4d0fce97b2cf5615311bfa94dd4f11

SHA512
07fd2ae1d9c8f4d3651cb5722defc76ebb22cdf93b8a10866c5087c9931a670953f5791cc9530505adeb1ab3085a547022d6c9548264a003099321c03f6a7d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe

Filesize
468KB

MD5
80ec32d3831a0f7d8248d58f1b93bc90

SHA1
83f7e63fa8ced33e57406c93638f3ded660f42cf

SHA256
b6e2e83d478ab3c2b26d0fbed774c67083279203dcd69488cef09364f44a6fcf

SHA512
5bfa22b026f28a3b20dcb028fc4cd1d69075621a446e8c3cd1a28eb9698cdaf44c79efcfbe826b199bd30bfff1781502352ff368f7d0d65f5cce0856dd94648b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe

Filesize
468KB

MD5
b6504ea089f673633ec59ed5701b1275

SHA1
ddc1031168bf7c24cd5746849b8774db8eab8764

SHA256
fd2bb345d47b373b4de2c85208469151b27c3496791ec97e94a70fff70e02795

SHA512
90fc01770da6900d424db614bf14a9561f937785c868f6dd5f24fd1a9d4e2342e1087fa4d9fb524449f23255a8f27fe362ccd119a5cc1d714b4ae8f755c8ed1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe

Filesize
468KB

MD5
83cfdea2c410d70194fa82db9eeda996

SHA1
24f86668a7eb481cc11662e586b584d984487bfc

SHA256
13a80c7816e8076117477e7df94231edd4dc6015eb3181551796a398f0675bee

SHA512
47aff728a0224610c74670d0e919dfdb942fa7db663580087cdc4e102c01bb93e2c1464a8169ea25ecad9fb4e919aab2ee7b8274d429f3d48e437cb6ffafa40c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe

Filesize
468KB

MD5
28616f0691ba59448db77a1a8ea24ba6

SHA1
9310ad31fc6224939ac0d03d9019e2387cdf6a8d

SHA256
b78f36eec5b0b9454d3fe4d736b3723625e4adcebbf9697175f13f06c8623f6b

SHA512
ef58d2a4a03d3126fa92b06ce8e06f759e5a200787e21a5e4184716d68d02e0f8858eeae9887e3bed65880814ae74e9306584439a0692d9069888daded7903eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe

Filesize
468KB

MD5
f52aa41c8223d11644e873413b1fcb30

SHA1
dc1709340bb96f8c015c323fd70a2799ee9e276e

SHA256
847313f23a326d5bf261d53db334153fd8f68add12e954e43945e3bcb02d9ad8

SHA512
28647b68cf66a8e5627493b736cfe50368a50a26be9dbb6bf7952b6ddbc17766a9af68aee517b32e343128ed222f7998e20dda39fddc51bd4a15bbeb5274ee4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-75.exe

Filesize
468KB

MD5
790440490289e368cdbe1870f2c3e5dd

SHA1
faef103e84130b2cdb26d4ef31f1d223c526dc1d

SHA256
9bfaf849b270a60e9d733c00cf2ea6aea12514793eafc76b64ea429cec5bcb86

SHA512
fef410193e734f80f8bbc289635289f1fa9778a7221f5dfa2846d9119758cea3ddc587c9ae72057918dce2fdaa0acd1be2e4e451c613fb6ac9045bf2e55a6389

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe

Filesize
468KB

MD5
1b9ef8db5a2a7c35b7344af98aca4a72

SHA1
5bea8e594853577e752ba64f46b844144f8ae797

SHA256
286356cd0c90588f4bc0798ce6ef27c14423e6083d50cdf3fdb28dfc336e4082

SHA512
0fd045a47c2aa367beca966b14c012440b3660458e24151eee371839144f3bc34e891edbc564a5a396d295940b379c5c03f3d4aaa906fb14fc09f797f597d98a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe

Filesize
468KB

MD5
2d107a5a5a0fdc136c2633b9a9456d20

SHA1
ab354b5529f450432a8a97f8b883facd4d415a95

SHA256
7c715e0f13570c43269eca1433dfe66c7b17d65564ab85b8ab8ec5242f7a4537

SHA512
4ded97dbdb4ed1f03918178f32bed21698f78e293ea51cf073677a37c630e08747b2fe6dcd4cae917f6f699101477ed15487f4a199a67ac41c9e3c973b652922

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe

Filesize
468KB

MD5
bc75aa6572d23d12307dcfa1922d9c9c

SHA1
6bfa92b25725574628fca40c2104e738d78f1cf1

SHA256
d71160e287739d5bf83520a38abbcb6ecb5f75284ea7626d6a72511867daa721

SHA512
406d6f4aa3cc871aea79b2a3047ea757d49e0b09e4fd9874c5f925c5ff2759c57d70ee8d50cf60a6b04e34c806404c01d401cafd3dbeb63ff90ff3b3f99fac56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe

Filesize
468KB

MD5
46b2dd1228f3c64a6911dbfff1b24281

SHA1
92a0367607cf2a2317b04ad787f38adc1ab39777

SHA256
15b9f1de4e503d2c487fabc9abbc3267c527fe6dd388de771491f9eedf060e49

SHA512
494ea6884d152749af02b0943208a8fe668324de89b76eb2cf7e73167fff8763ad3fcca5a9dda6db4714d9ab69d54379b40861220b383f9b0dd0d070e92f079d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe

Filesize
468KB

MD5
c688862c05aabcd93e49dd14f49a6efe

SHA1
a99493e70d9d73061b95bb2beb792f1b9e25da6c

SHA256
0d9c1db0443f9df1b20c9f119a600075492d2675b3326a76d7b4721c5e0cf163

SHA512
2a6e90eef76f3170073f6c715fcd7c3206c2ffa947b3a8772d73ddd92dee0f81296f3a5c5ac2ad97768b9185585d25e7edabeafae472c3027df1b86b191f7024

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe

Filesize
468KB

MD5
dbaa7aa816437a9f79105903b0e5641c

SHA1
90325de9da2bcbc633168b951b8cc736065c20b0

SHA256
6e5e409790326ee5b72140989f75f2ddd44f2353c9d5ed9112eb63d1b4f6e517

SHA512
95406685eb0a8e0b22b0cfe3d994a943b3bfffe86c3dea39f3d45d08f4d282ae068c4b359863638172cecacd3d0b8a05b380ad4d863e752265de8cd84366c391

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe

Filesize
468KB

MD5
acba90d3c64f2bb2d2a27051a0d5d67c

SHA1
7301c94ab9020721534a50328345c95e8d208435

SHA256
339844b2ec8d4e07cd8f158052751b54e438d61970a66a921b3b156ceb04cd60

SHA512
5975f599d7a66d1e11efe2f7235535ad6b0a5ea7da2e50acc0bbe304af0c88ce9d94546e64ed845f96bf878024cd2ecab13235515529f1632e572d09e8e3823e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe

Filesize
468KB

MD5
e6bf4156cc3938c2f55408eda9bfa3c4

SHA1
6f07e53a7ef1d337c9984e53156aa7326586ad5c

SHA256
994a6033d01571451b9dbc6a24ee767ae7cf50885e3dc3246aebaf9821705d2e

SHA512
a164d1bc3e7e6e921d0409df2c6cc7c506c8f06aae1ea9f247197ba8598d3f83176b91f898823b5eae4b0dd52f94a89f37b025f16a624dc55df377786cfc360b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe

Filesize
468KB

MD5
0e4b20da1a891656515c16be756cd1ff

SHA1
a6dfc70e041f30e57b322f3dc91f65ba48d536a6

SHA256
636024d7e1618f4bc1205ed9ae7098e7f36c9131b66c4b8fabc726f1c443fc45

SHA512
1c049f715634cf276055b3a63a956c6730c27e737d70282f8036c43f1fe561dda7b2471351f1f7f76b1f72529c41c9f5450fdd4c47d597ebb7f1657edcdc4b55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe

Filesize
468KB

MD5
9d93d74581d53e137332f7af0a690ad0

SHA1
42545af434c9de303b2a81b7547c0047afc704fe

SHA256
4c763e5fde3950f6582a36edce3ae97205c21df87c0a7b9bf6cb4cacc695c42e

SHA512
31f0ee7921f05c07adc296e9ed2d9af817157ef0f7e30091b41df1f4bdb2cc7d4fc2c786a731b936d20bf494a959faf56ddec8c993a5b433c74d7fef19414d01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe

Filesize
468KB

MD5
6e4942d2f2cc975467a51b679c2a9b16

SHA1
433fe84245ae5fe6e7fbd56b35cac7ed4fae3df4

SHA256
1b5fc0a9f03a087dbb7bcc95d14d8ad659e9deba0bc982505e5e76d422f290fd

SHA512
a9d82ad1c0a9e162fd0181128091bc5760285477a6cc949cc0a059c4e66deaf0adcf55e05af1b52f9bb8d5161ec577b8f6027c8c6767cb45163336dd31973b14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe

Filesize
468KB

MD5
e3c45fa1abf95cd95585f16d08c3d906

SHA1
6558bcc18144afe7ad48b533a821ad74ce192182

SHA256
c129dd43ad8adb35eb163cf548ad9257b7992d5cf122b52b8929063d80cc1d91

SHA512
1558c63ac8753fd93eaae143047bc3c5f2ba7bca41e81528fa3e38a7886fc02e3de8a8e09ab8c04350973bfeb7615d5fa8db019b95a3f663e02cb95b395d272d

Download Submit
memory/336-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/336-225-0x0000000000520000-0x0000000000595000-memory.dmp

Filesize
468KB

Download
memory/336-223-0x0000000000520000-0x0000000000595000-memory.dmp

Filesize
468KB

Download
memory/584-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/604-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/908-237-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/908-143-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/908-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/908-236-0x00000000033C0000-0x0000000003435000-memory.dmp

Filesize
468KB

Download
memory/908-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/908-386-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/908-26-0x00000000033C0000-0x0000000003435000-memory.dmp

Filesize
468KB

Download
memory/908-137-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/920-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1056-291-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/1056-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1056-286-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/1192-169-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1192-311-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1192-312-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1192-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1252-347-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1252-184-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1252-183-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1252-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1440-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1480-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1516-430-0x0000000001E60000-0x0000000001ED5000-memory.dmp

Filesize
468KB

Download
memory/1516-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1560-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1796-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1844-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1844-358-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/1964-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1984-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1992-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2032-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2124-340-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2124-336-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2124-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-313-0x0000000001CD0000-0x0000000001D45000-memory.dmp

Filesize
468KB

Download
memory/2192-314-0x0000000001CD0000-0x0000000001D45000-memory.dmp

Filesize
468KB

Download
memory/2212-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2212-192-0x00000000027E0000-0x0000000002855000-memory.dmp

Filesize
468KB

Download
memory/2212-324-0x00000000027E0000-0x0000000002855000-memory.dmp

Filesize
468KB

Download
memory/2212-325-0x00000000027E0000-0x0000000002855000-memory.dmp

Filesize
468KB

Download
memory/2212-198-0x00000000027E0000-0x0000000002855000-memory.dmp

Filesize
468KB

Download
memory/2236-414-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2236-415-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2256-275-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2256-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2260-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2456-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2464-279-0x00000000027B0000-0x0000000002825000-memory.dmp

Filesize
468KB

Download
memory/2464-140-0x00000000027B0000-0x0000000002825000-memory.dmp

Filesize
468KB

Download
memory/2464-139-0x00000000027B0000-0x0000000002825000-memory.dmp

Filesize
468KB

Download
memory/2464-59-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2464-284-0x00000000027B0000-0x0000000002825000-memory.dmp

Filesize
468KB

Download
memory/2464-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2488-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2600-69-0x0000000003A20000-0x0000000003A95000-memory.dmp

Filesize
468KB

Download
memory/2600-274-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2600-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2600-113-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2600-273-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2612-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-167-0x0000000001EF0000-0x0000000001F65000-memory.dmp

Filesize
468KB

Download
memory/2656-168-0x0000000001EF0000-0x0000000001F65000-memory.dmp

Filesize
468KB

Download
memory/2656-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-10-0x0000000001EF0000-0x0000000001F65000-memory.dmp

Filesize
468KB

Download
memory/2656-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-368-0x0000000001EF0000-0x0000000001F65000-memory.dmp

Filesize
468KB

Download
memory/2656-297-0x0000000001EF0000-0x0000000001F65000-memory.dmp

Filesize
468KB

Download
memory/2656-11-0x0000000001EF0000-0x0000000001F65000-memory.dmp

Filesize
468KB

Download
memory/2656-298-0x0000000001EF0000-0x0000000001F65000-memory.dmp

Filesize
468KB

Download
memory/2656-28-0x0000000001EF0000-0x0000000001F65000-memory.dmp

Filesize
468KB

Download
memory/2708-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2716-246-0x00000000024C0000-0x0000000002535000-memory.dmp

Filesize
468KB

Download
memory/2716-247-0x00000000024C0000-0x0000000002535000-memory.dmp

Filesize
468KB

Download
memory/2788-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-429-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/2936-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2936-48-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2936-211-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2936-210-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2936-97-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2936-363-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2936-349-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2940-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-271-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download
memory/3000-269-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download