773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855

Analysis

max time kernel
113s
max time network
20s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
Size

468KB
MD5

ce062d3ca7c2e739bd5616fbd8dcfe1a
SHA1

4b3d57f83fa08c59ca2231be1541007015a10433
SHA256

773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855
SHA512

d1c0d7d645ff908b156a31d2d1b412880a9a27dc55b6ba4c0518199ba8f1e08baedd793fcd05d78ed967ca71d834c5f6f517950f4ce37fa599cf5ee314570538
SSDEEP

3072:fS7Cog70j28UpbY9P33rqfrmoxLV3mZkn+h8Rp5F6AJ:fSOopXUp+PHrqfzsZk+yRp5x

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3056	Unicorn-37842.exe
2924	Unicorn-52004.exe
2668	Unicorn-343.exe
2996	Unicorn-58963.exe
2932	Unicorn-26099.exe
2572	Unicorn-10464.exe
2692	Unicorn-62266.exe
1944	Unicorn-55733.exe
2800	Unicorn-35483.exe
1712	Unicorn-3688.exe
2480	Unicorn-55349.exe
1436	Unicorn-6340.exe
1632	Unicorn-23554.exe
2220	Unicorn-41244.exe
1828	Unicorn-33951.exe
1076	Unicorn-2163.exe
1752	Unicorn-54519.exe
1604	Unicorn-34653.exe
1708	Unicorn-16973.exe
1572	Unicorn-30708.exe
560	Unicorn-35770.exe
776	Unicorn-36839.exe
612	Unicorn-35770.exe
2548	Unicorn-36839.exe
1096	Unicorn-29639.exe
2320	Unicorn-63653.exe
2460	Unicorn-7046.exe
320	Unicorn-6397.exe
1696	Unicorn-52718.exe
2520	Unicorn-21738.exe
2876	Unicorn-6579.exe
2696	Unicorn-45251.exe
2820	Unicorn-8665.exe
2624	Unicorn-949.exe
2892	Unicorn-15484.exe
2504	Unicorn-456.exe
1320	Unicorn-61975.exe
2020	Unicorn-20140.exe
1356	Unicorn-13817.exe
2472	Unicorn-53004.exe
2444	Unicorn-53004.exe
2676	Unicorn-14389.exe
2544	Unicorn-28124.exe
2564	Unicorn-1774.exe
3064	Unicorn-54182.exe
1948	Unicorn-57135.exe
1300	Unicorn-40415.exe
696	Unicorn-19480.exe
1876	Unicorn-26118.exe
896	Unicorn-32712.exe
1792	Unicorn-58178.exe
1324	Unicorn-52620.exe
2120	Unicorn-5915.exe
3036	Unicorn-5915.exe
1028	Unicorn-10129.exe
2724	Unicorn-40700.exe
2684	Unicorn-57301.exe
2168	Unicorn-9911.exe
2612	Unicorn-18965.exe
2896	Unicorn-25096.exe
2752	Unicorn-16165.exe
2836	Unicorn-15495.exe
2600	Unicorn-21758.exe
2420	Unicorn-63435.exe

Loads dropped DLL 64 IoCs

pid	Process
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
3056	Unicorn-37842.exe
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
3056	Unicorn-37842.exe
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
2668	Unicorn-343.exe
2668	Unicorn-343.exe
2924	Unicorn-52004.exe
2924	Unicorn-52004.exe
3056	Unicorn-37842.exe
3056	Unicorn-37842.exe
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
2932	Unicorn-26099.exe
2932	Unicorn-26099.exe
2924	Unicorn-52004.exe
2924	Unicorn-52004.exe
2996	Unicorn-58963.exe
2668	Unicorn-343.exe
2668	Unicorn-343.exe
2996	Unicorn-58963.exe
2692	Unicorn-62266.exe
2692	Unicorn-62266.exe
2572	Unicorn-10464.exe
3056	Unicorn-37842.exe
2572	Unicorn-10464.exe
3056	Unicorn-37842.exe
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
1944	Unicorn-55733.exe
1944	Unicorn-55733.exe
2800	Unicorn-35483.exe
2932	Unicorn-26099.exe
2800	Unicorn-35483.exe
2932	Unicorn-26099.exe
2692	Unicorn-62266.exe
2692	Unicorn-62266.exe
2924	Unicorn-52004.exe
2668	Unicorn-343.exe
2220	Unicorn-41244.exe
2480	Unicorn-55349.exe
1712	Unicorn-3688.exe
1632	Unicorn-23554.exe
2924	Unicorn-52004.exe
2480	Unicorn-55349.exe
1632	Unicorn-23554.exe
2668	Unicorn-343.exe
2220	Unicorn-41244.exe
1712	Unicorn-3688.exe
1436	Unicorn-6340.exe
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
3056	Unicorn-37842.exe
1828	Unicorn-33951.exe
2996	Unicorn-58963.exe
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
3056	Unicorn-37842.exe
1828	Unicorn-33951.exe
2996	Unicorn-58963.exe
1436	Unicorn-6340.exe
2572	Unicorn-10464.exe
2572	Unicorn-10464.exe
1076	Unicorn-2163.exe
1076	Unicorn-2163.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2296	1908	WerFault.exe	149
1584	1084	WerFault.exe	148
1596	1568	WerFault.exe	147
5408	2796	WerFault.exe	120

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25725.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
3056	Unicorn-37842.exe
2924	Unicorn-52004.exe
2668	Unicorn-343.exe
2996	Unicorn-58963.exe
2932	Unicorn-26099.exe
2572	Unicorn-10464.exe
2692	Unicorn-62266.exe
1944	Unicorn-55733.exe
2800	Unicorn-35483.exe
1712	Unicorn-3688.exe
1436	Unicorn-6340.exe
2480	Unicorn-55349.exe
1632	Unicorn-23554.exe
2220	Unicorn-41244.exe
1828	Unicorn-33951.exe
1076	Unicorn-2163.exe
1752	Unicorn-54519.exe
1604	Unicorn-34653.exe
1572	Unicorn-30708.exe
560	Unicorn-35770.exe
2548	Unicorn-36839.exe
1708	Unicorn-16973.exe
612	Unicorn-35770.exe
776	Unicorn-36839.exe
1096	Unicorn-29639.exe
2320	Unicorn-63653.exe
2460	Unicorn-7046.exe
1696	Unicorn-52718.exe
320	Unicorn-6397.exe
2520	Unicorn-21738.exe
2876	Unicorn-6579.exe
2696	Unicorn-45251.exe
2820	Unicorn-8665.exe
2624	Unicorn-949.exe
2892	Unicorn-15484.exe
2504	Unicorn-456.exe
1320	Unicorn-61975.exe
2472	Unicorn-53004.exe
2444	Unicorn-53004.exe
1356	Unicorn-13817.exe
2020	Unicorn-20140.exe
2676	Unicorn-14389.exe
3064	Unicorn-54182.exe
2564	Unicorn-1774.exe
1948	Unicorn-57135.exe
2544	Unicorn-28124.exe
1300	Unicorn-40415.exe
1792	Unicorn-58178.exe
896	Unicorn-32712.exe
696	Unicorn-19480.exe
1876	Unicorn-26118.exe
1324	Unicorn-52620.exe
3036	Unicorn-5915.exe
2120	Unicorn-5915.exe
1028	Unicorn-10129.exe
2684	Unicorn-57301.exe
2724	Unicorn-40700.exe
2168	Unicorn-9911.exe
2612	Unicorn-18965.exe
2896	Unicorn-25096.exe
2752	Unicorn-16165.exe
2836	Unicorn-15495.exe
2600	Unicorn-21758.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3056	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	31
PID 2388 wrote to memory of 3056	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	31
PID 2388 wrote to memory of 3056	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	31
PID 2388 wrote to memory of 3056	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	31
PID 3056 wrote to memory of 2924	3056	Unicorn-37842.exe	32
PID 3056 wrote to memory of 2924	3056	Unicorn-37842.exe	32
PID 3056 wrote to memory of 2924	3056	Unicorn-37842.exe	32
PID 3056 wrote to memory of 2924	3056	Unicorn-37842.exe	32
PID 2388 wrote to memory of 2668	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	33
PID 2388 wrote to memory of 2668	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	33
PID 2388 wrote to memory of 2668	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	33
PID 2388 wrote to memory of 2668	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	33
PID 2668 wrote to memory of 2996	2668	Unicorn-343.exe	34
PID 2668 wrote to memory of 2996	2668	Unicorn-343.exe	34
PID 2668 wrote to memory of 2996	2668	Unicorn-343.exe	34
PID 2668 wrote to memory of 2996	2668	Unicorn-343.exe	34
PID 2924 wrote to memory of 2932	2924	Unicorn-52004.exe	35
PID 2924 wrote to memory of 2932	2924	Unicorn-52004.exe	35
PID 2924 wrote to memory of 2932	2924	Unicorn-52004.exe	35
PID 2924 wrote to memory of 2932	2924	Unicorn-52004.exe	35
PID 3056 wrote to memory of 2692	3056	Unicorn-37842.exe	36
PID 3056 wrote to memory of 2692	3056	Unicorn-37842.exe	36
PID 3056 wrote to memory of 2692	3056	Unicorn-37842.exe	36
PID 3056 wrote to memory of 2692	3056	Unicorn-37842.exe	36
PID 2388 wrote to memory of 2572	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	37
PID 2388 wrote to memory of 2572	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	37
PID 2388 wrote to memory of 2572	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	37
PID 2388 wrote to memory of 2572	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	37
PID 2932 wrote to memory of 1944	2932	Unicorn-26099.exe	38
PID 2932 wrote to memory of 1944	2932	Unicorn-26099.exe	38
PID 2932 wrote to memory of 1944	2932	Unicorn-26099.exe	38
PID 2932 wrote to memory of 1944	2932	Unicorn-26099.exe	38
PID 2924 wrote to memory of 2800	2924	Unicorn-52004.exe	39
PID 2924 wrote to memory of 2800	2924	Unicorn-52004.exe	39
PID 2924 wrote to memory of 2800	2924	Unicorn-52004.exe	39
PID 2924 wrote to memory of 2800	2924	Unicorn-52004.exe	39
PID 2668 wrote to memory of 1712	2668	Unicorn-343.exe	41
PID 2668 wrote to memory of 1712	2668	Unicorn-343.exe	41
PID 2668 wrote to memory of 1712	2668	Unicorn-343.exe	41
PID 2668 wrote to memory of 1712	2668	Unicorn-343.exe	41
PID 2996 wrote to memory of 2480	2996	Unicorn-58963.exe	40
PID 2996 wrote to memory of 2480	2996	Unicorn-58963.exe	40
PID 2996 wrote to memory of 2480	2996	Unicorn-58963.exe	40
PID 2996 wrote to memory of 2480	2996	Unicorn-58963.exe	40
PID 2692 wrote to memory of 1632	2692	Unicorn-62266.exe	42
PID 2692 wrote to memory of 1632	2692	Unicorn-62266.exe	42
PID 2692 wrote to memory of 1632	2692	Unicorn-62266.exe	42
PID 2692 wrote to memory of 1632	2692	Unicorn-62266.exe	42
PID 2572 wrote to memory of 1436	2572	Unicorn-10464.exe	43
PID 2572 wrote to memory of 1436	2572	Unicorn-10464.exe	43
PID 2572 wrote to memory of 1436	2572	Unicorn-10464.exe	43
PID 2572 wrote to memory of 1436	2572	Unicorn-10464.exe	43
PID 3056 wrote to memory of 1828	3056	Unicorn-37842.exe	44
PID 3056 wrote to memory of 1828	3056	Unicorn-37842.exe	44
PID 3056 wrote to memory of 1828	3056	Unicorn-37842.exe	44
PID 3056 wrote to memory of 1828	3056	Unicorn-37842.exe	44
PID 2388 wrote to memory of 2220	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	45
PID 2388 wrote to memory of 2220	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	45
PID 2388 wrote to memory of 2220	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	45
PID 2388 wrote to memory of 2220	2388	773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe	45
PID 1944 wrote to memory of 1076	1944	Unicorn-55733.exe	46
PID 1944 wrote to memory of 1076	1944	Unicorn-55733.exe	46
PID 1944 wrote to memory of 1076	1944	Unicorn-55733.exe	46
PID 1944 wrote to memory of 1076	1944	Unicorn-55733.exe	46

C:\Users\Admin\AppData\Local\Temp\773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe
"C:\Users\Admin\AppData\Local\Temp\773c6236dfa42f3bddfb0d9d37c574a7181e92ffa51be19aae3007e50e684855.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32593.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        7⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
        8⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        7⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        8⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        9⤵
        Program crash
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        8⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6987.exe
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28221.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32031.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        7⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        7⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        6⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        6⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55804.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
        7⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        6⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        7⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        6⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        6⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
        6⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        7⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        7⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        5⤵
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28221.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        7⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        7⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        6⤵
        Executes dropped EXE
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
        7⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        6⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
        6⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        5⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20829.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        5⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        5⤵
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
        5⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9216.exe
        6⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        5⤵
        
        PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
      4⤵
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6761.exe
      4⤵
      PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
      4⤵
      PID:5824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
        6⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
        7⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
        6⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        7⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        6⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        7⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        7⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 148
        7⤵
        Program crash
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        6⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60159.exe
        5⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        5⤵
        
        PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54828.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        5⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        5⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        6⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46375.exe
      4⤵
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        5⤵
        
        PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
      4⤵
      PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
      4⤵
      PID:4236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        6⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        5⤵
        
        PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52620.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        6⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        5⤵
        
        PID:1568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 148
        6⤵
        Program crash
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
      4⤵
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
        5⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        5⤵
        
        PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        5⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        6⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
        5⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61326.exe
        5⤵
        
        PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
      4⤵
      PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
      4⤵
      PID:6100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
    3⤵
    PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
    3⤵
    PID:4328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        7⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        7⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        7⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54182.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
        7⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        6⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8823.exe
        5⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        5⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        7⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55804.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        6⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        5⤵
        
        PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        5⤵
        
        PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
      4⤵
      PID:5808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        5⤵
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36427.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        5⤵
        
        PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
      4⤵
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
      4⤵
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
      4⤵
      PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29639.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        5⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
      4⤵
      PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
      4⤵
      PID:6072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
    3⤵
    PID:1292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52858.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22974.exe
    3⤵
    PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6190.exe
    3⤵
    PID:5668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        6⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 148
        6⤵
        Program crash
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        6⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        6⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48683.exe
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        5⤵
        
        PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
      4⤵
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
      4⤵
      PID:5500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        5⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36427.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        5⤵
        
        PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        5⤵
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
      4⤵
      PID:924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11425.exe
      4⤵
      PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
      4⤵
      PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32693.exe
    3⤵
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
      4⤵
      PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
      4⤵
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
      4⤵
      PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
    3⤵
    PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
    3⤵
    PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8137.exe
    3⤵
    PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
    3⤵
    PID:5340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41244.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41244.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
      4⤵
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
      4⤵
      PID:5768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45109.exe
      4⤵
      PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
    3⤵
    PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
    3⤵
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
    3⤵
    PID:4308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
    3⤵
    PID:5296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
      4⤵
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
      4⤵
      PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
      4⤵
      PID:4404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
    3⤵
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
      4⤵
      PID:6056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
    3⤵
    PID:5332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
    3⤵
    PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
    3⤵
    PID:3852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
    3⤵
    PID:3996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
  2⤵
  PID:1588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
  2⤵
  PID:3604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
  2⤵
  PID:4348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe
  2⤵
  PID:5280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe

Filesize
468KB

MD5
1eb31d68a6195c5ce30170541521ac0a

SHA1
bb96f1559d0c4d4a535635cf065c615d303eb037

SHA256
d75d26e905d0713d4e00f3f8fa86ead8fc45ce1a07477d5998e877c1e36722bd

SHA512
01b2000a4b4dff2bd44dc03cbcf0711c3b6e8dfea52e1fbb46ef50cdf4b22111073efddba1692d0169bc628734966802b6a142fd7aea43a4a67f7316cde50918

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe

Filesize
468KB

MD5
25eed89fc65ad94ccbc53810cbb9e706

SHA1
f48ebdeb127a33cc5517a1b88fd2c34d6d30b4e0

SHA256
ee89316f6d1d43b21b3ffcfad9a77a02534fb1a3eb796998fb79b91ced46b284

SHA512
4dc3449754d4aacdc87e817cfa86177a722d9f5c296b78755390f8c13a968c246a796fee1d5513e82407dfa59bda00e9e0f332aad753eacf5ffe4ee4c7316ba7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe

Filesize
468KB

MD5
482704a62428121dc907d3bd3c4772f4

SHA1
29383f7cb3e3fbbebda5ad25f523412b4cbc31d0

SHA256
9821ae10ae2fcd10e9e8f6bdcd73cde03f09dfa73bd992e6c671cca7a637bae7

SHA512
9796f49b9866bf974b1450f537886aac7067c7780568d31d049f6696e9baa55394935c7c140d96a40c2cb0da4dd4768f147f4482885b37e9c03ba78fbef7a537

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe

Filesize
468KB

MD5
abbb66ef168e3c0f874128392fbc3c52

SHA1
2e43e0c671a845e3ed4fee6bdef49f99e721f0bf

SHA256
74ee7e050d6498358d55f74a7cb667807781a88d822e05dcec9da73dc2353c68

SHA512
7bfd6d363dea65b9dec66824f88b741e4958a57250df2ebe0310faf5899a5ba54e15cc3e09a4c82c6404047ac669a313573c7a4525ba4d9c1d7d3dc3ba9c443a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe

Filesize
468KB

MD5
002ca20f2d02db5fa208739e3c0a737a

SHA1
d87111434e0c04880c19a823f55b4d36bd017e33

SHA256
9fd4a766b648f0f71c0162f093ea3d8ddd020072da892a157896e5ab72c3aab4

SHA512
0dd585a5ef79ee2759ab075b93660319bfc3732d5f34393994c77db1b360fde35873c8eb6a7af211d69fe90c218e5885d673656ca943afcb78675da3ae333686

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe

Filesize
468KB

MD5
7095860e72a5939ae97af655753d2560

SHA1
7bd90ce2ce2ffaca8f77daa16015badc74f8cec6

SHA256
45108c86643603d2e39056f2700c88c7f1779d414872ed78e09855a5ffd3a9d4

SHA512
dd7ab610baefe454b2f12dc21dbce8ba7a4567452b7e330fc168b8497a43c2c66920dc37b78dafdb2effdd22c6fd3b9623c1a6b9ed618527bfe7975bda525d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe

Filesize
468KB

MD5
1a557b78948c012f3032a7fe606a329c

SHA1
4433b61b6ef26c11f59d79d6f57c25871f6a3769

SHA256
e6bf60d627db0d13affcc57acb2605f41f98b9803b769a5653072ac94cf1ebe3

SHA512
662b6350c5bc20a3762dde11e84690b8a9a0f545552715cd68706c3dec22e064051e550542188e42afa2d1ba7fd33fd69a73b5780a354ec384878da58dd695f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe

Filesize
468KB

MD5
4c5ebe22433370cac9ccb953e9141e09

SHA1
b1c2c94be512cb790a71415270b221a83f5d7628

SHA256
ec76dba721d926c0a5ae69bf6accdf589c07c3e5e7f922fc8c578a742e424f4a

SHA512
b6c06733053aa99e7726a9f5601dad78e259a6f1730c97dde8e70b42c67fe1aca211cc185c926f96cee2dcf4118e7db0554b014f3af1a8814982a6e0b759b50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe

Filesize
468KB

MD5
2c48c290f5b6f26e8539be5e6c8557bd

SHA1
f41a1771e07625466b0cfd418bb52101d956f9b5

SHA256
e9464ad7d4b0e8ee2747aedc2e432197b21b8e6974743c91979161fadf9fb3fd

SHA512
80ae6a19f5348b4c325650a9eda092c7bac93d72008c5d0f6d8b392ad9209f1e70ff647114b50a5b99c7633d4b5da44fd668778d277ead429e5132f5e35ec2cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41244.exe

Filesize
468KB

MD5
e553b928b6cb4ca6ebd9a20423eab3bd

SHA1
c06fec7453f44bc0023d54aafdd213f55b402914

SHA256
b6aa518909522aa35ab1e52e74e661150bba6e2c6df65dbc3bb582888aab3985

SHA512
c84b8f0e64579779f82d4f56d4b4ffa97510822f71e6f17afe4c42353153b8328d9de6a6af5f1732e808122bf91386aa7f41f73ad7816b2893d0d82deb1c38dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe

Filesize
468KB

MD5
c2bab2d201d3f39d23059182b0f88442

SHA1
3c8eed3752caa3cb04cb672bcab5d9b2652e6280

SHA256
1a36d3e24576a9abd0f2f561b80ebe3268d994f33784c440e0c8499eff12f1ad

SHA512
8f3d795501a68484642b1d91929074b22b899b5b2aac15ec7aeb1211adfa409eb3921f3599b80de63009260aa08b67f9a7046bc6a4a664e55566777a8840e8a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe

Filesize
468KB

MD5
9060b7b14d7a8b29b742c0cb1212c7b8

SHA1
6ad762b55036117d3b5e9e90a8c041fcf9f1b421

SHA256
3d07bf990f3140ab8bf53c02abc36b34874d61917ba710bc0ecb4aa3d9a6f8cc

SHA512
ecff1017f24e7f164b7db3e2184ae0f0f244bfeeae45b6e61999d4924aca911a424f68bc0e5fca5eb9d235fd35d64be4a4b9da5943371e2e33edeb31648d0a43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe

Filesize
468KB

MD5
78d325c3b15a3757626954d2296f9edf

SHA1
65498762fc7513933ba8f3e0c3bf664b5196c74e

SHA256
04af669d75525ab0d4b46ce1fb762841315b41474c448000c44b1a0df9a569f7

SHA512
604ef56961585ca603ac98307bfb33abb89c5d3ca024701d34ca67ec14452dfcc9fb6a820912d9cfe260b6b0761972df9c6ed482c9a31566eea172e17e58a60f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe

Filesize
468KB

MD5
0a032e2394428af219876b5da0ee9163

SHA1
4f515e76815a87728b87a08ce08fda1b368769c9

SHA256
65be8719107a122b0bbc585dce4783eb3a5203f418eb5ada055192cd751631ee

SHA512
4d32aae75a551b8e7fc9937d3af5b424d62dd60d2ead74eb521869e3452e2be6e865cb4c0cc682df045416ce02a3af921752aa674c39832ab9dd63922218fa03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe

Filesize
468KB

MD5
f783a4f7812916a35bcac4e7ecc808c7

SHA1
4aa1746bf2425743e24b5569ef397eb31a1a2008

SHA256
3daa3f0c686a283ed18322bc0741dcabde8c3bab1037171b050bf93275fbf2d3

SHA512
e569790fc9d7a347f67c9b0c395f2f30e2691a404b3325e2af5802b91d5b9c44645efaf40de161ba5b186bd0abb98a89230cd8bfe79573dcf4f2ccc180c37182

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-343.exe

Filesize
468KB

MD5
e22481fe09cdbac27a624e8d0dab026b

SHA1
60e079998aedef3cb906c434ad3093697a0d8b1c

SHA256
0897146f680890e8a2eba5f19c222313df523dd8cac7d069ad303fee384d23df

SHA512
d67caf014d2aedcdef94feadd4958102198e4dd66e82068d7f37f21304df6e71d5e03a30b7e2d171dab52e02634586a6f27751cd2b721be284089a1ffd5536bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe

Filesize
468KB

MD5
ee680f75def508df6c325483511d0d00

SHA1
43b5be15a2203d98487241c1d1f76b78d852aab5

SHA256
edcbc11cf25ea25fbc0b955989770c527f5d7fca9cd5cd50e480c2f5b0a2eb2c

SHA512
42f4b1bd08fd3de9f8cffbdd642d72fb3759063b883c1f86c755b8f634f8eaa36ac03f516da5116eb5562b7ed694578578956c7ecaaf4658a0c819258b9bf965

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe

Filesize
468KB

MD5
7f154b27b56e172da1246acbf88a2e22

SHA1
f879adeeb0707d5166e61bd3b6903c2a6d396b6b

SHA256
5997721b829f173ba0066401fbb9750af019589c6235442a8854d74156338a11

SHA512
975cf132b6b6b2cd85b225eb1379fc17a8a572b401667771352f163e973a9ae362fbad3da317b2f68e8a16a6b5dd29d01eeecc9777d510fa53ceec5132eb09b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe

Filesize
468KB

MD5
fe6efef351c41f6581efca6ebd66e4cc

SHA1
93665338ba9ce5a869408f9211e2a3aeecbcfc6b

SHA256
9fe87678bdd34a7503d11cf3c737fc7d96337ba1e63a47c08888cf848f73f2f2

SHA512
b9d046b3ddfb17cc6735cc8ab09c165caf7469839354e7c1c462e4ea7b35f202d6e02a16880c9fe9d5d1df9129c1c13c99a9be188ace3d21a014fcbe7b25f041

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe

Filesize
468KB

MD5
3354d27a87a867882320f4b91a17d68b

SHA1
34cb1cf96dab982c3f591fd0cd11529206185577

SHA256
b4906587636903253e97cd93e5b39290da3ce1f84d8a3532af3289e2aefa1504

SHA512
260e94e2cddb505adda413ee0df36b0788cf137a9dd3fca6eb1f0a075a2af327eb478a141dcf360149c743701e3e140654277296fe70eaf9102bc876c22cddd3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe

Filesize
468KB

MD5
ccda3397d3dfa629d0a221e113bcb3c8

SHA1
a1880af08fbfd701cb94c88815eb80fc287e1cff

SHA256
487f3323cd336b07e3a30e76af21ba879fee4d61dce36638622b5410d46edf18

SHA512
3cc884894dcaf657fe3367e78059382a9bbcacdede74fec436229dab9a58577ac05d42698e0018e0d856a2dfd0d4d976eb5e47b512c00b06c5e5edad3e77c60e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe

Filesize
468KB

MD5
26cc65a5d8cfb8038f782f23f4e77dcd

SHA1
e4ed8ca4a12367883278f2655625ce6b9107b71c

SHA256
6593f8bfc7d078979b3476ea5e3f76c7264b8ab90167a7c6fc0b16741d15c29e

SHA512
8caf5e337dd2f6d5f908c7a381fe6192bf3208ae6ba185c0808375a3da7a4b5fd5d210a01676cbcc1c190dddb8d4415984531a0a873783f213dcb3dcba034ecd

Download Submit
memory/320-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/560-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/776-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1076-348-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1076-349-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1096-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1320-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1436-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1436-332-0x0000000003000000-0x0000000003075000-memory.dmp

Filesize
468KB

Download
memory/1436-330-0x0000000003000000-0x0000000003075000-memory.dmp

Filesize
468KB

Download
memory/1572-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1604-385-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/1604-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1604-389-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/1632-257-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/1632-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1696-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-405-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/1712-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1712-254-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/1712-268-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/1752-368-0x0000000001E50000-0x0000000001EC5000-memory.dmp

Filesize
468KB

Download
memory/1752-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1752-369-0x0000000001E50000-0x0000000001EC5000-memory.dmp

Filesize
468KB

Download
memory/1828-321-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1828-325-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1828-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1944-356-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1944-203-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1944-201-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1944-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1944-357-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2220-249-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/2220-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2220-267-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/2320-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-178-0x0000000003430000-0x00000000034A5000-memory.dmp

Filesize
468KB

Download
memory/2388-32-0x0000000003430000-0x00000000034A5000-memory.dmp

Filesize
468KB

Download
memory/2388-11-0x0000000003430000-0x00000000034A5000-memory.dmp

Filesize
468KB

Download
memory/2388-322-0x0000000002900000-0x0000000002975000-memory.dmp

Filesize
468KB

Download
memory/2388-319-0x0000000002900000-0x0000000002975000-memory.dmp

Filesize
468KB

Download
memory/2388-177-0x0000000003430000-0x00000000034A5000-memory.dmp

Filesize
468KB

Download
memory/2388-12-0x0000000002900000-0x0000000002975000-memory.dmp

Filesize
468KB

Download
memory/2388-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2460-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-250-0x0000000002440000-0x00000000024B5000-memory.dmp

Filesize
468KB

Download
memory/2480-266-0x0000000002440000-0x00000000024B5000-memory.dmp

Filesize
468KB

Download
memory/2504-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2520-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-339-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2572-172-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2572-335-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2572-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-164-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2624-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2668-48-0x0000000002B10000-0x0000000002B85000-memory.dmp

Filesize
468KB

Download
memory/2668-49-0x0000000002750000-0x00000000027C5000-memory.dmp

Filesize
468KB

Download
memory/2668-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2668-273-0x0000000002750000-0x00000000027C5000-memory.dmp

Filesize
468KB

Download
memory/2668-258-0x0000000002750000-0x00000000027C5000-memory.dmp

Filesize
468KB

Download
memory/2692-144-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2692-244-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2692-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2692-143-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2696-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2800-228-0x00000000028B0000-0x0000000002925000-memory.dmp

Filesize
468KB

Download
memory/2800-378-0x00000000028B0000-0x0000000002925000-memory.dmp

Filesize
468KB

Download
memory/2800-379-0x00000000028B0000-0x0000000002925000-memory.dmp

Filesize
468KB

Download
memory/2800-223-0x00000000033E0000-0x0000000003455000-memory.dmp

Filesize
468KB

Download
memory/2800-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2924-130-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2924-63-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2924-248-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2924-265-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2924-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2924-62-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2932-98-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2932-226-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2932-97-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2932-229-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2932-399-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2932-395-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2996-145-0x0000000001D80000-0x0000000001DF5000-memory.dmp

Filesize
468KB

Download
memory/2996-51-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2996-328-0x0000000001D80000-0x0000000001DF5000-memory.dmp

Filesize
468KB

Download
memory/2996-142-0x0000000001D80000-0x0000000001DF5000-memory.dmp

Filesize
468KB

Download
memory/3056-323-0x0000000001FB0000-0x0000000002025000-memory.dmp

Filesize
468KB

Download
memory/3056-167-0x0000000001D50000-0x0000000001DC5000-memory.dmp

Filesize
468KB

Download
memory/3056-31-0x0000000001FB0000-0x0000000002025000-memory.dmp

Filesize
468KB

Download
memory/3056-176-0x0000000001D50000-0x0000000001DC5000-memory.dmp

Filesize
468KB

Download
memory/3056-320-0x0000000001FB0000-0x0000000002025000-memory.dmp

Filesize
468KB

Download