ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285

Analysis

max time kernel
147s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
Size

468KB
MD5

b48c0a50716c4b261579327d150bcf1e
SHA1

2ea9b83042d92721c387457a99c0a54e86c07c20
SHA256

ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285
SHA512

c8a1cbc06b08d3bbda95acc7440161f3868168b0cc7c396eb3921a0d65b11b34a1fd626cb0f4b6f1cad9d327f03f443c7bc1d20d10580173679e099a4111926f
SSDEEP

3072:iOFEogSxjTTU2bYSB83yqfh3EC3jeBpNP9f1cVf13OVLdQASTXIz:iOSolPU2hBqyqfCnF23OZGAST

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1516	Unicorn-38370.exe
2840	Unicorn-38344.exe
2992	Unicorn-63595.exe
3024	Unicorn-35459.exe
3016	Unicorn-11317.exe
2760	Unicorn-11914.exe
2536	Unicorn-5784.exe
2252	Unicorn-41053.exe
2092	Unicorn-57752.exe
2224	Unicorn-44753.exe
3052	Unicorn-62935.exe
2700	Unicorn-49989.exe
436	Unicorn-29569.exe
1148	Unicorn-5235.exe
2204	Unicorn-25220.exe
2072	Unicorn-58588.exe
2432	Unicorn-9750.exe
2012	Unicorn-10347.exe
1000	Unicorn-65094.exe
640	Unicorn-63056.exe
2688	Unicorn-3310.exe
2000	Unicorn-54971.exe
1560	Unicorn-2049.exe
1780	Unicorn-6730.exe
2280	Unicorn-6730.exe
2324	Unicorn-43414.exe
1132	Unicorn-35127.exe
2388	Unicorn-26196.exe
2868	Unicorn-53170.exe
2336	Unicorn-64675.exe
2884	Unicorn-18852.exe
2724	Unicorn-35978.exe
2588	Unicorn-55941.exe
2772	Unicorn-11089.exe
2472	Unicorn-41384.exe
3040	Unicorn-32133.exe
3044	Unicorn-9282.exe
1260	Unicorn-36793.exe
2016	Unicorn-45324.exe
1312	Unicorn-21609.exe
1768	Unicorn-36791.exe
976	Unicorn-13715.exe
2484	Unicorn-49793.exe
2620	Unicorn-6507.exe
456	Unicorn-30497.exe
1668	Unicorn-29367.exe
1624	Unicorn-21199.exe
472	Unicorn-43709.exe
2648	Unicorn-59299.exe
2384	Unicorn-5749.exe
2468	Unicorn-50939.exe
2980	Unicorn-30881.exe
2844	Unicorn-34219.exe
2728	Unicorn-64343.exe
2592	Unicorn-58213.exe
1064	Unicorn-51577.exe
832	Unicorn-5905.exe
3020	Unicorn-6974.exe
3068	Unicorn-63637.exe
584	Unicorn-13689.exe
612	Unicorn-9373.exe
2244	Unicorn-58614.exe
2260	Unicorn-38748.exe
2584	Unicorn-22363.exe

Loads dropped DLL 64 IoCs

pid	Process
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
1516	Unicorn-38370.exe
1516	Unicorn-38370.exe
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
2840	Unicorn-38344.exe
2840	Unicorn-38344.exe
1516	Unicorn-38370.exe
1516	Unicorn-38370.exe
2992	Unicorn-63595.exe
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
2992	Unicorn-63595.exe
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
3024	Unicorn-35459.exe
3024	Unicorn-35459.exe
2840	Unicorn-38344.exe
2840	Unicorn-38344.exe
3016	Unicorn-11317.exe
3016	Unicorn-11317.exe
1516	Unicorn-38370.exe
1516	Unicorn-38370.exe
2536	Unicorn-5784.exe
2536	Unicorn-5784.exe
2760	Unicorn-11914.exe
2760	Unicorn-11914.exe
2992	Unicorn-63595.exe
2992	Unicorn-63595.exe
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
2252	Unicorn-41053.exe
2252	Unicorn-41053.exe
3024	Unicorn-35459.exe
3024	Unicorn-35459.exe
2092	Unicorn-57752.exe
2092	Unicorn-57752.exe
612	WerFault.exe
612	WerFault.exe
612	WerFault.exe
612	WerFault.exe
612	WerFault.exe
612	WerFault.exe
612	WerFault.exe
612	WerFault.exe
2840	Unicorn-38344.exe
2840	Unicorn-38344.exe
2224	Unicorn-44753.exe
2224	Unicorn-44753.exe
3016	Unicorn-11317.exe
3016	Unicorn-11317.exe
2700	Unicorn-49989.exe
2700	Unicorn-49989.exe
2536	Unicorn-5784.exe
2536	Unicorn-5784.exe
2204	Unicorn-25220.exe
3052	Unicorn-62935.exe
2204	Unicorn-25220.exe
3052	Unicorn-62935.exe
1516	Unicorn-38370.exe
1516	Unicorn-38370.exe
1148	Unicorn-5235.exe
1148	Unicorn-5235.exe
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
612	2992	WerFault.exe	31
2552	436	WerFault.exe	41
2452	1148	WerFault.exe	42
1532	2760	WerFault.exe	34
2132	1560	WerFault.exe	52
2348	1668	WerFault.exe	77
2516	1132	WerFault.exe	56
3248	2696	WerFault.exe	112
3276	2868	WerFault.exe	59

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38908.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
1516	Unicorn-38370.exe
2840	Unicorn-38344.exe
2992	Unicorn-63595.exe
3024	Unicorn-35459.exe
3016	Unicorn-11317.exe
2760	Unicorn-11914.exe
2536	Unicorn-5784.exe
2252	Unicorn-41053.exe
2092	Unicorn-57752.exe
2224	Unicorn-44753.exe
2700	Unicorn-49989.exe
2204	Unicorn-25220.exe
3052	Unicorn-62935.exe
1148	Unicorn-5235.exe
436	Unicorn-29569.exe
2072	Unicorn-58588.exe
2432	Unicorn-9750.exe
2012	Unicorn-10347.exe
1000	Unicorn-65094.exe
640	Unicorn-63056.exe
2000	Unicorn-54971.exe
2324	Unicorn-43414.exe
1132	Unicorn-35127.exe
2688	Unicorn-3310.exe
1780	Unicorn-6730.exe
2388	Unicorn-26196.exe
2868	Unicorn-53170.exe
2336	Unicorn-64675.exe
2280	Unicorn-6730.exe
1560	Unicorn-2049.exe
2884	Unicorn-18852.exe
2772	Unicorn-11089.exe
2724	Unicorn-35978.exe
2588	Unicorn-55941.exe
2472	Unicorn-41384.exe
3040	Unicorn-32133.exe
3044	Unicorn-9282.exe
1260	Unicorn-36793.exe
1312	Unicorn-21609.exe
2016	Unicorn-45324.exe
1768	Unicorn-36791.exe
976	Unicorn-13715.exe
2484	Unicorn-49793.exe
1624	Unicorn-21199.exe
1668	Unicorn-29367.exe
2620	Unicorn-6507.exe
2384	Unicorn-5749.exe
456	Unicorn-30497.exe
2468	Unicorn-50939.exe
2728	Unicorn-64343.exe
472	Unicorn-43709.exe
1064	Unicorn-51577.exe
3068	Unicorn-63637.exe
832	Unicorn-5905.exe
2648	Unicorn-59299.exe
2980	Unicorn-30881.exe
2844	Unicorn-34219.exe
2592	Unicorn-58213.exe
2260	Unicorn-38748.exe
3020	Unicorn-6974.exe
584	Unicorn-13689.exe
2244	Unicorn-58614.exe
612	Unicorn-9373.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 1516	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	29
PID 840 wrote to memory of 1516	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	29
PID 840 wrote to memory of 1516	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	29
PID 840 wrote to memory of 1516	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	29
PID 1516 wrote to memory of 2840	1516	Unicorn-38370.exe	30
PID 1516 wrote to memory of 2840	1516	Unicorn-38370.exe	30
PID 1516 wrote to memory of 2840	1516	Unicorn-38370.exe	30
PID 1516 wrote to memory of 2840	1516	Unicorn-38370.exe	30
PID 840 wrote to memory of 2992	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	31
PID 840 wrote to memory of 2992	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	31
PID 840 wrote to memory of 2992	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	31
PID 840 wrote to memory of 2992	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	31
PID 2840 wrote to memory of 3024	2840	Unicorn-38344.exe	32
PID 2840 wrote to memory of 3024	2840	Unicorn-38344.exe	32
PID 2840 wrote to memory of 3024	2840	Unicorn-38344.exe	32
PID 2840 wrote to memory of 3024	2840	Unicorn-38344.exe	32
PID 1516 wrote to memory of 3016	1516	Unicorn-38370.exe	33
PID 1516 wrote to memory of 3016	1516	Unicorn-38370.exe	33
PID 1516 wrote to memory of 3016	1516	Unicorn-38370.exe	33
PID 1516 wrote to memory of 3016	1516	Unicorn-38370.exe	33
PID 2992 wrote to memory of 2760	2992	Unicorn-63595.exe	34
PID 2992 wrote to memory of 2760	2992	Unicorn-63595.exe	34
PID 2992 wrote to memory of 2760	2992	Unicorn-63595.exe	34
PID 2992 wrote to memory of 2760	2992	Unicorn-63595.exe	34
PID 840 wrote to memory of 2536	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	35
PID 840 wrote to memory of 2536	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	35
PID 840 wrote to memory of 2536	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	35
PID 840 wrote to memory of 2536	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	35
PID 3024 wrote to memory of 2252	3024	Unicorn-35459.exe	36
PID 3024 wrote to memory of 2252	3024	Unicorn-35459.exe	36
PID 3024 wrote to memory of 2252	3024	Unicorn-35459.exe	36
PID 3024 wrote to memory of 2252	3024	Unicorn-35459.exe	36
PID 2840 wrote to memory of 2092	2840	Unicorn-38344.exe	37
PID 2840 wrote to memory of 2092	2840	Unicorn-38344.exe	37
PID 2840 wrote to memory of 2092	2840	Unicorn-38344.exe	37
PID 2840 wrote to memory of 2092	2840	Unicorn-38344.exe	37
PID 3016 wrote to memory of 2224	3016	Unicorn-11317.exe	38
PID 3016 wrote to memory of 2224	3016	Unicorn-11317.exe	38
PID 3016 wrote to memory of 2224	3016	Unicorn-11317.exe	38
PID 3016 wrote to memory of 2224	3016	Unicorn-11317.exe	38
PID 1516 wrote to memory of 3052	1516	Unicorn-38370.exe	39
PID 1516 wrote to memory of 3052	1516	Unicorn-38370.exe	39
PID 1516 wrote to memory of 3052	1516	Unicorn-38370.exe	39
PID 1516 wrote to memory of 3052	1516	Unicorn-38370.exe	39
PID 2536 wrote to memory of 2700	2536	Unicorn-5784.exe	40
PID 2536 wrote to memory of 2700	2536	Unicorn-5784.exe	40
PID 2536 wrote to memory of 2700	2536	Unicorn-5784.exe	40
PID 2536 wrote to memory of 2700	2536	Unicorn-5784.exe	40
PID 2760 wrote to memory of 436	2760	Unicorn-11914.exe	41
PID 2760 wrote to memory of 436	2760	Unicorn-11914.exe	41
PID 2760 wrote to memory of 436	2760	Unicorn-11914.exe	41
PID 2760 wrote to memory of 436	2760	Unicorn-11914.exe	41
PID 2992 wrote to memory of 1148	2992	Unicorn-63595.exe	42
PID 2992 wrote to memory of 1148	2992	Unicorn-63595.exe	42
PID 2992 wrote to memory of 1148	2992	Unicorn-63595.exe	42
PID 2992 wrote to memory of 1148	2992	Unicorn-63595.exe	42
PID 840 wrote to memory of 2204	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	43
PID 840 wrote to memory of 2204	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	43
PID 840 wrote to memory of 2204	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	43
PID 840 wrote to memory of 2204	840	ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe	43
PID 2252 wrote to memory of 2072	2252	Unicorn-41053.exe	44
PID 2252 wrote to memory of 2072	2252	Unicorn-41053.exe	44
PID 2252 wrote to memory of 2072	2252	Unicorn-41053.exe	44
PID 2252 wrote to memory of 2072	2252	Unicorn-41053.exe	44

C:\Users\Admin\AppData\Local\Temp\ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe
"C:\Users\Admin\AppData\Local\Temp\ec60fa4222e2b40f5686e4cac696434dd18ec45bc287f2065f9060785e17d285.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        9⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        10⤵
        Program crash
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        9⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        9⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        8⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16940.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2038.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        7⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        8⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23365.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        7⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        7⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        7⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-755.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        6⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        6⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        6⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        7⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        6⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        6⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        6⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41471.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41470.exe
        8⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
        7⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        7⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        6⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35027.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11399.exe
        5⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58419.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe
        5⤵
        
        PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19832.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        7⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        6⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        6⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        5⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
        6⤵
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        5⤵
        
        PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59952.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35978.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52473.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        7⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        6⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        6⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        5⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
        5⤵
        
        PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20569.exe
        6⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        6⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29679.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        5⤵
        
        PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28353.exe
        5⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
      4⤵
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
        5⤵
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25179.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59678.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
      4⤵
      PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37469.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        7⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        6⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        6⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        6⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        6⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        5⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37386.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        6⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        5⤵
        
        PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        5⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
      4⤵
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        5⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        5⤵
        
        PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
      4⤵
      PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        6⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        6⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
        6⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        5⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28737.exe
        6⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        6⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
      4⤵
      PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
      4⤵
      PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43414.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
      4⤵
      PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
      4⤵
      PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11399.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
    3⤵
    PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
    3⤵
    PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
    3⤵
    PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19489.exe
    3⤵
    PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe
    3⤵
    PID:6000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 220
        5⤵
        Program crash
        
        PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26127.exe
        5⤵
        
        PID:2820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        5⤵
        Program crash
        
        PID:3276
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
      4⤵
      Program crash
      PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29367.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        6⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
        7⤵
        
        PID:5820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        6⤵
        Program crash
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
        5⤵
        
        PID:2776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
        5⤵
        Program crash
        
        PID:2516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
      4⤵
      Program crash
      PID:2452
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        7⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23955.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        7⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        5⤵
        
        PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        5⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        6⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        6⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
        5⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
        6⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        6⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        5⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        5⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
      4⤵
      PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
      4⤵
      PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
      4⤵
      PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
      4⤵
      PID:5272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 220
      4⤵
      Program crash
      PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
    3⤵
    PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50616.exe
    3⤵
    PID:900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22586.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49725.exe
    3⤵
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
    3⤵
    PID:5424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58614.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
      4⤵
      PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
      4⤵
      PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21840.exe
      4⤵
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35404.exe
      4⤵
      PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
      4⤵
      PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
      4⤵
      PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
      4⤵
      PID:5772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
    3⤵
    PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
    3⤵
    PID:1224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
    3⤵
    PID:3880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
    3⤵
    PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
    3⤵
    PID:6128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
      4⤵
      PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
      4⤵
      PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
      4⤵
      PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
      4⤵
      PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
      4⤵
      PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
      4⤵
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
      4⤵
      PID:5288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
    3⤵
    PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
    3⤵
    PID:3240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
    3⤵
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
    3⤵
    PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
    3⤵
    PID:5760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
      4⤵
      PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
      4⤵
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
      4⤵
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
      4⤵
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
    3⤵
    PID:1200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
    3⤵
    PID:3992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
    3⤵
    PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
    3⤵
    PID:5296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
    3⤵
    PID:5524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
    3⤵
    PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
    3⤵
    PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
    3⤵
    PID:5596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36335.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36335.exe
  2⤵
  PID:3196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe
  2⤵
  PID:3544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
  2⤵
  PID:4748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30269.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30269.exe
  2⤵
  PID:5008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
  2⤵
  PID:5668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe

Filesize
468KB

MD5
d0f373b5ae6b68b796f0acabc07fe2b3

SHA1
5bdced7522220bfc1d4a229b494eaef527bcf454

SHA256
a6fbb4067d388509ea25b514c4e53265ddbbd1868a41a299f9046d87a78495fb

SHA512
96f991cbc886e5fc5f153d68e122f79dbbdbba4ec4166648ccdf794e454d161b0428bd5846f17a5f95b16f73b7fff19139259b08ecd1153299e381aee6771c7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe

Filesize
468KB

MD5
735f080a49bd35f3de1e68369bb123d2

SHA1
98834a105a563fba47d250bc1fc932b4be5dbe95

SHA256
db9e2c40ccaca022e029f110c426399f9e0a17b2c2540cc4d40cc6437743fe4c

SHA512
9cfdddf33d37646c6dafa7b9d81e62d2f3fb039fb668f4207b3d99d7891b91c11d0aab7afbc5b096c302d42e88514bf2b979b83170fac994c70dc241a1c57f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe

Filesize
468KB

MD5
81bc7e16a4a8b897e10a4746b1d1c62e

SHA1
d16f612a7adab765758979353b2b3ce808195446

SHA256
6bb8b63c21dd37016eab9b0a3280478b95346bcf1271a0aa70c004eb498f9fe4

SHA512
f0702975cba8351e7fadd077ceb9b55f7e4547a4c3d8d8084a9cd7f76b450b625fa1485bf158c4b0d4f7248e19202e841f29208e5ca11274f32a0277aac3308f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe

Filesize
468KB

MD5
12f0f9d9b7f58a38b7c26b834713aabd

SHA1
d20ab34a627daf149c2fdf3dc682b6e0c2194b16

SHA256
a5296ec8d3035c697f4d0322b89d0d1eeeb20c57f7ddf9f13aa0786e8b8b959c

SHA512
249fabea7e78deb532c1c2307457b9404d69e37663eee1677b910c32c27a3758ae8952f6fd8ff82ff24c1ccdd53a5e2a5c777b4e9e2003bf0c48595b151e69b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe

Filesize
468KB

MD5
2f8541eab38183db8e9b7bf68af01284

SHA1
4a299332b82773089698f430550ac4eec73ee6fb

SHA256
731269b30352703c8b13bcbc470d93b3aeff745f465934aa95fa560b7acb611e

SHA512
ae3cef5f2fa9353f31f785c707dee867de266a2a0b6b98f69aba683b8d5ec79438ac8efc4eab21d9e56f4b5dc8b4db965de1226c74ff3ffc6b10e638415447e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe

Filesize
468KB

MD5
37e9ed8c5b6a4ee9ac2271d54d0d2b6a

SHA1
be950c8140bcc1f17806847a43c3d442efe11b2a

SHA256
6bd2e1dbfe09dafa0aedc6a241657dbd0ece9b87cafbc45e41ce41f2a8bbc42c

SHA512
7e4290108c0f264ffd47c94bd7f8af313e72026798627f33cf1673be8acd3b42eda875cfa195a0902f444dab1320881827c9f43d2e34cd624b1c4b32dbd1d835

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe

Filesize
468KB

MD5
941e00e176ff86e743ce27a21d92dd47

SHA1
7cc07b149faa57e2f625c16613739169afaea2d8

SHA256
f242f1efa2ae7b1b9e196ef6783032855b4457561840c1b2d25399c7e2d33ec2

SHA512
e9c1aa3ccbfe082fa5917308f06b4f4e2080788d33cef6ffa52f0fc9a992442f7d0086331baaaa8f7251c042dd3aaa9d457c466fb5243e5b2009d969deccc689

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe

Filesize
468KB

MD5
d573e7fcce3cb3f2a7e37d60462f6494

SHA1
478f32bb1ac50ab07c33dfb3e2269838f5967bd6

SHA256
c5589ec53ad8be936a1f5de217bd78c52768829d0a02eafc77c02d2f39f4be43

SHA512
3fcde5caee1f206a81924d46d30bb62231cd06c27619ec64dc3481ff0b617beef2b43f72759fc7129dd11f0a80876a640d79816cd0da713032709969ab7efedd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe

Filesize
468KB

MD5
e0ec5ba5d5804d65c920b1c6352e2615

SHA1
7c10b3c07a657b32bb8ab6d27f69d9c2f5aa4dc5

SHA256
96551cc8bca06d09367801adf011f6640f123c31f1bc0f0824fbc9fd7a59d7f2

SHA512
b3fd1131246a8c0774cc6a0dba34aa87d7f0122a931c471a1a8abf8a3842a52b441e5230f75cb5659fcbb859bd6defa0e60a86362882b70f69713329f684dc3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe

Filesize
468KB

MD5
0a83792533dc40db43798b5ddc5fbb31

SHA1
cbf26739abd85f6cb4a3bafabc4b8063218b7313

SHA256
cd23e9a83c3dd8ee524efb02b3b8ca40a62a26d63f022bc6c946f6976195f8f9

SHA512
6da52926df3d51cc23a205f4df6c3e57d477ed314fb450cb62e5c6bafb157976fc16d18d10da5a25edcde05ddc5553c246c8ccfee4d14b062a9727b849d137b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe

Filesize
468KB

MD5
88cea8e3979de80d5fc023dc5a31e269

SHA1
218a44a36c3627751277fa7d40144f1bc84cf37c

SHA256
624f98809e2619e15d6c39cb6c32a311b9398ddca32f579ed37be53a1921c0bb

SHA512
132071ad99533e5e5afa96b21e194052f01e6ad537887ebb465fe575f89886abb77ac50899a0ca29b4718cf02902648161485edb789855735fa3df90449ae33c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe

Filesize
468KB

MD5
8b634a1bf2a5e41e67cc44f61a4e4de2

SHA1
99788c25393787a3774320174406740d7b805828

SHA256
30c53ea620ef6b5bfb99a60f0bcaa61033a01e3fc21b8ea977da6e498de64973

SHA512
241ceb6b29201f0915edc39efe4e98610664a776fa302ad7713cab97d26f8e674e6ae10f1e1104ca57a9ac128c6f052efb4c2f9817a03b72127c5a9b4db952fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe

Filesize
468KB

MD5
a7b46e2e7e869d15ad79a88fa2757a4a

SHA1
af7572cc8e868d4c37bdfa708f98c34c4cd47f7f

SHA256
f9392d63cee3ef98bbc881ebcb062609790dbac4261e7319df5fe543d06662c4

SHA512
d2cba39da65abc3e6fc337d038ddc53e363a95fd8d6c9af09467576eeb1bc339d776ad909d54946b4ead9ca260d90a61e49bde6823f63ae561bd102885275d4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe

Filesize
468KB

MD5
13c83595d6767f8efc7cb6059e254098

SHA1
cce6a89fc3dc7c8a87c572550193f42ed32b501f

SHA256
a1b09249e1c824525a8c67c0a4dc18dec93438cd9fbf54fd45c74dcf9f37e043

SHA512
f8149776dcf18c88413f5daa7e61ff1776b51ed1fa5a2847eb20c202d9fe86643d12956a2b3221f2d6221c3ef897bc88b4571104cf44ef130b4f0678633bfa0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe

Filesize
468KB

MD5
d2f0f35fc9a9d6ce71e86e6ba170b0be

SHA1
f3f2bd5504cd39ca0080e48e7abb31658ade63a9

SHA256
bf0555a05ac3e0a871af9003becbc035212f001202e778651cb55fc40be63c64

SHA512
cb258d86ef6a67428e450cc84887b3857dac65e01abf3728a0270bb3aba7602c2e3908ff2437f3336d4cd1945f9f60378001567aaf0e583a63368bc7828b3d76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe

Filesize
468KB

MD5
7087c8cf27abe292a2e82f453a9d90f3

SHA1
0a814755e07a0e27e460f49087dd909b43f94093

SHA256
9c50149dc71fce8a4c9faa024fcaf972fa19c31b88cfbd110b764570443c4561

SHA512
c0e93236a3c17dcc8d76830ea5518e753730f8397e4cfc35e856e5b581a70d0037a9e4739271467f8d4ff43457f77c84e99807f6a2b41938592b065c705ed25e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe

Filesize
468KB

MD5
521d0fbf21e2fe32ed4e824bbe561568

SHA1
74a5036064fbc26b13ec58fc907542b2e90ff956

SHA256
86650f73ea3a33a11224397857e515b77af39dd000306185c15b60a3f8d40bd7

SHA512
945c2f961685187b5a73d3f132591f553c984950beef79dc7fc53ae872ac67999d2999cfd807bd6853eed5c949b8531754b6a1cf0a9ef27622b4613cd3824191

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe

Filesize
468KB

MD5
72c95ab7e77207e271b1db2e9502d267

SHA1
d845aeec8d78eeb53990e530cd29d6aa32569b58

SHA256
2f1f660bd576132c49a21e42349b9e62e964ed9000e0a50cdff05d6aa9fb7443

SHA512
ae7717988c6a10b2d973a6f597e8abbcb9621d4e1187968421dc5e1531110ea554b0660057ac6a8fc75ec3fd7662f724b0b9e2e09ba87ed60786a4602d5320be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe

Filesize
468KB

MD5
0f4a53c463b7ea234884dfb886ed39cc

SHA1
a82ced732ef9647fa319b7ca57c0fba03a73ced0

SHA256
78eb18a01a8a2f563e1dc69ba27a6abaa2c953190379ef68e2c451510a9870a0

SHA512
a7cf37a09885850eb0c64264f51eac9d2f066ca82ea345e1464f4236b76f0a902e1e7df8e66e42a04eba8f230bf0b8555aa7d23ef6350df2fc4a5a14da5c78fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe

Filesize
468KB

MD5
bf42c0b7f2513e6f8eb5610a9c7f7f92

SHA1
b9a68e489df1e4fc573bb77534c62c526a05b3ca

SHA256
1591b0d2332f774f3553d2d026bf01683469576df502f8eb1760e7c32ecf9bc6

SHA512
cdc5a5137c84e360d3a01e33ea0ef55fa99fd37b45568c9775ac6fe6f1d06f60cee721d80834830b1bd5e2d0106fdbfb526c9a49887c32a2811e175683b6e45a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe

Filesize
468KB

MD5
af68b173a208829e196f5c9be2439f76

SHA1
2bc68a11e5187386ebde84fb733b7b8d50e5e94d

SHA256
a8f8614f4fdb034f7238146bb0a119e2279dcfc9ffd3c5259ed95869fc9ce9cc

SHA512
36a3012d8aa27d140b2f2899981f77c1ad662bdc4141f50a6ab3de91b2a1a666f3974d1ec111328e1d97538b26ba49ae87f424e541dc4eb35b3e9b82aa092d4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe

Filesize
468KB

MD5
06e163d23fe92ede5ffaaa39fb60bf8e

SHA1
85a3f879132238a1d268d65e420ca5e092ab0f9a

SHA256
71d81713a2bbe7dcd4b309680c7395bbb47c85297539ec18da7ad9e3eb9670f3

SHA512
1c2f78ee9daf41f6e74887bf2f2bfddff5d5649baa69099faaa103f813aefc4a18f077a7ff67ad8b83c55afa67be50851c313de344a28f3f0b1412b68306cd4f

Download Submit
memory/436-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/640-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/840-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/840-409-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/840-6-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/840-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/840-309-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/840-78-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/840-301-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/840-36-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/840-181-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/840-175-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1000-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1000-357-0x00000000033E0000-0x0000000003455000-memory.dmp

Filesize
468KB

Download
memory/1132-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1148-295-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/1148-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1148-300-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/1516-23-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/1516-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1516-60-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/1516-292-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/1516-285-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/1516-361-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/1516-129-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/1516-137-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/1516-25-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/1560-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2000-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-332-0x0000000002850000-0x00000000028C5000-memory.dmp

Filesize
468KB

Download
memory/2072-328-0x0000000002850000-0x00000000028C5000-memory.dmp

Filesize
468KB

Download
memory/2092-222-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2092-228-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2092-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2204-280-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/2204-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2204-278-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/2224-244-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2224-384-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2224-249-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2224-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-348-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2252-199-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2252-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-347-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2252-201-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2324-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2336-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-396-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/2472-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-274-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2536-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-270-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2536-145-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2536-139-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2588-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2688-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2700-266-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2700-262-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2700-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2760-323-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2760-159-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2760-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2760-158-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2772-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-390-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2840-242-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2840-49-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2840-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-26-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2868-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2884-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-170-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2992-171-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2992-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-257-0x0000000002900000-0x0000000002975000-memory.dmp

Filesize
468KB

Download
memory/3016-258-0x0000000002900000-0x0000000002975000-memory.dmp

Filesize
468KB

Download
memory/3016-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-206-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/3024-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-214-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/3024-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-405-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/3024-410-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/3040-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-281-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/3052-279-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/3052-138-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download