79fdd0ae0cf228046fddb0dd44caee0f93671c02cfe3a8adfc64bf562394560f

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe
Size

184KB
MD5

5d8ab8e55665281843835ec247af6000
SHA1

8f5a8aaef20ed6b7db14c47ff8783100f4179bfa
SHA256

79fdd0ae0cf228046fddb0dd44caee0f93671c02cfe3a8adfc64bf562394560f
SHA512

0cab13bc1825833009c7fb523eb3da326a4cc3fbce5787dd125830d5847b2a448825080e55b76b1174c05fa02a9212157eb5d66ef10ad7c46f9ec30a8df998b8
SSDEEP

3072:cDCnumoywjobdodtNc35yHbelvnqhviuAnR:cD6o4BodK5EbelPqhviuA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-20318.exeUnicorn-41890.exeUnicorn-57904.exeUnicorn-23691.exeUnicorn-26383.exeUnicorn-32928.exeUnicorn-47794.exeUnicorn-30572.exeUnicorn-54884.exeUnicorn-35018.exeUnicorn-57991.exeUnicorn-64121.exeUnicorn-51355.exeUnicorn-5418.exeUnicorn-5683.exeUnicorn-31003.exeUnicorn-40794.exeUnicorn-34018.exeUnicorn-57323.exeUnicorn-24973.exeUnicorn-24266.exeUnicorn-44132.exeUnicorn-44132.exeUnicorn-51323.exeUnicorn-48523.exeUnicorn-57453.exeUnicorn-9876.exeUnicorn-33561.exeUnicorn-27695.exeUnicorn-51698.exeUnicorn-2175.exeUnicorn-2305.exeUnicorn-42269.exeUnicorn-5896.exeUnicorn-64334.exeUnicorn-10072.exeUnicorn-38569.exeUnicorn-18703.exeUnicorn-42653.exeUnicorn-15517.exeUnicorn-26792.exeUnicorn-65273.exeUnicorn-38076.exeUnicorn-38076.exeUnicorn-55481.exeUnicorn-150.exeUnicorn-28516.exeUnicorn-32600.exeUnicorn-62010.exeUnicorn-5138.exeUnicorn-48117.exeUnicorn-22916.exeUnicorn-2943.exeUnicorn-16678.exeUnicorn-2943.exeUnicorn-59757.exeUnicorn-25915.exeUnicorn-42906.exeUnicorn-38268.exeUnicorn-56249.exeUnicorn-40467.exeUnicorn-55180.exeUnicorn-39398.exeUnicorn-10255.exe

pid	process
3420	Unicorn-20318.exe
860	Unicorn-41890.exe
5024	Unicorn-57904.exe
3184	Unicorn-23691.exe
4220	Unicorn-26383.exe
3380	Unicorn-32928.exe
2652	Unicorn-47794.exe
4028	Unicorn-30572.exe
1564	Unicorn-54884.exe
680	Unicorn-35018.exe
8	Unicorn-57991.exe
4760	Unicorn-64121.exe
2084	Unicorn-51355.exe
2120	Unicorn-5418.exe
4836	Unicorn-5683.exe
2988	Unicorn-31003.exe
640	Unicorn-40794.exe
4816	Unicorn-34018.exe
2484	Unicorn-57323.exe
3156	Unicorn-24973.exe
4980	Unicorn-24266.exe
2804	Unicorn-44132.exe
3948	Unicorn-44132.exe
1540	Unicorn-51323.exe
1196	Unicorn-48523.exe
2100	Unicorn-57453.exe
3656	Unicorn-9876.exe
1200	Unicorn-33561.exe
1360	Unicorn-27695.exe
2692	Unicorn-51698.exe
3756	Unicorn-2175.exe
4752	Unicorn-2305.exe
392	Unicorn-42269.exe
2984	Unicorn-5896.exe
4636	Unicorn-64334.exe
4228	Unicorn-10072.exe
436	Unicorn-38569.exe
2852	Unicorn-18703.exe
1892	Unicorn-42653.exe
3676	Unicorn-15517.exe
4912	Unicorn-26792.exe
972	Unicorn-65273.exe
1684	Unicorn-38076.exe
4316	Unicorn-38076.exe
4664	Unicorn-55481.exe
3684	Unicorn-150.exe
2824	Unicorn-28516.exe
3776	Unicorn-32600.exe
3056	Unicorn-62010.exe
1180	Unicorn-5138.exe
4428	Unicorn-48117.exe
3632	Unicorn-22916.exe
808	Unicorn-2943.exe
2960	Unicorn-16678.exe
2936	Unicorn-2943.exe
3476	Unicorn-59757.exe
1096	Unicorn-25915.exe
856	Unicorn-42906.exe
4056	Unicorn-38268.exe
5076	Unicorn-56249.exe
2864	Unicorn-40467.exe
3528	Unicorn-55180.exe
3140	Unicorn-39398.exe
3732	Unicorn-10255.exe

Program crash 56 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3624	2084	WerFault.exe	Unicorn-51355.exe
2336	4760	WerFault.exe	Unicorn-64121.exe
1340	3656	WerFault.exe	Unicorn-9876.exe
4236	1200	WerFault.exe	Unicorn-33561.exe
1016	4980	WerFault.exe	Unicorn-24266.exe
5084	680	WerFault.exe	Unicorn-35018.exe
5332	1892	WerFault.exe	Unicorn-42653.exe
5248	4316	WerFault.exe	Unicorn-38076.exe
5520	4836	WerFault.exe	Unicorn-5683.exe
5740	972	WerFault.exe	Unicorn-65273.exe
7016	3732	WerFault.exe	Unicorn-10255.exe
6928	1876	WerFault.exe	Unicorn-11324.exe
6580	5448	WerFault.exe	Unicorn-1594.exe
6596	5380	WerFault.exe	Unicorn-33198.exe
6932	2936	WerFault.exe	Unicorn-2943.exe
7464	5856	WerFault.exe	Unicorn-1464.exe
8300	2100	WerFault.exe	Unicorn-57453.exe
9340	5888	WerFault.exe	Unicorn-21330.exe
8436	2852	WerFault.exe	Unicorn-18703.exe
7484	6016	WerFault.exe	Unicorn-37401.exe
10164	2824	WerFault.exe	Unicorn-28516.exe
10168	808	WerFault.exe	Unicorn-2943.exe
11004	4664	WerFault.exe	Unicorn-55481.exe
11964	5792	WerFault.exe	Unicorn-19275.exe
12372	6536	WerFault.exe	Unicorn-1650.exe
6996	3140	WerFault.exe	Unicorn-39398.exe
8484	3676	WerFault.exe	Unicorn-15517.exe
11600	12108	WerFault.exe	Unicorn-7930.exe
13524	3056	WerFault.exe	Unicorn-62010.exe
11700	6584	WerFault.exe	Unicorn-38680.exe
13512	7528	WerFault.exe	Unicorn-58430.exe
13712	7252	WerFault.exe	Unicorn-10525.exe
14476	4028	WerFault.exe	Unicorn-30572.exe
14356	6492	WerFault.exe	Unicorn-24855.exe
16252	5700	WerFault.exe	Unicorn-7878.exe
16136	2748	WerFault.exe	Unicorn-13882.exe
5032	5556	WerFault.exe	Unicorn-34843.exe
16252	7124	WerFault.exe	Unicorn-10296.exe
16344	7832	WerFault.exe	Unicorn-7309.exe
4680	7648	WerFault.exe	Unicorn-5886.exe
212	6440	WerFault.exe	Unicorn-48952.exe
16256	5388	WerFault.exe	Unicorn-40572.exe
7768	5260	WerFault.exe	Unicorn-57915.exe
17004	6140	WerFault.exe	Unicorn-22098.exe
536	4912	WerFault.exe	Unicorn-26792.exe
4308	2484	WerFault.exe	Unicorn-57323.exe
212	7080	WerFault.exe	Unicorn-51417.exe
16684	6320	WerFault.exe	Unicorn-50727.exe
16404	7972	WerFault.exe	Unicorn-13265.exe
1912	4228	WerFault.exe	Unicorn-10072.exe
16600	16432	WerFault.exe	Unicorn-6500.exe
2440	7604	WerFault.exe	Unicorn-22825.exe
4340	7028	WerFault.exe	Unicorn-4807.exe
5240	3756	WerFault.exe	Unicorn-2175.exe
2820	6816	WerFault.exe	Unicorn-34475.exe
6124	7684		Unicorn-267.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU

Modifies data under HKEY_USERS 18 IoCs

Processes:

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E
Key created	\REGISTRY\USER\.DEFAULT\Software
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

description pid process

Token: SeCreateGlobalPrivilege 2816
Token: SeChangeNotifyPrivilege 2816
Token: 33 2816
Token: SeIncBasePriorityPrivilege 2816

description	pid	process
Token: SeCreateGlobalPrivilege	2816
Token: SeChangeNotifyPrivilege	2816
Token: 33	2816
Token: SeIncBasePriorityPrivilege	2816

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exeUnicorn-20318.exeUnicorn-41890.exeUnicorn-57904.exeUnicorn-23691.exeUnicorn-26383.exeUnicorn-32928.exeUnicorn-47794.exeUnicorn-30572.exeUnicorn-54884.exeUnicorn-35018.exeUnicorn-5683.exeUnicorn-64121.exeUnicorn-5418.exeUnicorn-51355.exeUnicorn-57991.exeUnicorn-31003.exeUnicorn-40794.exeUnicorn-34018.exeUnicorn-57323.exeUnicorn-24973.exeUnicorn-24266.exeUnicorn-44132.exeUnicorn-48523.exeUnicorn-9876.exeUnicorn-57453.exeUnicorn-27695.exeUnicorn-33561.exeUnicorn-51323.exeUnicorn-44132.exeUnicorn-51698.exeUnicorn-2175.exeUnicorn-2305.exeUnicorn-42269.exeUnicorn-5896.exeUnicorn-64334.exeUnicorn-10072.exeUnicorn-18703.exeUnicorn-38569.exeUnicorn-42653.exeUnicorn-26792.exeUnicorn-65273.exeUnicorn-15517.exeUnicorn-55481.exeUnicorn-38076.exeUnicorn-38076.exeUnicorn-62010.exeUnicorn-28516.exeUnicorn-2943.exeUnicorn-150.exeUnicorn-22916.exeUnicorn-2943.exeUnicorn-5138.exeUnicorn-32600.exeUnicorn-16678.exeUnicorn-59757.exeUnicorn-25915.exeUnicorn-42906.exeUnicorn-38268.exeUnicorn-56249.exeUnicorn-40467.exeUnicorn-55180.exeUnicorn-39398.exeUnicorn-45621.exe

pid	process
1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe
3420	Unicorn-20318.exe
860	Unicorn-41890.exe
5024	Unicorn-57904.exe
3184	Unicorn-23691.exe
4220	Unicorn-26383.exe
3380	Unicorn-32928.exe
2652	Unicorn-47794.exe
4028	Unicorn-30572.exe
1564	Unicorn-54884.exe
680	Unicorn-35018.exe
4836	Unicorn-5683.exe
4760	Unicorn-64121.exe
2120	Unicorn-5418.exe
2084	Unicorn-51355.exe
8	Unicorn-57991.exe
2988	Unicorn-31003.exe
640	Unicorn-40794.exe
4816	Unicorn-34018.exe
2484	Unicorn-57323.exe
3156	Unicorn-24973.exe
4980	Unicorn-24266.exe
2804	Unicorn-44132.exe
1196	Unicorn-48523.exe
3656	Unicorn-9876.exe
2100	Unicorn-57453.exe
1360	Unicorn-27695.exe
1200	Unicorn-33561.exe
1540	Unicorn-51323.exe
3948	Unicorn-44132.exe
2692	Unicorn-51698.exe
3756	Unicorn-2175.exe
4752	Unicorn-2305.exe
392	Unicorn-42269.exe
2984	Unicorn-5896.exe
4636	Unicorn-64334.exe
4228	Unicorn-10072.exe
2852	Unicorn-18703.exe
436	Unicorn-38569.exe
1892	Unicorn-42653.exe
4912	Unicorn-26792.exe
972	Unicorn-65273.exe
3676	Unicorn-15517.exe
4664	Unicorn-55481.exe
1684	Unicorn-38076.exe
4316	Unicorn-38076.exe
3056	Unicorn-62010.exe
2824	Unicorn-28516.exe
2936	Unicorn-2943.exe
3684	Unicorn-150.exe
3632	Unicorn-22916.exe
808	Unicorn-2943.exe
1180	Unicorn-5138.exe
3776	Unicorn-32600.exe
2960	Unicorn-16678.exe
3476	Unicorn-59757.exe
1096	Unicorn-25915.exe
856	Unicorn-42906.exe
4056	Unicorn-38268.exe
5076	Unicorn-56249.exe
2864	Unicorn-40467.exe
3528	Unicorn-55180.exe
3140	Unicorn-39398.exe
2992	Unicorn-45621.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exeUnicorn-20318.exeUnicorn-41890.exeUnicorn-57904.exeUnicorn-23691.exeUnicorn-26383.exeUnicorn-47794.exeUnicorn-32928.exeUnicorn-30572.exeUnicorn-54884.exeUnicorn-5683.exeUnicorn-5418.exe

description	pid	process	target process
PID 1468 wrote to memory of 3420	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-20318.exe
PID 1468 wrote to memory of 3420	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-20318.exe
PID 1468 wrote to memory of 3420	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-20318.exe
PID 3420 wrote to memory of 860	3420	Unicorn-20318.exe	Unicorn-41890.exe
PID 3420 wrote to memory of 860	3420	Unicorn-20318.exe	Unicorn-41890.exe
PID 3420 wrote to memory of 860	3420	Unicorn-20318.exe	Unicorn-41890.exe
PID 1468 wrote to memory of 5024	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-57904.exe
PID 1468 wrote to memory of 5024	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-57904.exe
PID 1468 wrote to memory of 5024	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-57904.exe
PID 860 wrote to memory of 3184	860	Unicorn-41890.exe	Unicorn-23691.exe
PID 860 wrote to memory of 3184	860	Unicorn-41890.exe	Unicorn-23691.exe
PID 860 wrote to memory of 3184	860	Unicorn-41890.exe	Unicorn-23691.exe
PID 3420 wrote to memory of 4220	3420	Unicorn-20318.exe	Unicorn-26383.exe
PID 3420 wrote to memory of 4220	3420	Unicorn-20318.exe	Unicorn-26383.exe
PID 3420 wrote to memory of 4220	3420	Unicorn-20318.exe	Unicorn-26383.exe
PID 5024 wrote to memory of 3380	5024	Unicorn-57904.exe	Unicorn-32928.exe
PID 5024 wrote to memory of 3380	5024	Unicorn-57904.exe	Unicorn-32928.exe
PID 5024 wrote to memory of 3380	5024	Unicorn-57904.exe	Unicorn-32928.exe
PID 1468 wrote to memory of 2652	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-47794.exe
PID 1468 wrote to memory of 2652	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-47794.exe
PID 1468 wrote to memory of 2652	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-47794.exe
PID 3184 wrote to memory of 4028	3184	Unicorn-23691.exe	Unicorn-30572.exe
PID 3184 wrote to memory of 4028	3184	Unicorn-23691.exe	Unicorn-30572.exe
PID 3184 wrote to memory of 4028	3184	Unicorn-23691.exe	Unicorn-30572.exe
PID 4220 wrote to memory of 1564	4220	Unicorn-26383.exe	Unicorn-54884.exe
PID 4220 wrote to memory of 1564	4220	Unicorn-26383.exe	Unicorn-54884.exe
PID 4220 wrote to memory of 1564	4220	Unicorn-26383.exe	Unicorn-54884.exe
PID 860 wrote to memory of 680	860	Unicorn-41890.exe	Unicorn-35018.exe
PID 860 wrote to memory of 680	860	Unicorn-41890.exe	Unicorn-35018.exe
PID 860 wrote to memory of 680	860	Unicorn-41890.exe	Unicorn-35018.exe
PID 3420 wrote to memory of 8	3420	Unicorn-20318.exe	Unicorn-57991.exe
PID 3420 wrote to memory of 8	3420	Unicorn-20318.exe	Unicorn-57991.exe
PID 3420 wrote to memory of 8	3420	Unicorn-20318.exe	Unicorn-57991.exe
PID 2652 wrote to memory of 4760	2652	Unicorn-47794.exe	Unicorn-64121.exe
PID 2652 wrote to memory of 4760	2652	Unicorn-47794.exe	Unicorn-64121.exe
PID 2652 wrote to memory of 4760	2652	Unicorn-47794.exe	Unicorn-64121.exe
PID 5024 wrote to memory of 2084	5024	Unicorn-57904.exe	Unicorn-51355.exe
PID 5024 wrote to memory of 2084	5024	Unicorn-57904.exe	Unicorn-51355.exe
PID 5024 wrote to memory of 2084	5024	Unicorn-57904.exe	Unicorn-51355.exe
PID 1468 wrote to memory of 2120	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-5418.exe
PID 1468 wrote to memory of 2120	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-5418.exe
PID 1468 wrote to memory of 2120	1468	5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe	Unicorn-5418.exe
PID 3380 wrote to memory of 4836	3380	Unicorn-32928.exe	Unicorn-5683.exe
PID 3380 wrote to memory of 4836	3380	Unicorn-32928.exe	Unicorn-5683.exe
PID 3380 wrote to memory of 4836	3380	Unicorn-32928.exe	Unicorn-5683.exe
PID 4028 wrote to memory of 2988	4028	Unicorn-30572.exe	Unicorn-31003.exe
PID 4028 wrote to memory of 2988	4028	Unicorn-30572.exe	Unicorn-31003.exe
PID 4028 wrote to memory of 2988	4028	Unicorn-30572.exe	Unicorn-31003.exe
PID 3184 wrote to memory of 640	3184	Unicorn-23691.exe	Unicorn-40794.exe
PID 3184 wrote to memory of 640	3184	Unicorn-23691.exe	Unicorn-40794.exe
PID 3184 wrote to memory of 640	3184	Unicorn-23691.exe	Unicorn-40794.exe
PID 1564 wrote to memory of 4816	1564	Unicorn-54884.exe	Unicorn-34018.exe
PID 1564 wrote to memory of 4816	1564	Unicorn-54884.exe	Unicorn-34018.exe
PID 1564 wrote to memory of 4816	1564	Unicorn-54884.exe	Unicorn-34018.exe
PID 4220 wrote to memory of 2484	4220	Unicorn-26383.exe	Unicorn-57323.exe
PID 4220 wrote to memory of 2484	4220	Unicorn-26383.exe	Unicorn-57323.exe
PID 4220 wrote to memory of 2484	4220	Unicorn-26383.exe	Unicorn-57323.exe
PID 4836 wrote to memory of 3156	4836	Unicorn-5683.exe	Unicorn-24973.exe
PID 4836 wrote to memory of 3156	4836	Unicorn-5683.exe	Unicorn-24973.exe
PID 4836 wrote to memory of 3156	4836	Unicorn-5683.exe	Unicorn-24973.exe
PID 3380 wrote to memory of 4980	3380	Unicorn-32928.exe	Unicorn-24266.exe
PID 3380 wrote to memory of 4980	3380	Unicorn-32928.exe	Unicorn-24266.exe
PID 3380 wrote to memory of 4980	3380	Unicorn-32928.exe	Unicorn-24266.exe
PID 2120 wrote to memory of 2804	2120	Unicorn-5418.exe	Unicorn-44132.exe

C:\Users\Admin\AppData\Local\Temp\5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5d8ab8e55665281843835ec247af6000_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-16795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16795.exe
10⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
11⤵
PID:15184

C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
10⤵
PID:11368

C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
10⤵
PID:13396

C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
9⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
10⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
10⤵
PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 672
10⤵
- Program crash
PID:16344

C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
9⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
9⤵
PID:14760

C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
8⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
9⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
9⤵
PID:12092

C:\Users\Admin\AppData\Local\Temp\Unicorn-60470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60470.exe
9⤵
PID:14788

C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
9⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
8⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-36042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36042.exe
9⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
9⤵
PID:15568

C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
8⤵
PID:11920

C:\Users\Admin\AppData\Local\Temp\Unicorn-5538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5538.exe
8⤵
PID:15264

C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
8⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
8⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
9⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
10⤵
PID:12732

C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
10⤵
PID:16784

C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
10⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
9⤵
PID:10776

C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
9⤵
PID:13488

C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
8⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
8⤵
PID:11940

C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
8⤵
PID:15788

C:\Users\Admin\AppData\Local\Temp\Unicorn-60316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60316.exe
7⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
8⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
9⤵
PID:15200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 660
9⤵
- Program crash
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
8⤵
PID:11784

C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
8⤵
PID:14652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
8⤵
PID:17216

C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
7⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
7⤵
PID:11248

C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
7⤵
PID:14364

C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
7⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-59757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59757.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
8⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
9⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
10⤵
PID:9992

C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
10⤵
PID:13208

C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
10⤵
PID:16472

C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
9⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-10200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10200.exe
9⤵
PID:11560

C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
9⤵
PID:16016

C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
8⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
9⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
9⤵
PID:11272

C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
9⤵
PID:15576

C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
8⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
8⤵
PID:16312

C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
7⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
8⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
9⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-12236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12236.exe
9⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
8⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
8⤵
PID:12968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
8⤵
PID:16664

C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
7⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
8⤵
PID:13988

C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
8⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-63986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63986.exe
8⤵
PID:17004

C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
7⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
7⤵
PID:14244

C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
7⤵
PID:16440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 712
7⤵
- Program crash
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe
7⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 636
8⤵
- Program crash
PID:9340

C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
8⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
8⤵
PID:13972

C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
8⤵
PID:17308

C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
7⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
7⤵
PID:10660

C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
7⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
7⤵
PID:15668

C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
7⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
6⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 632
7⤵
- Program crash
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
7⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
7⤵
PID:13432

C:\Users\Admin\AppData\Local\Temp\Unicorn-43638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43638.exe
7⤵
PID:16840

C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
6⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
7⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
7⤵
PID:13736

C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
7⤵
PID:16648

C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
6⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 740
6⤵
- Program crash
PID:14476

C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
6⤵
PID:16220

C:\Users\Admin\AppData\Local\Temp\Unicorn-40794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40794.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
8⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
9⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
9⤵
PID:13124

C:\Users\Admin\AppData\Local\Temp\Unicorn-386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-386.exe
9⤵
PID:15876

C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
9⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
8⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe
9⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
9⤵
PID:14228

C:\Users\Admin\AppData\Local\Temp\Unicorn-12146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12146.exe
8⤵
PID:11420

C:\Users\Admin\AppData\Local\Temp\Unicorn-57951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57951.exe
8⤵
PID:13484

C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
7⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
8⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
8⤵
PID:11820

C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
8⤵
PID:14888

C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
7⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
7⤵
PID:11572

C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
7⤵
PID:15912

C:\Users\Admin\AppData\Local\Temp\Unicorn-40467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40467.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
7⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
8⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
9⤵
PID:12012

C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
9⤵
PID:14620

C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
9⤵
PID:16684

C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
8⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
8⤵
PID:13648

C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
8⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
7⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
7⤵
PID:12240

C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
7⤵
PID:15092

C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
7⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
6⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
7⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
7⤵
PID:13212

C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
7⤵
PID:13564

C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
6⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
6⤵
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
6⤵
PID:15680

C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
6⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
7⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
8⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
9⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
9⤵
PID:13756

C:\Users\Admin\AppData\Local\Temp\Unicorn-32185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32185.exe
9⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
8⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
8⤵
PID:13448

C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
8⤵
PID:17316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 652
8⤵
- Program crash
PID:17004

C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
7⤵
PID:9236

C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
7⤵
PID:14288

C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
7⤵
PID:17300

C:\Users\Admin\AppData\Local\Temp\Unicorn-12834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12834.exe
7⤵
PID:17028

C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
6⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
7⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
7⤵
PID:12852

C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
7⤵
PID:15192

C:\Users\Admin\AppData\Local\Temp\Unicorn-46935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46935.exe
6⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
6⤵
PID:11440

C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
6⤵
PID:16040

C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
6⤵
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 504
6⤵
- Program crash
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
5⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
6⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
7⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32082.exe
7⤵
PID:12268

C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
7⤵
PID:14836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 728
7⤵
- Program crash
PID:16256

C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
6⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
7⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
7⤵
PID:16076

C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
7⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
7⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-11269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11269.exe
6⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 680
6⤵
- Program crash
PID:16136

C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
6⤵
PID:17276

C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
5⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
6⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
6⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 628
6⤵
- Program crash
PID:14356

C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
6⤵
PID:17008

C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
6⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
5⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
5⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12108 -s 464
6⤵
- Program crash
PID:11600

C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
5⤵
PID:14728

C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
5⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-55481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55481.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
7⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
8⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-45209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45209.exe
9⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
9⤵
PID:14272

C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
9⤵
PID:17284

C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
8⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
8⤵
PID:12964

C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
8⤵
PID:16720

C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
7⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
8⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-19608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19608.exe
8⤵
PID:14452

C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
8⤵
PID:17324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 636
7⤵
- Program crash
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
7⤵
PID:13084

C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
7⤵
PID:15736

C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
7⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
6⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
7⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
8⤵
PID:12740

C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
8⤵
PID:16032

C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
8⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
7⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
7⤵
PID:13460

C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
7⤵
PID:17096

C:\Users\Admin\AppData\Local\Temp\Unicorn-23588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23588.exe
6⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
7⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
7⤵
PID:14348

C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
7⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
6⤵
PID:10432

C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
6⤵
PID:14668

C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
6⤵
PID:16412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 736
5⤵
- Program crash
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
5⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
6⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
7⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 632
7⤵
- Program crash
PID:11964

C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
7⤵
PID:12592

C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
7⤵
PID:11700

C:\Users\Admin\AppData\Local\Temp\Unicorn-4526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4526.exe
7⤵
PID:15384

C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
6⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
6⤵
PID:12524

C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
6⤵
PID:16276

C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
5⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-28314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28314.exe
6⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
6⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
6⤵
PID:13984

C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
5⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-54895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54895.exe
5⤵
PID:11580

C:\Users\Admin\AppData\Local\Temp\Unicorn-17903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17903.exe
5⤵
PID:15408

C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
5⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-51323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51323.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 720
6⤵
- Program crash
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
6⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
7⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
7⤵
PID:13104

C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
7⤵
PID:14476

C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
7⤵
PID:16968

C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
6⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
6⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
6⤵
PID:15032

C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
6⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
5⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
6⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
7⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
7⤵
PID:14572

C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
6⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
6⤵
PID:14712

C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
5⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
5⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
5⤵
PID:14744

C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
5⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
6⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
7⤵
PID:10408

C:\Users\Admin\AppData\Local\Temp\Unicorn-19608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19608.exe
7⤵
PID:14068

C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
6⤵
PID:9320

C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
6⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 632
6⤵
- Program crash
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
6⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
5⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 648
6⤵
- Program crash
PID:212

C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
5⤵
PID:9564

C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
5⤵
PID:13452

C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
5⤵
PID:17136

C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
4⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
5⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
6⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
6⤵
PID:12912

C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
6⤵
PID:16712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 748
6⤵
- Program crash
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
5⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
5⤵
PID:14588

C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
5⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe
4⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
4⤵
PID:11844

C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
4⤵
PID:14868

C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
4⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-50116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50116.exe
4⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-55180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55180.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
8⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
9⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
9⤵
PID:12604

C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
9⤵
PID:16284

C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
9⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
8⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
8⤵
PID:11928

C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
8⤵
PID:14696

C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
8⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
7⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
8⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe
8⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-61323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61323.exe
8⤵
PID:14796

C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
7⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
7⤵
PID:13052

C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
7⤵
PID:15888

C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
7⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
7⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
8⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 632
9⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
8⤵
PID:11712

C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
8⤵
PID:12460

C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
8⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
7⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 664
7⤵
- Program crash
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
7⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
7⤵
PID:15828

C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
7⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
6⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
7⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 628
7⤵
- Program crash
PID:12372

C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
7⤵
PID:14012

C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
7⤵
PID:17320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
7⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
7⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
6⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
6⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
6⤵
PID:16516

C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
6⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
7⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
8⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
8⤵
PID:12616

C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
8⤵
PID:15676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
7⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
7⤵
PID:12944

C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
7⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-13410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13410.exe
6⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
7⤵
PID:9520

C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
7⤵
PID:12876

C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
7⤵
PID:15376

C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
7⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-64134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64134.exe
7⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 652
6⤵
- Program crash
PID:8436

C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
6⤵
PID:11904

C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
6⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
6⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
5⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
6⤵
PID:8608

C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
6⤵
PID:12952

C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
6⤵
PID:15456

C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
5⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
5⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
5⤵
PID:16092

C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
6⤵
- Executes dropped EXE
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 632
7⤵
- Program crash
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
7⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
8⤵
PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 596
8⤵
- Program crash
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
7⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
7⤵
PID:14084

C:\Users\Admin\AppData\Local\Temp\Unicorn-13410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13410.exe
6⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
7⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
7⤵
PID:13868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
7⤵
PID:17392

C:\Users\Admin\AppData\Local\Temp\Unicorn-53694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53694.exe
7⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
6⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
6⤵
PID:13156

C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
6⤵
PID:16444

C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
5⤵
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-55154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55154.exe
6⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
7⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
7⤵
PID:12384

C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
7⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
6⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
7⤵
PID:13108

C:\Users\Admin\AppData\Local\Temp\Unicorn-57734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57734.exe
7⤵
PID:15616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 744
7⤵
- Program crash
PID:16404

C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
7⤵
PID:16844

C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
6⤵
PID:12480

C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
6⤵
PID:16164

C:\Users\Admin\AppData\Local\Temp\Unicorn-2833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2833.exe
5⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
6⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
6⤵
PID:13136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
6⤵
PID:15692

C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
5⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
5⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
5⤵
PID:16104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 716
5⤵
- Program crash
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
5⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
5⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
6⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
7⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
7⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
7⤵
PID:14776

C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
7⤵
PID:8812

C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
6⤵
PID:8496

C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
6⤵
PID:13000

C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
6⤵
PID:15984

C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
5⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
6⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
6⤵
PID:13252

C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
6⤵
PID:16496

C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
5⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
5⤵
PID:13096

C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
5⤵
PID:16064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 744
5⤵
- Program crash
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
5⤵
PID:13512

C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
5⤵
PID:16612

C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
4⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
5⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
6⤵
PID:9228

C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
6⤵
PID:12640

C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
6⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
5⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
5⤵
PID:12936

C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
5⤵
PID:15380

C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
4⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
5⤵
PID:8892

C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
5⤵
PID:12084

C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
5⤵
PID:15812

C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
4⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
4⤵
PID:12784

C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
4⤵
PID:15804

C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
4⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:8

C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 636
6⤵
- Program crash
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
6⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
7⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
8⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
8⤵
PID:15764

C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
7⤵
PID:11860

C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
7⤵
PID:15336

C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
7⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
7⤵
PID:17296

C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
6⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
6⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
6⤵
PID:15584

C:\Users\Admin\AppData\Local\Temp\Unicorn-44457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44457.exe
6⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
6⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
5⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 628
6⤵
- Program crash
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
6⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-63155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63155.exe
6⤵
PID:10660

C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
6⤵
PID:16432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 16432 -s 464
7⤵
- Program crash
PID:16600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 760
5⤵
- Program crash
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
5⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
5⤵
PID:13604

C:\Users\Admin\AppData\Local\Temp\Unicorn-3817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3817.exe
5⤵
PID:16960

C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
5⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 616
6⤵
- Program crash
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
6⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
7⤵
PID:11952

C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
7⤵
PID:14980

C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
7⤵
PID:16136

C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
6⤵
PID:10664

C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
6⤵
PID:13508

C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
6⤵
PID:17208

C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
6⤵
PID:17132

C:\Users\Admin\AppData\Local\Temp\Unicorn-30669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30669.exe
5⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
6⤵
PID:10124

C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
6⤵
PID:13804

C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
6⤵
PID:17268

C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
5⤵
PID:9304

C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
5⤵
PID:13960

C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
5⤵
PID:15784

C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
4⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
5⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
5⤵
PID:13200

C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
5⤵
PID:15808

C:\Users\Admin\AppData\Local\Temp\Unicorn-1562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1562.exe
5⤵
PID:17204

C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
4⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
5⤵
PID:13744

C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
5⤵
PID:17236

C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
5⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
4⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
4⤵
PID:14732

C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe
4⤵
PID:17012

C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 632
4⤵
- Program crash
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
4⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
5⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
5⤵
PID:12452

C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
5⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
4⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
5⤵
PID:13680

C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
4⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
4⤵
PID:15084

C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
4⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-49726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49726.exe
4⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
5⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
6⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
6⤵
PID:13532

C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
6⤵
PID:16976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
6⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
5⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
5⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
5⤵
PID:16640

C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
4⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-26499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26499.exe
5⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
5⤵
PID:12696

C:\Users\Admin\AppData\Local\Temp\Unicorn-27421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27421.exe
5⤵
PID:16364

C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
4⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 628
4⤵
- Program crash
PID:13524

C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
4⤵
PID:15100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
3⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
4⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
5⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 696
5⤵
- Program crash
PID:11700

C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
5⤵
PID:15528

C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
4⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
4⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
3⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
3⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
3⤵
PID:14328

C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
3⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
7⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
8⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
9⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-45666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45666.exe
9⤵
PID:12248

C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
9⤵
PID:15060

C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
8⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-14323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14323.exe
8⤵
PID:13728

C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
8⤵
PID:16924

C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
8⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-55198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55198.exe
7⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
8⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
8⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
8⤵
PID:16560

C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
7⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
7⤵
PID:13692

C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
6⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
7⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
8⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
8⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
8⤵
PID:14160

C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
7⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
7⤵
PID:12420

C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
7⤵
PID:16112

C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
6⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
7⤵
PID:9424

C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
7⤵
PID:12976

C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
7⤵
PID:15840

C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
6⤵
PID:10504

C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
6⤵
PID:11792

C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
6⤵
PID:17052

C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
6⤵
PID:16740

C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
6⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 640
6⤵
- Program crash
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
6⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
7⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
7⤵
PID:13704

C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
6⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
6⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
6⤵
PID:15952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 740
5⤵
- Program crash
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
5⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
6⤵
PID:13492

C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
5⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
5⤵
PID:14112

C:\Users\Admin\AppData\Local\Temp\Unicorn-13467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13467.exe
5⤵
PID:16984

C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
5⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 640
5⤵
- Program crash
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
5⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
6⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
6⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 632
6⤵
- Program crash
PID:16252

C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
6⤵
PID:16404

C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
5⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
6⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
5⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
5⤵
PID:14960

C:\Users\Admin\AppData\Local\Temp\Unicorn-11077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11077.exe
5⤵
PID:16256

C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
5⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
6⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
7⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
7⤵
PID:12624

C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
7⤵
PID:16248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 712
7⤵
- Program crash
PID:16684

C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
6⤵
PID:9248

C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
6⤵
PID:13140

C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
6⤵
PID:16732

C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
5⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
6⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
6⤵
PID:14636

C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
6⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
5⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
5⤵
PID:14164

C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
5⤵
PID:17092

C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
4⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
5⤵
PID:8476

C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
5⤵
PID:12588

C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
5⤵
PID:15824

C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
4⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-12524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12524.exe
4⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
4⤵
PID:14792

C:\Users\Admin\AppData\Local\Temp\Unicorn-24511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24511.exe
4⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 716
4⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-49726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49726.exe
5⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
6⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
7⤵
PID:8692

C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
7⤵
PID:11488

C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
7⤵
PID:15652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 632
7⤵
- Program crash
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-16926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16926.exe
7⤵
PID:17392

C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
6⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
6⤵
PID:13928

C:\Users\Admin\AppData\Local\Temp\Unicorn-12197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12197.exe
6⤵
PID:17328

C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
5⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
6⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\Unicorn-19608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19608.exe
6⤵
PID:14412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 640
5⤵
- Program crash
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
5⤵
PID:12124

C:\Users\Admin\AppData\Local\Temp\Unicorn-798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-798.exe
5⤵
PID:14740

C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
4⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
5⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
5⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
5⤵
PID:14804

C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
4⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
4⤵
PID:12176

C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
4⤵
PID:15796

C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-15517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15517.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
5⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
6⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
7⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
7⤵
PID:12560

C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
7⤵
PID:15708

C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
6⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
6⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
6⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
5⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
6⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
6⤵
PID:11648

C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
6⤵
PID:16848

C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
6⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
5⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 720
5⤵
- Program crash
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
5⤵
PID:14120

C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
5⤵
PID:17016

C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
4⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
5⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
5⤵
PID:12816

C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
5⤵
PID:15496

C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
4⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
4⤵
PID:12840

C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
4⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
3⤵
- Executes dropped EXE
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
3⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
4⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
5⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
6⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
6⤵
PID:12712

C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
6⤵
PID:16676

C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
5⤵
PID:11740

C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
5⤵
PID:15440

C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
4⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
5⤵
PID:13244

C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
5⤵
PID:15740

C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
4⤵
PID:12412

C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
4⤵
PID:16084

C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
3⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
4⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
4⤵
PID:13184

C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
4⤵
PID:16460

C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
3⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-48284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48284.exe
3⤵
PID:12788

C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
3⤵
PID:15296

C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
3⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 636
4⤵
- Program crash
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
5⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
6⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
7⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
7⤵
PID:14628

C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
6⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
6⤵
PID:12752

C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
6⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
6⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 596
5⤵
- Program crash
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
5⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-14323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14323.exe
5⤵
PID:13720

C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
5⤵
PID:16916

C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
4⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
5⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
6⤵
PID:10376

C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
6⤵
PID:14316

C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
6⤵
PID:17192

C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
5⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-52398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52398.exe
5⤵
PID:13696

C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
5⤵
PID:16948

C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
4⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
5⤵
PID:11344

C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
5⤵
PID:15396

C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
5⤵
PID:16840

C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
4⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
4⤵
PID:13768

C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
4⤵
PID:13760

C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 624
4⤵
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-31121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31121.exe
4⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
5⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
6⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
6⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 640
6⤵
- Program crash
PID:16252

C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
5⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
5⤵
PID:14100

C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
5⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
4⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
5⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
5⤵
PID:14340

C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
4⤵
PID:11872

C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
4⤵
PID:15136

C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
4⤵
PID:15832

C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
4⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
5⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
6⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
6⤵
PID:14504

C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
5⤵
PID:11180

C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
5⤵
PID:14612

C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
4⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
5⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 660
5⤵
- Program crash
PID:13712

C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
5⤵
PID:15520

C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
5⤵
PID:17252

C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
4⤵
PID:10732

C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
4⤵
PID:13792

C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
3⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
4⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
5⤵
PID:13684

C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
5⤵
PID:16940

C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
4⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
4⤵
PID:14752

C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
3⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
3⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
3⤵
PID:14720

C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
3⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:436

C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
5⤵
PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 716
6⤵
- Program crash
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
6⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
7⤵
PID:14196

C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
7⤵
PID:15552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 692
7⤵
- Program crash
PID:212

C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
6⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
6⤵
PID:13848

C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
6⤵
PID:17032

C:\Users\Admin\AppData\Local\Temp\Unicorn-6381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6381.exe
5⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
6⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
6⤵
PID:13612

C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
6⤵
PID:16428

C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
5⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
5⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
5⤵
PID:16576

C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
5⤵
PID:17000

C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
4⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
5⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
6⤵
PID:14756

C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
5⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
5⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
4⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
4⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
4⤵
PID:13668

C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
4⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
4⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 636
5⤵
- Program crash
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
5⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
6⤵
PID:11384

C:\Users\Admin\AppData\Local\Temp\Unicorn-29629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29629.exe
6⤵
PID:13504

C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
6⤵
PID:16844

C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
5⤵
PID:10628

C:\Users\Admin\AppData\Local\Temp\Unicorn-7224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7224.exe
5⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-30669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30669.exe
4⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 632
4⤵
- Program crash
PID:10164

C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
4⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
4⤵
PID:15224

C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
4⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
3⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
4⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
4⤵
PID:12992

C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
4⤵
PID:16012

C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
3⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
3⤵
PID:12304

C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
3⤵
PID:16048

C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
3⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
4⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-64255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64255.exe
5⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
5⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
6⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
6⤵
PID:14844

C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
6⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
5⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
5⤵
PID:14128

C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
5⤵
PID:17112

C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
4⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
5⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
5⤵
PID:13284

C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
5⤵
PID:16452

C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe
4⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
4⤵
PID:14152

C:\Users\Admin\AppData\Local\Temp\Unicorn-52597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52597.exe
3⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
4⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
4⤵
PID:14132

C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
4⤵
PID:16996

C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
3⤵
PID:9584

C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
3⤵
PID:13032

C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
3⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
3⤵
PID:11884

C:\Users\Admin\AppData\Local\Temp\Unicorn-22916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22916.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
3⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
4⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
5⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
5⤵
PID:12760

C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
5⤵
PID:14884

C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
5⤵
PID:16360

C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
4⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
4⤵
PID:13192

C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
4⤵
PID:15772

C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
3⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
4⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
4⤵
PID:15632

C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
3⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-26957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26957.exe
3⤵
PID:14180

C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
3⤵
PID:17220

C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
2⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
3⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
3⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
3⤵
PID:14544

C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
2⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
3⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 656
3⤵
- Program crash
PID:13512

C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
3⤵
PID:15556

C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
2⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
2⤵
PID:14824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2084 -ip 2084
1⤵
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4760 -ip 4760
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1200 -ip 1200
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3656 -ip 3656
1⤵
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4980 -ip 4980
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 680 -ip 680
1⤵
PID:620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1892 -ip 1892
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 972 -ip 972
1⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4316 -ip 4316
1⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4836 -ip 4836
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1360 -ip 1360
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1564 -ip 1564
1⤵
PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2120 -ip 2120
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1196 -ip 1196
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3380 -ip 3380
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 3732 -ip 3732
1⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1876 -ip 1876
1⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4752 -ip 4752
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5448 -ip 5448
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5380 -ip 5380
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5232 -ip 5232
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5824 -ip 5824
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 2936 -ip 2936
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5856 -ip 5856
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6016 -ip 6016
1⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2100 -ip 2100
1⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 856 -ip 856
1⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6196 -ip 6196
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5564 -ip 5564
1⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5788 -ip 5788
1⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5724 -ip 5724
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6564 -ip 6564
1⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5904 -ip 5904
1⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5756 -ip 5756
1⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5908 -ip 5908
1⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5888 -ip 5888
1⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5708 -ip 5708
1⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5880 -ip 5880
1⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5244 -ip 5244
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5084 -ip 5084
1⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 3816 -ip 3816
1⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6864 -ip 6864
1⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6668 -ip 6668
1⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6608 -ip 6608
1⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6644 -ip 6644
1⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7156 -ip 7156
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6520 -ip 6520
1⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6848 -ip 6848
1⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6460 -ip 6460
1⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6572 -ip 6572
1⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6696 -ip 6696
1⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5992 -ip 5992
1⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 3156 -ip 3156
1⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 1684 -ip 1684
1⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4636 -ip 4636
1⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 2852 -ip 2852
1⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 2984 -ip 2984
1⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5416 -ip 5416
1⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5300 -ip 5300
1⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6000 -ip 6000
1⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5484 -ip 5484
1⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 808 -ip 808
1⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2824 -ip 2824
1⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3776 -ip 3776
1⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4664 -ip 4664
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5504 -ip 5504
1⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6232 -ip 6232
1⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3948 -ip 3948
1⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5812 -ip 5812
1⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5868 -ip 5868
1⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 7720 -ip 7720
1⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 7164 -ip 7164
1⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5936 -ip 5936
1⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6032 -ip 6032
1⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 860 -ip 860
1⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5792 -ip 5792
1⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5720 -ip 5720
1⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6536 -ip 6536
1⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3140 -ip 3140
1⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 3700 -ip 3700
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4236 -ip 4236
1⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 2992 -ip 2992
1⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3368 -ip 3368
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6056 -ip 6056
1⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5932 -ip 5932
1⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6444 -ip 6444
1⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6424 -ip 6424
1⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6432 -ip 6432
1⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 4428 -ip 4428
1⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5224 -ip 5224
1⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1272 -ip 1272
1⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6840 -ip 6840
1⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6588 -ip 6588
1⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7700 -ip 7700
1⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 392 -ip 392
1⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3676 -ip 3676
1⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 12108 -ip 12108
1⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3056 -ip 3056
1⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6484 -ip 6484
1⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5376 -ip 5376
1⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5408 -ip 5408
1⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 7148 -ip 7148
1⤵
PID:13380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6860 -ip 6860
1⤵
PID:13876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 7528 -ip 7528
1⤵
PID:14256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6584 -ip 6584
1⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 7252 -ip 7252
1⤵
PID:13716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 8004 -ip 8004
1⤵
PID:13996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 7012 -ip 7012
1⤵
PID:13472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5512 -ip 5512
1⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 12108 -ip 12108
1⤵
PID:13856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5764 -ip 5764
1⤵
PID:14284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5984 -ip 5984
1⤵
PID:14360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6420 -ip 6420
1⤵
PID:14428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6096 -ip 6096
1⤵
PID:14488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4028 -ip 4028
1⤵
PID:14984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 2988 -ip 2988
1⤵
PID:15032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6500 -ip 6500
1⤵
PID:15108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3528 -ip 3528
1⤵
PID:15220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6492 -ip 6492
1⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 2748 -ip 2748
1⤵
PID:14380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5700 -ip 5700
1⤵
PID:15192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4816 -ip 4816
1⤵
PID:15704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5216 -ip 5216
1⤵
PID:15912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5556 -ip 5556
1⤵
PID:15736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 436 -ip 436
1⤵
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6516 -ip 6516
1⤵
PID:16348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6808 -ip 6808
1⤵
PID:16560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6560 -ip 6560
1⤵
PID:16600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7540 -ip 7540
1⤵
PID:17052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 7124 -ip 7124
1⤵
PID:16840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6008 -ip 6008
1⤵
PID:17204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7292 -ip 7292
1⤵
PID:17224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5804 -ip 5804
1⤵
PID:16988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6616 -ip 6616
1⤵
PID:17284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 1096 -ip 1096
1⤵
PID:16480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 7876 -ip 7876
1⤵
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4976 -ip 4976
1⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5456 -ip 5456
1⤵
PID:17200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2484 -ip 2484
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7080 -ip 7080
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6320 -ip 6320
1⤵
PID:16564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6976 -ip 6976
1⤵
PID:16344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3184 -ip 3184
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 7028 -ip 7028
1⤵
PID:16428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5848 -ip 5848
1⤵
PID:16372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7024 -ip 7024
1⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 6816 -ip 6816
1⤵
PID:5396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe

Filesize
184KB

MD5
e7c2ce4a7d17c9adb32d1b2884b7f6e1

SHA1
6c0866d7d049ac6af41c9bedf2b1e29a0555b6dd

SHA256
d8236804a0d929489cb44b4280f9621419a517681b272ce75ecaae97437652bd

SHA512
de62ed37f6e376cf4f50172eba55212df15cfe19e825406d6daac28c749a98b814ed4d2e0f4faad271834ab6d98bbf887a581d29d1e694fc6655f2c213c4c5a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe

Filesize
184KB

MD5
10bd0fdf0c3cb4908e73d7b8862a4b38

SHA1
b33bdcab57b520f486e49fa5bd85ae1f37333b90

SHA256
bc0bf117fc98b28eeca93a2cfa9af1235bf15561952725d2d87125bed1ee65f9

SHA512
705d4e46fe69ec969ff96caaa94832e0a4c8c01d48e979e027d6dfc9283cee5fa296ec73e8a57f7ff82520f935a28dd22dac72b334abec4b1aacfd3903fbb0b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe

Filesize
184KB

MD5
aee6d1c7b9fcb81bdb1df267bca352ba

SHA1
a0c6b6317958fd1a3af1b0ed4cf2c84ae766729c

SHA256
35a8a058893f3b3e822ff8e638dd36c700ff7f0da90b9c4b1d08ff3dee6e71b6

SHA512
f43e42f870a4dfaf78c178a794a58f8f2a1a85eef23a454f6766f53be6ae3ea0628a2cff2c53c71e57220133b2c873657c29795a696d106a935340681d428f08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe

Filesize
184KB

MD5
fdb594bf22804d60cf677d9b8a81236a

SHA1
4dccb831e6dc1ccd042300413f0ce7fba9565fe8

SHA256
72eb3513049ec4140fc8b185a4fb07a85ed8dc8f9120720bb588d8ff4d561d31

SHA512
c58ca7487bf8fd0a532269cf75688d6f0959070ca2bc3c52bff639d8bad1c19e7961cf0bb50dcb9c7c369a25b356c90ed3d872a963a032669b8d392c373f2be4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe

Filesize
184KB

MD5
235a37205e8078278b49e59c52531393

SHA1
5f09b44e10747a849bbcb342ec6e3c5a440eabf7

SHA256
a3b6e4342830c45c6688bdb5a72618c0b67f638e2863daa582d0c264748255d4

SHA512
5c4b575313722ede9e3eae3a1c3e48db1f0e9b27d2bc41bd080f1abc07c7ca94b46e9aeb9a6ba88149f4a247bc4d7f26051faa59f823add199aa3e42207876d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe

Filesize
184KB

MD5
db14052cfbae578ced312eb74d65ce21

SHA1
43641a6ed6da7d2368c56c78ae8586b553a33de4

SHA256
b621e83fee0d91c03a06e8fdc4059eb6cbde5cf271f0708da4ef7e8c25b49798

SHA512
590875d80c857179247bed48eb51a5132d77c5e5835a4763e624333d180f5d7d185f363224bc20c36774e2636d1d78600b6a735e3529f7cbe4da61d19c34417e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe

Filesize
184KB

MD5
f9dd101e698fb265492dbb366b5ebd6a

SHA1
e7f8cfcfd3402c385d8784044d1977223780021a

SHA256
f1abdabe955a104c5f43233f83ca5b1a368518c5d0c5825e99768fdd9b43b7ee

SHA512
c1a48199b3e67de506892db01d1e5a4ca37bb81b4bf9fa74b50df720409d6ebbd547234e0cfa0c7c42fb6491d07205a8bd4567fef35856dbe6b4442cc5e71f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe

Filesize
184KB

MD5
7f30a3380f69012a835733eb4d5e3a03

SHA1
a6dfc240958f9dbbc0a8fdde0bb2686549e016c0

SHA256
b97ab9ad158ae214accea57cb58c54af37509805c67807b85fa98605a1d6a91c

SHA512
1d776e1e2ab96b38d8b00833ac4de32a77bdf722daff18f16fd58d6c0dd507c7318659716ed4fd23bd02dcd9ed1b065ce5cdc8eac4f7ae09cffac5dfcca5a0e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe

Filesize
184KB

MD5
087f38f324fc789ea482fe3c8548144d

SHA1
175fb393b1bd667001426a0aa2b7391027dedc7a

SHA256
d033039ddf24816ca194be08940495a82d3da1b47f2effd75c04bb1a77cc152a

SHA512
fe9dcc176a5ebeae597118e3feeda03fc5356b394131bd759935b96757d8fc89b48dd59624f85e44645b1ca31de20b5c349b155aa37226e3aec18c0826fd0be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe

Filesize
184KB

MD5
ea856bd941ec432f80094dafbdbfe76b

SHA1
9073eae0f178ce6a766c4b2b99fb352bf6e5c367

SHA256
3fe63fd87b13565d7830f425ad023fbdf74cdc5ae086e89e54218253efdb645d

SHA512
962537c6bbef31a03fe236a02969351397d5779183f4781ce5368be05306808037dbfbda2f365d589914378c2eaffcdeaa8fe10e2f98dfe8def4944837498184

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe

Filesize
184KB

MD5
78dd71b61695a9d18021be512be3f60d

SHA1
ff7e39c84cb15eb76ebba3c8512679db7e4cdcaa

SHA256
3ae4914fd11793b76f997c3af22f7fbf8375353909bd3fbfce3c3aa2a18531bc

SHA512
9b09100322b27557c7a3029e7b553474653e741bce876e508f787afdecb5bc5d6067f23de34258f0eb9155ea2bf0bcf71e0c7c1c922de80d4ed671c071684ae8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe

Filesize
184KB

MD5
be7eb4910fb6d102971f90f03361cf02

SHA1
66203fddc285c0ec3077cbd693dfd6fb81b5ba2c

SHA256
a4ca32c354f1ec5ecd7467eea8bb9f8ff44a5d14c013b6c1a101c02126c08b6d

SHA512
f9de67be26d6e97ed88c66bcfa4f60ad2a955143c6a365f3e516809f7f7dda0dd0e96ffb6435c360476b77183f7e4cbb2e0da6b4657fa830ca96fde09eb93d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe

Filesize
184KB

MD5
cb45bd7ec33a98e1570b2475954c450d

SHA1
54b0c0bcfc0d9c2179a4b4f42787ee867c1d2f7a

SHA256
f29975e7ef762f70ffe52e55642aee2bc507e279ea422c79cf8b53a5d872d2f6

SHA512
916ce01972c0b698c8b8563dd1bb8934a466f6add46a4c84ffbd27241363fc4f0e27b7cbf80ec73575db82dfb477dd8ddd117bc7ed82d9f8726b4d0276b17904

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe

Filesize
184KB

MD5
3ca37247f51845abbfb85e9383ff0f35

SHA1
a054bca7efa087006c915bbe2ab6688ea6ae15e2

SHA256
6c6b19ce1ab0a80562b7ff0cb87746a1c9194ba6aaa16d05c8af50a43c4ee75e

SHA512
79252eb79c0177d5ed072e10f4dd4896ac232c40c7e35688bfcc83003d09c629d54536b28962e8ec95eaf38c2450c0e331f36e7b21c21eb32f79d42b5a0f217e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe

Filesize
184KB

MD5
ec31eaaef24a1b67cd6b86d307ab01ce

SHA1
903e85b9894c1bb856787696e49242d7f76c7acf

SHA256
44dafe638f49e7f5e7c29eac9284b6a8a0049c7667bc9b99fbf27a87cb5e0313

SHA512
faef2f0ff13d73b20a6d3b89ce6f4d9fd7be9cfcb18eca70ec35264103e98d1f8c88fae4bf27c1186020b38b36c2fba248c99e32e23aa9b477b92856014c5267

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe

Filesize
184KB

MD5
5e9160ec4dc7a1afcaf8d08419769543

SHA1
c7d8b234ad467526de560d184e7465aeac131889

SHA256
2e99c0b6140962128e70a1d782124ca7cdbd6040e135d02e602608cb997027c3

SHA512
e74b1370b8144b610012c9622ff5e15dc54d6e85a135c6e1f4a713e7dc09f0db01174fbfd875d4b3d7c0ef2665777814cc4dcc03df4f3a19851afdd8c60302c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe

Filesize
184KB

MD5
3195dffc38669104061d243c09a04e3e

SHA1
20add6cd24bc3efef109d681341baee6be94e52a

SHA256
e499a32f3722a95d5ce1306ba1b78a4f67a8275dcde7e7ea0296220fdb392a31

SHA512
bd3847e5ba5cfb9dc4915e85fa39ec2c12fd054fa8772992928223209ba09b2c4aaf2bbffc4ebdbd59110d61092598f2ce39cebdbd466d4f33517ec2f2831a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40794.exe

Filesize
184KB

MD5
86b92b1ecf00b68ada58b7ec7d375618

SHA1
54d8c8e27209a1ffed70db1c99c3eaf601e1db55

SHA256
3164c0aa7a0bc24a24fd54386fa662b62433c2156c71e2a163930385c164d41f

SHA512
577899b37861deb694edc43aba5e3543627f5cdc8407f22a1adfd7793d8fe9ad07adec42295e9c52e5e6554e478d53fd966933640f6ff7158c7bd040177d7a51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe

Filesize
184KB

MD5
b5deb876a256c92b18c904b2834141f9

SHA1
a3847480fb4545cfdd61317ea67dbd1c22270ebf

SHA256
c7bdf4d5ca9c17a5657343c91ab6fc47ae354e878c3ebc2a4068d85c45c6eff2

SHA512
4ce014546b3140eeb25cf41a160913fd5bae63c747fa81f471193a41b1187af48e348324f1a7766fdee0ddf02feef35da5aca0ebcbc4afd016621f9e17d921f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe

Filesize
184KB

MD5
9bffc7971e1c06e22d5128c419284f94

SHA1
846ba215b555491bd8e83ac0be8f69d32ee29937

SHA256
c42de498c855106876f05fdaa182c35c822cfc0159e3c13c15ca24ab48b30b76

SHA512
69f032b60c69ae45df8777b15667d04c6ab2710e34c8a6a0ddb23a33dc8073fe9bb0027df85643ddd7aa73057723d1285c112f57b20f3b6d099bdf426f539709

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe

Filesize
184KB

MD5
e1460ee63bd70c749e78c92c2a78f347

SHA1
c72205d2b671dbca3e673e512340568aa21f4d9e

SHA256
9d0c840fd19e9a786744a217dc27a56b7e31041faa15e0426c789739c3529a58

SHA512
c5105af876fee5f14317a332e6a6d3e1db5c3bb336dc07747cfa44b90404492f5081b615e0bde6461a5220f19d93b58e78051ef227592dba78e7053e7fff7c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe

Filesize
184KB

MD5
d47aa0738f77ec5f2302b14b8a19e4b1

SHA1
45d9c442ab1f1c818105941a9eb7ad44a9dd386c

SHA256
85bea35987454fe0da0dce31b98fbda6a256a260f8d64471a6863a4716461b27

SHA512
241dcaed57c02dc73a05f81ebd8549c4cb53e593c7af3dd9617c6b16bcb710b306e4c617f5aea326723d66963418573620a4aeb0ab8cd6a08709b2bd33a14aa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51323.exe

Filesize
184KB

MD5
36c299228f2c53c332911a5b54929ca3

SHA1
fb6b7680721298949255548bd6abeeece1f3c263

SHA256
8900c734efa2082133120a8dbc2fc23bcef34191056bc60b75cf5671d742b394

SHA512
b249681dcbc6726a331dad5e2cd9c181cf2a989075b7b09b0dfdeee198edf3f498d99207a5900d0574be1813c7fed349be7c34d199fcd9dc7956bb0fcd86392b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe

Filesize
184KB

MD5
e87c53e9c3d77e4cd8b01911129da2f9

SHA1
289b3f908013415e6e0a5b4823f2ff4709c6a0a5

SHA256
e56069592c642078d769a30eaaa14fdb80dcb2319de46133ae32a63ec452b75a

SHA512
d01fee69c30d7b75ef375e66bd2341286eb1544044d7bebbd3d8f4f05d9469cf52536171c9f9076ad27cdba83c7a11d4d9b47b2d1559496dcc44f7a099399749

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe

Filesize
184KB

MD5
663108d65ccb7aff4299e474c9ab4caa

SHA1
b0681a09b7b6c73e2ca49d347f9284c8155886e5

SHA256
1141b5c1e3165e536b7891faaa18b9b954658fddd38631326f04d44ecf1dc2d9

SHA512
7a07da91ed0abadd482d3eea1b22605ebe3dd0ef2bb52b2a5fd7f867f62eedfe0463937aa72e2ead240ba4b90b1de4a00a1df0117e64e85c84dd8c9944648788

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe

Filesize
184KB

MD5
7b73452657c1343ba24e613a39f939d3

SHA1
32e31b5aaea2ea585fb86b7654abdf9a5e4a103f

SHA256
b0378e1ca8041c1ff4490b4f98e1fb602ec332c77ff9929ea72b099b13b60858

SHA512
a12a4b46c8f5fb8416fa885ebd708bd19b94c55fd4f1d54df5989330a9ca5ec9ea7594f4e7c4c4d99dbd66f6039f256a1c7841c2b7e438d8270889ef61fbcbfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe

Filesize
184KB

MD5
833c746ac31132007a1ed6cbf029b77b

SHA1
66e068c2ffc11ecc7b10581bab2df32d4e54a580

SHA256
2ab24fdee6d649ba67ef3a6b337d916ac819193186b55ceedb59dce97133743e

SHA512
f54f3a60f197af26113cd64b46a911368f29a0ce869345c13d754e0307604f624272240ba13e60a01a3568b88b4e4b9d948da83cb0b638566d57c5358ca40dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe

Filesize
184KB

MD5
6a7caf80c4c07e5adb8905e5f6bee23c

SHA1
94307390cbf2d84a90503812abf8f27001d8eda6

SHA256
d28295c0d4c26f96ebaa98024af6f8705c3624c0f11b06108ef4a32ff2e8726f

SHA512
751818d93c5229b020d6a5de6414733c569e6bb47263eb2c59b4ac24155955d4767c4a17b4fca74cf05079dd283017ae2c0c478bcaa0a71ec0a6ca3aafe7dd78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe

Filesize
184KB

MD5
a6f732b431a4486566d3901744c1a8b4

SHA1
c0e3484fff223ee78fd68fc21bb68718123c5153

SHA256
fe565478344fab95d2bfe87b9441ea334499fb9c85153af690a4a94d160f670e

SHA512
370bdb5d03b70da53d2b5423da69a5cecd48a5e8095f5be1a82aff6a621dfabe9fa206ee823c19a7ef0dc35d12d7db83e38ad7b82468f092553767bf67d761b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe

Filesize
184KB

MD5
9d84589d861b8be3bafdfda820872fb3

SHA1
92f68fbb147bbd1842b57993a8f7479a1e1cf3a5

SHA256
38a77d067757a5e17d972f230445315fd959fbdfa570a5cb9f088a703c0e4abe

SHA512
bc29b4c828e4e6dc3d6dbe7faa52ca18b73653b2f8a9b7393f979a51855a3b76659ef3bd564b98f7ce4a700112b24dc71321fbce62143f23c7d51822e1c4dcca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe

Filesize
184KB

MD5
4ccaaef8f37e9a8e4e093105cb1f29e9

SHA1
7937a0b98a5c034f905f8e5f6418ba681829d77f

SHA256
a18d1919b3b735d87c7f23310cbc135ced55c562524762699691ab8b9707431e

SHA512
3fab54701c9cd77d23e9170028414fa842edbd5d6ae5bd4a5f037932307f72783c57e06358f56df4c3f38aba108958f2b45c7918bf0ed2f39d0b2f9a573c9313

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe

Filesize
184KB

MD5
ab2968eba1904db60d629faf8a0aeaa6

SHA1
139a2155cba958ff71e0dffb24239a7ef730b710

SHA256
9712f4ef910088267316be7d9e85f3d5f36e115a5ccd9daa46111798e845a5bd

SHA512
3075f3a91253b472b1fa5ba4f7e19532114960c70a4110480d87d1ea4bb88401ea08c6b081d827b380918753ab41f447ca794a5d828733272750588ebed24d06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe

Filesize
184KB

MD5
2b50fbe7215535ee7e01d6013e5e7f9b

SHA1
c23809ed83683ab160947acfac927ec4b8b15614

SHA256
649d48082463344b9cee5ba1df28808f77bb0d7c657bd08c6ba5c94a0759d50b

SHA512
1215e767bb3b139a94c0a041e3d921d1b535fe46afe41996502222489fed7e948bccfce4cb9e539ee2159b90726912ed13eb50012f2a4451fad78b98b29a57da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe

Filesize
184KB

MD5
1c1079086d220079a2e608fbf8d68832

SHA1
04db5c0c083edbae424a2548baed183d5a37ae7f

SHA256
1a64a8e0c49974c27d9e096ed49d9cb0e81871c52613fc530abdac1ae8e71010

SHA512
a3bf507f76ac31126687feb590bbce1b92c44cc5c0b9471441a35e1cf0043790cb140e6f2d7618fcbd7352d51f98fb3ab7727cb3ffec952c1789052ad468c6b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe

Filesize
184KB

MD5
20dadd7301ec967224b8774cf3817768

SHA1
fd948e22ac811f65f9cee24b6a7ad4fb3b9c3244

SHA256
3bc61bffced2391eaa33ccc51e30ce9485651d40ab0ef4cbf0516f6eb9ab848f

SHA512
10672faaa26c88ef36a98243978f768c90678688c55c2b6a66799046483447ba0183b4056a59ec94cc8e4ae62226bfb2fab951a02c15081e201613e93fc143e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe

Filesize
184KB

MD5
a91c261e021d3f10a3e89fb855e2a139

SHA1
f95ae313d7b9939c3b515902c1f66d35645988ad

SHA256
75a9323276c103ea6b66d5d406e753c2600891e9724b4eeb8841f3d0e05fc75a

SHA512
e910f1ee57af2d980508fa23bfb9c3f3b20dc905a02059a2f7d2884a7d710fe8db6de10fbccf9063f3e91d5664185a3fc0e5be7937c94ae23c1cdd8305eeb404

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe

Filesize
184KB

MD5
22c9e73c9388f5bbc32e2736a04d7c01

SHA1
533f8565aa63b8a0327fd06a4b45249c43a7d2d3

SHA256
54622b2d3041380aa4b71aebdf9532eb97d5d9097ce6a57015bd6e34ecd6b9d6

SHA512
fe9af1aad25579bb631e0d896ce5cd90f09b136f806b2b97c36b18b8899670b5bd5388a81acd8693707638cdffa500a6947c0c053c9b454519c787cd9be7ae8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe

Filesize
184KB

MD5
f9d2b6cda6d8aad87fb6c0034fca447f

SHA1
62eee6bf7fd2b5f83f717a022c05d32d2c9a266d

SHA256
6d8ec71e22a7b87d29692c77f1620f5a911f9873d8cbe2dbcd04ff3e7c09de0d

SHA512
5683482e022b1627c762b8861271a812cc3ecd07b96fda90604a88da2f0b0ff49cb430d1ee86216049335a90e03b4071ad756233e01eae81048599c840bc93a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe

Filesize
184KB

MD5
df751b51b4d1596f061ef0ea1fea09f1

SHA1
f52e6cb3743d638a102b0427c3de335561856181

SHA256
efc0fafb87f4ee78779863fb546152668914a4ea048d366b404be29702e76bf6

SHA512
c03f37b5165fc019082a7a1ab9c7ff6a95c51cf32193a0962a3924471bf7d5f04534431bda46f589a3d5065c1d59b27d59d6c2293dc7ae7f9c0ab4db5b6e1d95

Download Submit
memory/15776-3157-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17392-2505-0x00007FFCB9910000-0x00007FFCB9B05000-memory.dmp

Filesize
2.0MB

Download