f34817191e3f496d003ace8cd2b3aafb824b22912058cd60a53ec467dbb02493

Analysis

max time kernel
148s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe
Size

184KB
MD5

16b05913148585e0bafc95921c0b5ac0
SHA1

d5e258a8f4b2e39b59356521516bd08b585272b6
SHA256

f34817191e3f496d003ace8cd2b3aafb824b22912058cd60a53ec467dbb02493
SHA512

ca53bbec36d3f99b130609292f38ab924eb04ce11ee3c294d9e3a090e691f8107ed4c5e8f925aab4e60d02f4aea83486c57dffc34ecab1aa649540f37be0821a
SSDEEP

3072:7G0aZCo0y5vNdtntZ7x8t5Xjlvnqnveud:7G+odbtnl8bXjlPqnveu

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Executes dropped EXE 64 IoCs

Processes:

Unicorn-25794.exeUnicorn-26347.exeUnicorn-6481.exeUnicorn-58386.exeUnicorn-25138.exeUnicorn-5272.exeUnicorn-51680.exeUnicorn-28226.exeUnicorn-54354.exeUnicorn-43986.exeUnicorn-8298.exeUnicorn-24207.exeUnicorn-8298.exeUnicorn-30073.exeUnicorn-53970.exeUnicorn-60395.exeUnicorn-13825.exeUnicorn-26632.exeUnicorn-24031.exeUnicorn-48418.exeUnicorn-61033.exeUnicorn-15361.exeUnicorn-61225.exeUnicorn-41681.exeUnicorn-15361.exeUnicorn-61547.exeUnicorn-18050.exeUnicorn-41792.exeUnicorn-12111.exeUnicorn-50722.exeUnicorn-17976.exeUnicorn-1.exeUnicorn-16530.exeUnicorn-16530.exeUnicorn-51890.exeUnicorn-31640.exeUnicorn-42361.exeUnicorn-48491.exeUnicorn-63737.exeUnicorn-49897.exeUnicorn-20296.exeUnicorn-20946.exeUnicorn-4801.exeUnicorn-44665.exeUnicorn-24248.exeUnicorn-27970.exeUnicorn-11057.exeUnicorn-4927.exeUnicorn-60066.exeUnicorn-24056.exeUnicorn-56345.exeUnicorn-39816.exeUnicorn-43730.exeUnicorn-7336.exeUnicorn-43922.exeUnicorn-10865.exeUnicorn-43922.exeUnicorn-4159.exeUnicorn-59298.exeUnicorn-59033.exeUnicorn-1551.exeUnicorn-27202.exeUnicorn-50361.exeUnicorn-12136.exe

pid	process
1144	Unicorn-25794.exe
548	Unicorn-26347.exe
4412	Unicorn-6481.exe
1736	Unicorn-58386.exe
2080	Unicorn-25138.exe
2936	Unicorn-5272.exe
328	Unicorn-51680.exe
3628	Unicorn-28226.exe
3792	Unicorn-54354.exe
5052	Unicorn-43986.exe
2832	Unicorn-8298.exe
1688	Unicorn-24207.exe
3292	Unicorn-8298.exe
4548	Unicorn-30073.exe
2028	Unicorn-53970.exe
4464	Unicorn-60395.exe
3708	Unicorn-13825.exe
2784	Unicorn-26632.exe
4496	Unicorn-24031.exe
3600	Unicorn-48418.exe
4980	Unicorn-61033.exe
1236	Unicorn-15361.exe
3772	Unicorn-61225.exe
1068	Unicorn-41681.exe
4728	Unicorn-15361.exe
4572	Unicorn-61547.exe
2676	Unicorn-18050.exe
1092	Unicorn-41792.exe
2796	Unicorn-12111.exe
4556	Unicorn-50722.exe
2988	Unicorn-17976.exe
856	Unicorn-1.exe
3720	Unicorn-16530.exe
4828	Unicorn-16530.exe
1924	Unicorn-51890.exe
5100	Unicorn-31640.exe
4468	Unicorn-42361.exe
4896	Unicorn-48491.exe
3596	Unicorn-63737.exe
1388	Unicorn-49897.exe
704	Unicorn-20296.exe
2464	Unicorn-20946.exe
876	Unicorn-4801.exe
4908	Unicorn-44665.exe
1276	Unicorn-24248.exe
1120	Unicorn-27970.exe
5144	Unicorn-11057.exe
5152	Unicorn-4927.exe
5176	Unicorn-60066.exe
5228	Unicorn-24056.exe
5268	Unicorn-56345.exe
5288	Unicorn-39816.exe
5192	Unicorn-43730.exe
5316	Unicorn-7336.exe
5244	Unicorn-43922.exe
5344	Unicorn-10865.exe
5236	Unicorn-43922.exe
5388	Unicorn-4159.exe
5416	Unicorn-59298.exe
5424	Unicorn-59033.exe
5456	Unicorn-1551.exe
5324	Unicorn-27202.exe
5396	Unicorn-50361.exe
5856	Unicorn-12136.exe

Program crash 15 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process
5792	5152	WerFault.exe
5332	856	WerFault.exe	Unicorn-1.exe
5588	856	WerFault.exe	Unicorn-1.exe
10212	10612	WerFault.exe	Unicorn-31275.exe
18124	15540	WerFault.exe	Unicorn-27608.exe
18116	15436	WerFault.exe	Unicorn-11656.exe
18156	15456	WerFault.exe	Unicorn-11656.exe
18184	15540	WerFault.exe	Unicorn-27608.exe
18176	15532	WerFault.exe	Unicorn-27608.exe
17084	15936	WerFault.exe	Unicorn-10504.exe
17056	15776	WerFault.exe	Unicorn-35202.exe
3736	16880	WerFault.exe	Unicorn-53321.exe
16420	16592		Unicorn-25198.exe
16620	6840
16060	6356		Unicorn-31646.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exedwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exedwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

Processes:

dwm.exedwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Modifies registry class 1 IoCs

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{4DBB1BEF-6E7E-44D7-A045-A7E6C688C97F}	explorer.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

dwm.exeexplorer.exedwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	18212	dwm.exe
Token: SeChangeNotifyPrivilege	18212	dwm.exe
Token: 33	18212	dwm.exe
Token: SeIncBasePriorityPrivilege	18212	dwm.exe
Token: SeShutdownPrivilege	1944	explorer.exe
Token: SeCreatePagefilePrivilege	1944	explorer.exe
Token: SeShutdownPrivilege	1944	explorer.exe
Token: SeCreatePagefilePrivilege	1944	explorer.exe
Token: SeCreateGlobalPrivilege	16380	dwm.exe
Token: SeChangeNotifyPrivilege	16380	dwm.exe
Token: 33	16380	dwm.exe
Token: SeIncBasePriorityPrivilege	16380	dwm.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

sihost.exe

pid process

18140 sihost.exe

pid	process
18140	sihost.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exeUnicorn-25794.exeUnicorn-26347.exeUnicorn-6481.exeUnicorn-58386.exeUnicorn-25138.exeUnicorn-5272.exeUnicorn-51680.exeUnicorn-28226.exeUnicorn-54354.exeUnicorn-43986.exeUnicorn-8298.exeUnicorn-30073.exeUnicorn-8298.exeUnicorn-24207.exeUnicorn-53970.exeUnicorn-60395.exeUnicorn-13825.exeUnicorn-26632.exeUnicorn-24031.exeUnicorn-48418.exeUnicorn-15361.exeUnicorn-61033.exeUnicorn-61225.exeUnicorn-41681.exeUnicorn-18050.exeUnicorn-50722.exeUnicorn-15361.exeUnicorn-61547.exeUnicorn-12111.exeUnicorn-41792.exeUnicorn-17976.exeUnicorn-1.exeUnicorn-16530.exeUnicorn-51890.exeUnicorn-16530.exeUnicorn-31640.exeUnicorn-42361.exeUnicorn-48491.exeUnicorn-20296.exeUnicorn-49897.exeUnicorn-63737.exeUnicorn-20946.exeUnicorn-44665.exeUnicorn-4801.exeUnicorn-27970.exeUnicorn-24248.exeUnicorn-11057.exeUnicorn-4927.exeUnicorn-60066.exeUnicorn-24056.exeUnicorn-10865.exeUnicorn-43730.exeUnicorn-7336.exeUnicorn-56345.exeUnicorn-43922.exeUnicorn-39816.exeUnicorn-27202.exeUnicorn-43922.exeUnicorn-59033.exeUnicorn-4159.exeUnicorn-1551.exeUnicorn-59298.exeUnicorn-50361.exe

pid	process
764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe
1144	Unicorn-25794.exe
548	Unicorn-26347.exe
4412	Unicorn-6481.exe
1736	Unicorn-58386.exe
2080	Unicorn-25138.exe
2936	Unicorn-5272.exe
328	Unicorn-51680.exe
3628	Unicorn-28226.exe
3792	Unicorn-54354.exe
5052	Unicorn-43986.exe
2832	Unicorn-8298.exe
4548	Unicorn-30073.exe
3292	Unicorn-8298.exe
1688	Unicorn-24207.exe
2028	Unicorn-53970.exe
4464	Unicorn-60395.exe
3708	Unicorn-13825.exe
2784	Unicorn-26632.exe
4496	Unicorn-24031.exe
3600	Unicorn-48418.exe
1236	Unicorn-15361.exe
4980	Unicorn-61033.exe
3772	Unicorn-61225.exe
1068	Unicorn-41681.exe
2676	Unicorn-18050.exe
4556	Unicorn-50722.exe
4728	Unicorn-15361.exe
4572	Unicorn-61547.exe
2796	Unicorn-12111.exe
1092	Unicorn-41792.exe
2988	Unicorn-17976.exe
856	Unicorn-1.exe
3720	Unicorn-16530.exe
1924	Unicorn-51890.exe
4828	Unicorn-16530.exe
5100	Unicorn-31640.exe
4468	Unicorn-42361.exe
4896	Unicorn-48491.exe
704	Unicorn-20296.exe
1388	Unicorn-49897.exe
3596	Unicorn-63737.exe
2464	Unicorn-20946.exe
4908	Unicorn-44665.exe
876	Unicorn-4801.exe
1120	Unicorn-27970.exe
1276	Unicorn-24248.exe
5144	Unicorn-11057.exe
5152	Unicorn-4927.exe
5176	Unicorn-60066.exe
5228	Unicorn-24056.exe
5344	Unicorn-10865.exe
5192	Unicorn-43730.exe
5316	Unicorn-7336.exe
5268	Unicorn-56345.exe
5244	Unicorn-43922.exe
5288	Unicorn-39816.exe
5324	Unicorn-27202.exe
5236	Unicorn-43922.exe
5424	Unicorn-59033.exe
5388	Unicorn-4159.exe
5456	Unicorn-1551.exe
5416	Unicorn-59298.exe
5396	Unicorn-50361.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exeUnicorn-25794.exeUnicorn-26347.exeUnicorn-6481.exeUnicorn-25138.exeUnicorn-58386.exeUnicorn-51680.exeUnicorn-5272.exeUnicorn-28226.exeUnicorn-54354.exeUnicorn-8298.exeUnicorn-8298.exe

description	pid	process	target process
PID 764 wrote to memory of 1144	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-25794.exe
PID 764 wrote to memory of 1144	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-25794.exe
PID 764 wrote to memory of 1144	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-25794.exe
PID 764 wrote to memory of 4412	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-6481.exe
PID 764 wrote to memory of 4412	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-6481.exe
PID 764 wrote to memory of 4412	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-6481.exe
PID 1144 wrote to memory of 548	1144	Unicorn-25794.exe	Unicorn-26347.exe
PID 1144 wrote to memory of 548	1144	Unicorn-25794.exe	Unicorn-26347.exe
PID 1144 wrote to memory of 548	1144	Unicorn-25794.exe	Unicorn-26347.exe
PID 548 wrote to memory of 1736	548	Unicorn-26347.exe	Unicorn-58386.exe
PID 548 wrote to memory of 1736	548	Unicorn-26347.exe	Unicorn-58386.exe
PID 548 wrote to memory of 1736	548	Unicorn-26347.exe	Unicorn-58386.exe
PID 4412 wrote to memory of 2080	4412	Unicorn-6481.exe	Unicorn-25138.exe
PID 4412 wrote to memory of 2080	4412	Unicorn-6481.exe	Unicorn-25138.exe
PID 4412 wrote to memory of 2080	4412	Unicorn-6481.exe	Unicorn-25138.exe
PID 1144 wrote to memory of 2936	1144	Unicorn-25794.exe	Unicorn-5272.exe
PID 1144 wrote to memory of 2936	1144	Unicorn-25794.exe	Unicorn-5272.exe
PID 1144 wrote to memory of 2936	1144	Unicorn-25794.exe	Unicorn-5272.exe
PID 764 wrote to memory of 328	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-51680.exe
PID 764 wrote to memory of 328	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-51680.exe
PID 764 wrote to memory of 328	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-51680.exe
PID 2080 wrote to memory of 3628	2080	Unicorn-25138.exe	Unicorn-28226.exe
PID 2080 wrote to memory of 3628	2080	Unicorn-25138.exe	Unicorn-28226.exe
PID 2080 wrote to memory of 3628	2080	Unicorn-25138.exe	Unicorn-28226.exe
PID 4412 wrote to memory of 3792	4412	Unicorn-6481.exe	Unicorn-54354.exe
PID 4412 wrote to memory of 3792	4412	Unicorn-6481.exe	Unicorn-54354.exe
PID 4412 wrote to memory of 3792	4412	Unicorn-6481.exe	Unicorn-54354.exe
PID 1736 wrote to memory of 5052	1736	Unicorn-58386.exe	Unicorn-43986.exe
PID 1736 wrote to memory of 5052	1736	Unicorn-58386.exe	Unicorn-43986.exe
PID 1736 wrote to memory of 5052	1736	Unicorn-58386.exe	Unicorn-43986.exe
PID 328 wrote to memory of 2832	328	Unicorn-51680.exe	Unicorn-8298.exe
PID 328 wrote to memory of 2832	328	Unicorn-51680.exe	Unicorn-8298.exe
PID 328 wrote to memory of 2832	328	Unicorn-51680.exe	Unicorn-8298.exe
PID 1144 wrote to memory of 1688	1144	Unicorn-25794.exe	Unicorn-24207.exe
PID 1144 wrote to memory of 1688	1144	Unicorn-25794.exe	Unicorn-24207.exe
PID 1144 wrote to memory of 1688	1144	Unicorn-25794.exe	Unicorn-24207.exe
PID 2936 wrote to memory of 3292	2936	Unicorn-5272.exe	Unicorn-8298.exe
PID 2936 wrote to memory of 3292	2936	Unicorn-5272.exe	Unicorn-8298.exe
PID 2936 wrote to memory of 3292	2936	Unicorn-5272.exe	Unicorn-8298.exe
PID 764 wrote to memory of 4548	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-30073.exe
PID 764 wrote to memory of 4548	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-30073.exe
PID 764 wrote to memory of 4548	764	16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe	Unicorn-30073.exe
PID 548 wrote to memory of 2028	548	Unicorn-26347.exe	Unicorn-53970.exe
PID 548 wrote to memory of 2028	548	Unicorn-26347.exe	Unicorn-53970.exe
PID 548 wrote to memory of 2028	548	Unicorn-26347.exe	Unicorn-53970.exe
PID 3628 wrote to memory of 4464	3628	Unicorn-28226.exe	Unicorn-60395.exe
PID 3628 wrote to memory of 4464	3628	Unicorn-28226.exe	Unicorn-60395.exe
PID 3628 wrote to memory of 4464	3628	Unicorn-28226.exe	Unicorn-60395.exe
PID 3792 wrote to memory of 3708	3792	Unicorn-54354.exe	Unicorn-13825.exe
PID 3792 wrote to memory of 3708	3792	Unicorn-54354.exe	Unicorn-13825.exe
PID 3792 wrote to memory of 3708	3792	Unicorn-54354.exe	Unicorn-13825.exe
PID 2080 wrote to memory of 2784	2080	Unicorn-25138.exe	Unicorn-26632.exe
PID 2080 wrote to memory of 2784	2080	Unicorn-25138.exe	Unicorn-26632.exe
PID 2080 wrote to memory of 2784	2080	Unicorn-25138.exe	Unicorn-26632.exe
PID 4412 wrote to memory of 4496	4412	Unicorn-6481.exe	Unicorn-24031.exe
PID 4412 wrote to memory of 4496	4412	Unicorn-6481.exe	Unicorn-24031.exe
PID 4412 wrote to memory of 4496	4412	Unicorn-6481.exe	Unicorn-24031.exe
PID 3292 wrote to memory of 3600	3292	Unicorn-8298.exe	Unicorn-48418.exe
PID 3292 wrote to memory of 3600	3292	Unicorn-8298.exe	Unicorn-48418.exe
PID 3292 wrote to memory of 3600	3292	Unicorn-8298.exe	Unicorn-48418.exe
PID 2936 wrote to memory of 4980	2936	Unicorn-5272.exe	Unicorn-61033.exe
PID 2936 wrote to memory of 4980	2936	Unicorn-5272.exe	Unicorn-61033.exe
PID 2936 wrote to memory of 4980	2936	Unicorn-5272.exe	Unicorn-61033.exe
PID 2832 wrote to memory of 1236	2832	Unicorn-8298.exe	Unicorn-15361.exe

C:\Users\Admin\AppData\Local\Temp\16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\16b05913148585e0bafc95921c0b5ac0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-15361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15361.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
8⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
9⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
10⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
10⤵
PID:12144

C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
10⤵
PID:17116

C:\Users\Admin\AppData\Local\Temp\Unicorn-16094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16094.exe
10⤵
PID:9540

C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
9⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-38921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38921.exe
9⤵
PID:13244

C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
9⤵
PID:16648

C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
8⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
9⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
9⤵
PID:12204

C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
9⤵
PID:15548

C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
9⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
8⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-11905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11905.exe
8⤵
PID:11680

C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
8⤵
PID:16112

C:\Users\Admin\AppData\Local\Temp\Unicorn-7265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7265.exe
8⤵
PID:15540

C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
8⤵
PID:17056

C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
7⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
8⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
8⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
8⤵
PID:13648

C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe
8⤵
PID:17316

C:\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
8⤵
PID:17484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
8⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
7⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
8⤵
PID:14640

C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
8⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
7⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
7⤵
PID:13932

C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
7⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
7⤵
PID:17828

C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
7⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
8⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
9⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
9⤵
PID:13856

C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
9⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
8⤵
PID:9252

C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
8⤵
PID:13612

C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
8⤵
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
8⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
7⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
8⤵
PID:13776

C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
7⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
7⤵
PID:14000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
7⤵
PID:17040

C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
7⤵
PID:9460

C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
6⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
7⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
7⤵
PID:10328

C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
7⤵
PID:15192

C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
7⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-29922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29922.exe
6⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
7⤵
PID:12176

C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
7⤵
PID:15484

C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
7⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
7⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
6⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
6⤵
PID:13400

C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
6⤵
PID:17744

C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
7⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
8⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
9⤵
PID:8612

C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
9⤵
PID:12440

C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
9⤵
PID:17108

C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
9⤵
PID:16524

C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
9⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
8⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
8⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
8⤵
PID:17680

C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
8⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
7⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
7⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
7⤵
PID:14456

C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
7⤵
PID:16672

C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
6⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
7⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
8⤵
PID:9356

C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
8⤵
PID:14548

C:\Users\Admin\AppData\Local\Temp\Unicorn-9864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9864.exe
8⤵
PID:17732

C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
7⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
7⤵
PID:15176

C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
7⤵
PID:9288

C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
6⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
6⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
6⤵
PID:14836

C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
6⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
6⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4159.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe
6⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
7⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
8⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
8⤵
PID:14028

C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
8⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
7⤵
PID:10360

C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
7⤵
PID:13704

C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
7⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
7⤵
PID:16400

C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
6⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-29026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29026.exe
7⤵
PID:12024

C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
7⤵
PID:16076

C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
7⤵
PID:15456

C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
6⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
6⤵
PID:15120

C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
6⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
5⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
6⤵
PID:8788

C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
7⤵
PID:14932

C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
6⤵
PID:11304

C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
6⤵
PID:13764

C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
6⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
6⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
5⤵
PID:100

C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
5⤵
PID:11532

C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
5⤵
PID:15812

C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
5⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe
7⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
8⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
9⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
9⤵
PID:13848

C:\Users\Admin\AppData\Local\Temp\Unicorn-10440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10440.exe
9⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
8⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
8⤵
PID:13708

C:\Users\Admin\AppData\Local\Temp\Unicorn-5537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5537.exe
8⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
8⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
7⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe
8⤵
PID:11944

C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
8⤵
PID:16568

C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
7⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
7⤵
PID:13984

C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
7⤵
PID:17684

C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
6⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
7⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
7⤵
PID:12236

C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
7⤵
PID:15564

C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
7⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
7⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
6⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
6⤵
PID:12836

C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
6⤵
PID:16084

C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
6⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
6⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
7⤵
PID:11332

C:\Users\Admin\AppData\Local\Temp\Unicorn-17905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17905.exe
7⤵
PID:14440

C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
7⤵
PID:17552

C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
6⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
6⤵
PID:12324

C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
6⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
6⤵
PID:17852

C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
5⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
6⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
6⤵
PID:12124

C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
6⤵
PID:15464

C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
6⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
5⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
5⤵
PID:12308

C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
5⤵
PID:15388

C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
6⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
7⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
8⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
8⤵
PID:11996

C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
8⤵
PID:15376

C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
7⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
7⤵
PID:13328

C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
7⤵
PID:17144

C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
7⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
6⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
6⤵
PID:11588

C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
6⤵
PID:15820

C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
6⤵
PID:15728

C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
6⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
5⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
6⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
6⤵
PID:11864

C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
6⤵
PID:15928

C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
6⤵
PID:64

C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
5⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
5⤵
PID:12296

C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
5⤵
PID:14784

C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
5⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-59033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59033.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
5⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
6⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
6⤵
PID:14040

C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
6⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
6⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-11601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11601.exe
5⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
5⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
5⤵
PID:17336

C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
5⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
5⤵
PID:18292

C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
4⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
5⤵
PID:8916

C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
6⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
5⤵
PID:11840

C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
5⤵
PID:15496

C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
5⤵
PID:18268

C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
5⤵
PID:17396

C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
4⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
4⤵
PID:11296

C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
4⤵
PID:15684

C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
4⤵
PID:17648

C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
7⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
8⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
9⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
9⤵
PID:13484

C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
9⤵
PID:16672

C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
9⤵
PID:17840

C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
9⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
8⤵
PID:7344

C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
8⤵
PID:12808

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
8⤵
PID:16092

C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
8⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
7⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
8⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
8⤵
PID:14736

C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
7⤵
PID:9520

C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
7⤵
PID:12952

C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
7⤵
PID:16868

C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
7⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
6⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
7⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
8⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
8⤵
PID:11444

C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
8⤵
PID:17100

C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
8⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
7⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
7⤵
PID:12828

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
7⤵
PID:15492

C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
7⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
6⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
7⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
7⤵
PID:11560

C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
7⤵
PID:15804

C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
7⤵
PID:16188

C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
7⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
6⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
6⤵
PID:12864

C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
6⤵
PID:15384

C:\Users\Admin\AppData\Local\Temp\Unicorn-39919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39919.exe
6⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
6⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
7⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
7⤵
PID:11460

C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
7⤵
PID:15784

C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
6⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
6⤵
PID:12688

C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
6⤵
PID:15796

C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
6⤵
PID:17844

C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
5⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
6⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
6⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
6⤵
PID:12916

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
6⤵
PID:15628

C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
5⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
6⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
6⤵
PID:12132

C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
6⤵
PID:15424

C:\Users\Admin\AppData\Local\Temp\Unicorn-30738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30738.exe
6⤵
PID:18244

C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
5⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
5⤵
PID:12896

C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
5⤵
PID:16160

C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
6⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
7⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
7⤵
PID:9552

C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
7⤵
PID:13384

C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
7⤵
PID:12012

C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
7⤵
PID:17804

C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
7⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
6⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
7⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
6⤵
PID:10036

C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
6⤵
PID:14820

C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
6⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
5⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-21074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21074.exe
6⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
7⤵
PID:11604

C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
7⤵
PID:14876

C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
7⤵
PID:17240

C:\Users\Admin\AppData\Local\Temp\Unicorn-22072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22072.exe
6⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
6⤵
PID:13472

C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
6⤵
PID:17276

C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
6⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
6⤵
PID:16732

C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
5⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
6⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
6⤵
PID:14608

C:\Users\Admin\AppData\Local\Temp\Unicorn-59065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59065.exe
6⤵
PID:17480

C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
6⤵
PID:17816

C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
5⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
5⤵
PID:12552

C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
5⤵
PID:17260

C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
5⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
5⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
6⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
7⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
7⤵
PID:12244

C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
7⤵
PID:15580

C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
7⤵
PID:368

C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
7⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
6⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
6⤵
PID:12764

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
6⤵
PID:16168

C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
6⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
5⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
6⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
6⤵
PID:12356

C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
6⤵
PID:16692

C:\Users\Admin\AppData\Local\Temp\Unicorn-59529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59529.exe
5⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
5⤵
PID:12848

C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
5⤵
PID:16040

C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
5⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-25017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25017.exe
4⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
5⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
6⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
6⤵
PID:12228

C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
6⤵
PID:15540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 15540 -s 436
7⤵
- Program crash
PID:18124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 15540 -s 424
7⤵
- Program crash
PID:18184

C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
6⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
5⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
5⤵
PID:12876

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
5⤵
PID:16280

C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
5⤵
PID:17128

C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
4⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
5⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
5⤵
PID:13952

C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
5⤵
PID:16684

C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
5⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
4⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
4⤵
PID:13048

C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
4⤵
PID:17320

C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
6⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
7⤵
PID:11112

C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
7⤵
PID:14492

C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
6⤵
PID:9316

C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
6⤵
PID:15164

C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
5⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
6⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
7⤵
PID:16268

C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
7⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
7⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
6⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
6⤵
PID:13680

C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
6⤵
PID:17416

C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
6⤵
PID:16272

C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
6⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
5⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
5⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
5⤵
PID:13548

C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
5⤵
PID:460

C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
5⤵
PID:17336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
5⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
6⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
7⤵
PID:12368

C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
7⤵
PID:16560

C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
6⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
6⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
6⤵
PID:17164

C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
6⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
5⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
5⤵
PID:11388

C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
5⤵
PID:14500

C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
5⤵
PID:17024

C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
5⤵
PID:15404

C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
4⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
5⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
5⤵
PID:12004

C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
5⤵
PID:14844

C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
5⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
4⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
4⤵
PID:12924

C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
4⤵
PID:15996

C:\Users\Admin\AppData\Local\Temp\Unicorn-54911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54911.exe
4⤵
PID:9568

C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
5⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
6⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
6⤵
PID:15532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 15532 -s 412
7⤵
- Program crash
PID:18176

C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
6⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
5⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
5⤵
PID:12676

C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
5⤵
PID:17300

C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
5⤵
PID:9564

C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
4⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
5⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
6⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
6⤵
PID:15340

C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
6⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
5⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
5⤵
PID:12728

C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
5⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
5⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
4⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
4⤵
PID:11624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
4⤵
PID:14588

C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
4⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
4⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
4⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
5⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
6⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
6⤵
PID:14848

C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
6⤵
PID:18220

C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
6⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
5⤵
PID:10916

C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
5⤵
PID:13408

C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
5⤵
PID:17700

C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
4⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
5⤵
PID:13800

C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
5⤵
PID:16888

C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
5⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-24760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24760.exe
5⤵
PID:18320

C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
4⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\Unicorn-34802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34802.exe
4⤵
PID:13904

C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe
4⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
4⤵
PID:17432

C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
4⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
3⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
4⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-13409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13409.exe
5⤵
PID:15880

C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
5⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
4⤵
PID:11856

C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
4⤵
PID:16064

C:\Users\Admin\AppData\Local\Temp\Unicorn-6906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6906.exe
3⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
3⤵
PID:12380

C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
3⤵
PID:15420

C:\Users\Admin\AppData\Local\Temp\Unicorn-15095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15095.exe
3⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 724
7⤵
- Program crash
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 744
7⤵
- Program crash
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
6⤵
- Executes dropped EXE
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
7⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
8⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
8⤵
PID:10416

C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
8⤵
PID:13816

C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
8⤵
PID:17532

C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
8⤵
PID:18208

C:\Users\Admin\AppData\Local\Temp\Unicorn-264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-264.exe
7⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
8⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-23473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23473.exe
8⤵
PID:14508

C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
8⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
8⤵
PID:17320

C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
7⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
7⤵
PID:15152

C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
6⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
7⤵
PID:11668

C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
7⤵
PID:14920

C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
7⤵
PID:17996

C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
6⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
6⤵
PID:12932

C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
6⤵
PID:16376

C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
6⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
7⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
8⤵
PID:10004

C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
7⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
7⤵
PID:12656

C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
7⤵
PID:15892

C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
6⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
7⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
7⤵
PID:18328

C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
7⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
6⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
6⤵
PID:12988

C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
6⤵
PID:17184

C:\Users\Admin\AppData\Local\Temp\Unicorn-34497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34497.exe
6⤵
PID:14252

C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
5⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
6⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
7⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
7⤵
PID:10504

C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
7⤵
PID:13824

C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
7⤵
PID:17424

C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
7⤵
PID:16928

C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
6⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
6⤵
PID:11480

C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
6⤵
PID:14828

C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
6⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
5⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
6⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
6⤵
PID:12100

C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
6⤵
PID:15448

C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
6⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
6⤵
PID:16972

C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
5⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
5⤵
PID:12360

C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
5⤵
PID:16348

C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
6⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
7⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
8⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
8⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
8⤵
PID:15208

C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
8⤵
PID:18416

C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
8⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
7⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
7⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
7⤵
PID:14464

C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe
7⤵
PID:15680

C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
7⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
6⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
7⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
7⤵
PID:14800

C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
7⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
6⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
6⤵
PID:13228

C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
6⤵
PID:16612

C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
5⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-59506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59506.exe
6⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
7⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
8⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
8⤵
PID:14180

C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
8⤵
PID:17376

C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
8⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
7⤵
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
7⤵
PID:13852

C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
7⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
7⤵
PID:17420

C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
7⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-264.exe
6⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
6⤵
PID:10604

C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
6⤵
PID:14948

C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
6⤵
PID:18236

C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
6⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
5⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
6⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
6⤵
PID:12464

C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
6⤵
PID:17268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
6⤵
PID:17952

C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
5⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
5⤵
PID:12668

C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
5⤵
PID:15876

C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
5⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
6⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
7⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
7⤵
PID:13216

C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
6⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
6⤵
PID:13520

C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
6⤵
PID:16768

C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
6⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
5⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
6⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
6⤵
PID:12108

C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
6⤵
PID:15456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 15456 -s 440
7⤵
- Program crash
PID:18156

C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
6⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
6⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
5⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
5⤵
PID:12712

C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
5⤵
PID:15512

C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
4⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
5⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
6⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
6⤵
PID:12092

C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
6⤵
PID:15472

C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
6⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
5⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
5⤵
PID:12752

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
5⤵
PID:16188

C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
5⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
4⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
5⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
5⤵
PID:11284

C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
5⤵
PID:15920

C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
5⤵
PID:14264

C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
4⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
4⤵
PID:11568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
4⤵
PID:15412

C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
4⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
6⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
7⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
8⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
8⤵
PID:14804

C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
8⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
7⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
7⤵
PID:12784

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
7⤵
PID:15400

C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
7⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe
6⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
7⤵
PID:11620

C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
7⤵
PID:16100

C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
6⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
6⤵
PID:12844

C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
6⤵
PID:16900

C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
6⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
5⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
6⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
7⤵
PID:9276

C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
7⤵
PID:12744

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
7⤵
PID:16336

C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
7⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
6⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
6⤵
PID:12776

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
6⤵
PID:15408

C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
6⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
5⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
6⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
6⤵
PID:11584

C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
6⤵
PID:15504

C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
5⤵
PID:9424

C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
5⤵
PID:13252

C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
5⤵
PID:16480

C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
5⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
6⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
7⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
7⤵
PID:12116

C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
7⤵
PID:15436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 15436 -s 436
8⤵
- Program crash
PID:18116

C:\Users\Admin\AppData\Local\Temp\Unicorn-23810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23810.exe
7⤵
PID:18136

C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
7⤵
PID:8976

C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
6⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
6⤵
PID:11424

C:\Users\Admin\AppData\Local\Temp\Unicorn-43570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43570.exe
6⤵
PID:16368

C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
6⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-64249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64249.exe
5⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
6⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
6⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
6⤵
PID:17176

C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
6⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
5⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
5⤵
PID:13260

C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
5⤵
PID:16472

C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
5⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
5⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
4⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
5⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
6⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
6⤵
PID:14528

C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
6⤵
PID:17496

C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
5⤵
PID:8316

C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
5⤵
PID:12800

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
5⤵
PID:15692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
5⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
4⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
5⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 468
6⤵
- Program crash
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
5⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-27720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27720.exe
5⤵
PID:16548

C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
5⤵
PID:9604

C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
4⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
4⤵
PID:12456

C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
4⤵
PID:17280

C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
4⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
5⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-61042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61042.exe
6⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
7⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
7⤵
PID:11720

C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
7⤵
PID:16248

C:\Users\Admin\AppData\Local\Temp\Unicorn-23992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23992.exe
7⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
7⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
6⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
6⤵
PID:11472

C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
6⤵
PID:15776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 15776 -s 464
7⤵
- Program crash
PID:17056

C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
6⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
5⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
6⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
6⤵
PID:12220

C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
6⤵
PID:15596

C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
6⤵
PID:16592

C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
5⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
5⤵
PID:12904

C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
5⤵
PID:16144

C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
4⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
5⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
6⤵
PID:9404

C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
6⤵
PID:13672

C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
6⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
6⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
5⤵
PID:8476

C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
5⤵
PID:12792

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
5⤵
PID:14916

C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
5⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
4⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
5⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
5⤵
PID:14196

C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
5⤵
PID:17140

C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
5⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
4⤵
PID:9372

C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
4⤵
PID:13236

C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
4⤵
PID:16416

C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
4⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
4⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
5⤵
PID:7884

C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
6⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
6⤵
PID:12196

C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
6⤵
PID:15524

C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
6⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-12161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12161.exe
5⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
5⤵
PID:12344

C:\Users\Admin\AppData\Local\Temp\Unicorn-43570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43570.exe
5⤵
PID:16360

C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
5⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
4⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
5⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
5⤵
PID:14172

C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
5⤵
PID:17088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
5⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
4⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
4⤵
PID:14628

C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
4⤵
PID:13500

C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
3⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
4⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
5⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
5⤵
PID:12448

C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
5⤵
PID:17156

C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
5⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
4⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
4⤵
PID:12940

C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
4⤵
PID:32

C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
4⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
3⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
4⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
4⤵
PID:12212

C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
4⤵
PID:15516

C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
4⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
4⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
3⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
3⤵
PID:12820

C:\Users\Admin\AppData\Local\Temp\Unicorn-9337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9337.exe
3⤵
PID:16244

C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
3⤵
PID:16464

C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-15361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15361.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
6⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
7⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
8⤵
PID:10776

C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
8⤵
PID:17708

C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
7⤵
PID:10424

C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
7⤵
PID:13748

C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
7⤵
PID:16836

C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
7⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
6⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
7⤵
PID:14280

C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
7⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-37362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37362.exe
6⤵
PID:10600

C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
6⤵
PID:14956

C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
6⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
5⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
6⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
7⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
7⤵
PID:12760

C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
7⤵
PID:17356

C:\Users\Admin\AppData\Local\Temp\Unicorn-16094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16094.exe
7⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
6⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
6⤵
PID:12472

C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
6⤵
PID:17248

C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
6⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
5⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
6⤵
PID:11096

C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
6⤵
PID:14756

C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
6⤵
PID:16480

C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
5⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
5⤵
PID:12968

C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
5⤵
PID:17308

C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
5⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
5⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
6⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
7⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
7⤵
PID:12252

C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
7⤵
PID:15556

C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
7⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-15560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15560.exe
6⤵
PID:9228

C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
6⤵
PID:14344

C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
6⤵
PID:17720

C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
6⤵
PID:15380

C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
6⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
5⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-10906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10906.exe
6⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
6⤵
PID:13716

C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
6⤵
PID:17496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
6⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
6⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
5⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
5⤵
PID:13000

C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
5⤵
PID:17292

C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
5⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
4⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
5⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
6⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
6⤵
PID:14188

C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
6⤵
PID:17152

C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
5⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
5⤵
PID:13724

C:\Users\Admin\AppData\Local\Temp\Unicorn-5537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5537.exe
5⤵
PID:412

C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
5⤵
PID:9988

C:\Users\Admin\AppData\Local\Temp\Unicorn-43497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43497.exe
4⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
5⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
5⤵
PID:15000

C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
5⤵
PID:18276

C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
5⤵
PID:18428

C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
5⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
4⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
4⤵
PID:14788

C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
4⤵
PID:18236

C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
5⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
6⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
7⤵
PID:11612

C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
7⤵
PID:15048

C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
7⤵
PID:16516

C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
6⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
6⤵
PID:12872

C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
6⤵
PID:17364

C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
6⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
6⤵
PID:17156

C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
5⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
6⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
6⤵
PID:14860

C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
5⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
5⤵
PID:13440

C:\Users\Admin\AppData\Local\Temp\Unicorn-18193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18193.exe
5⤵
PID:16876

C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
5⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
4⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
5⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
6⤵
PID:13372

C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
6⤵
PID:16520

C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
6⤵
PID:17044

C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
5⤵
PID:10664

C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
5⤵
PID:15216

C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
5⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
5⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
4⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
4⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
4⤵
PID:15144

C:\Users\Admin\AppData\Local\Temp\Unicorn-26870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26870.exe
4⤵
PID:15108

C:\Users\Admin\AppData\Local\Temp\Unicorn-55487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55487.exe
4⤵
PID:14248

C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 472
4⤵
- Program crash
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
3⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
4⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
4⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
4⤵
PID:13696

C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
4⤵
PID:16516

C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
4⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
3⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
3⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
3⤵
PID:13100

C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
3⤵
PID:212

C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
3⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
5⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
6⤵
PID:400

C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
6⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
6⤵
PID:14444

C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
6⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
6⤵
PID:17668

C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
6⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
5⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
5⤵
PID:11496

C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
5⤵
PID:14872

C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
4⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
5⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
5⤵
PID:11292

C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
5⤵
PID:15936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 15936 -s 464
6⤵
- Program crash
PID:17084

C:\Users\Admin\AppData\Local\Temp\Unicorn-28911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28911.exe
4⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
4⤵
PID:12336

C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
4⤵
PID:15444

C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
4⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
4⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
5⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
5⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
5⤵
PID:15184

C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
5⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
4⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
5⤵
PID:15312

C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
5⤵
PID:18056

C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
4⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
4⤵
PID:15132

C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
4⤵
PID:8336

C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
3⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-1473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1473.exe
4⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
5⤵
PID:12624

C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
5⤵
PID:16880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 16880 -s 460
6⤵
- Program crash
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
4⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
4⤵
PID:15224

C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
4⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
3⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
4⤵
PID:10100

C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
4⤵
PID:14148

C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
4⤵
PID:17076

C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
4⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
3⤵
PID:10856

C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
3⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-42192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42192.exe
3⤵
PID:16108

C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
4⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
5⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
5⤵
PID:12436

C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
5⤵
PID:17124

C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
5⤵
PID:17720

C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
5⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-11601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11601.exe
4⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
4⤵
PID:13464

C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
4⤵
PID:16692

C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
4⤵
PID:15896

C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
4⤵
PID:13080

C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
3⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
4⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
5⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
5⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
5⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
4⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
4⤵
PID:15244

C:\Users\Admin\AppData\Local\Temp\Unicorn-10472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10472.exe
4⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
4⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
4⤵
PID:9612

C:\Users\Admin\AppData\Local\Temp\Unicorn-37632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37632.exe
3⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
4⤵
PID:13860

C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
4⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
3⤵
PID:10696

C:\Users\Admin\AppData\Local\Temp\Unicorn-64512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64512.exe
3⤵
PID:13976

C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
3⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
3⤵
PID:17072

C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
3⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
4⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
5⤵
PID:16932

C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
4⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
4⤵
PID:13492

C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
4⤵
PID:17432

C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
4⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
4⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
3⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-1512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1512.exe
3⤵
PID:10552

C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
3⤵
PID:15292

C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
3⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\Unicorn-2865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2865.exe
2⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-30571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30571.exe
3⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
3⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
3⤵
PID:14808

C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
2⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
2⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
2⤵
PID:15236

C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
2⤵
PID:17244

C:\Users\Admin\AppData\Local\Temp\Unicorn-61440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61440.exe
2⤵
PID:13916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4116,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:8
1⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5152 -ip 5152
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 856 -ip 856
1⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 856 -ip 856
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 10612 -ip 10612
1⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 15436 -ip 15436
1⤵
PID:17920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 15496 -ip 15496
1⤵
PID:17948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 15456 -ip 15456
1⤵
PID:17964

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Suspicious use of FindShellTrayWindow
PID:18140

C:\Windows\explorer.exe
explorer.exe /LOADSAVEDWINDOWS
2⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 15424 -ip 15424
1⤵
PID:18196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 15936 -ip 15936
1⤵
PID:17444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 15776 -ip 15776
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 15928 -ip 15928
1⤵
PID:17572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 16360 -ip 16360
1⤵
PID:18188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 15444 -ip 15444
1⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 16244 -ip 16244
1⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 16084 -ip 16084
1⤵
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 16612 -ip 16612
1⤵
PID:17384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 16188 -ip 16188
1⤵
PID:17864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 16648 -ip 16648
1⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 16280 -ip 16280
1⤵
PID:15048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 16472 -ip 16472
1⤵
PID:17700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 16560 -ip 16560
1⤵
PID:17500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 16900 -ip 16900
1⤵
PID:17956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 17100 -ip 17100
1⤵
PID:212

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18212

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16380

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
Filesize
184KB

MD5
ac30ed15e9a3f4654af9d7d7c46fc618

SHA1
3c5f5efc4defbc7891de04e356821291948815da

SHA256
09db85d2ac54059260a1b54839678931ed7f973a525ab2d094b2ca47797e3a6f

SHA512
7ed0d6f35db4d70dcf677b2fd267f5de59c709107a25c4731affda324b83e282d456fa40b7a535d0edebb1ac93468c0fee6544f9065ff243be4394a68031ac31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
Filesize
184KB

MD5
f366df0ed6b68abee3dd2b3e328e1903

SHA1
8cf86e1c437f0b29d974f8ab6653eb67e0722cac

SHA256
b0e9e5ab1fd18d17ae5f260a11fcae8a4b0cb2f622ea62470c5ad8d68a3351f1

SHA512
aba93f9b212d1788db36a28e3189adadf5532476928dc4c5d733af648a02e163554a51fb3fdaabb497176aacca25e86d6e21d8c077b3a6924f9c185429d228ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
Filesize
184KB

MD5
acd1285abee82d00ed23cdd6fa402680

SHA1
08dd110488c85b7bb4c312701e5d70fbc0e0d10b

SHA256
f6ccb094b47fa5d7a29f1d464514188a3702ef74ccf4b41e2cfda20f0a8e1e7a

SHA512
b25ace2f79e7e3bb25a3818cff88171288f1941c806e3c2c6b5cd0ba7113ac7b6a930b69a2b85bc9b5a634ff2e4dd1f461e0eb4162de3651ece4965703e352c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
Filesize
184KB

MD5
ed44fdc0453ce3153448ffc6316b8bb3

SHA1
0974a79b960291b78acd2329aa2e3b9dd55bcd8b

SHA256
31525b939e673eff7017b85e2dc04fd756a31177a10c3cec7f8066475485156c

SHA512
9dbd52a319be04bc4d71eaf45fa505ceb28c1defb819a1df742092c86a45832e845e11fc7d113512bb7fb734fe18290028216858b50bcb9830421d8ba13e07e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15361.exe
Filesize
184KB

MD5
79214a24f8e1e526e4bb512b34f5886f

SHA1
c1932ac137f04e811301aafd9fca356022817b17

SHA256
fac158568a0726c260f3fcdc5ca7e805da38b1f584248f79ba3a65970d6ce1d3

SHA512
93220e8f99cae1aea8cca19c4a4fecc22aa3244bc2d67e9ec69277b3df6c70f3b2566103365faf4757ad09a09ffda29b7f7fba9c908b8d4c9f5c7c6d219739bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
Filesize
184KB

MD5
8a5d40f6ef8843c3226f252756fc210b

SHA1
4d8f93a5943cf2b69a30fdb533d877c73f608665

SHA256
77528334f56cfa6827196e7b9d402a2b2a1a3178c5812341203581642123841c

SHA512
e0a71094d235fa65dea745ec5adc649cd9b78f6434ac49dc5a00eec15cdd14159280405713e207fd874fbef9d9574dcbdb9543f2a325a50c751c5e8304ac1c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
Filesize
184KB

MD5
0cac938ee941aa6f7a814df0c164af8b

SHA1
cb9f61e19595abc00d50ff9826dd296169aa3cbe

SHA256
b26e1a8744bd8ef7ed4c468e55925523068bbd88508246c940956a9550b13fec

SHA512
39098bff73bdb5b2c12366b71ac155ed5a51611ddc35a29be7ca986fe20757816dfe9fcb847f90e612b691a74de8574be8a2ff9c42533b2473a49a4d04c71b86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
Filesize
184KB

MD5
8995628063ecd72346d0832fbd87f810

SHA1
88e4c7a35780ac0554f914b04dc297f32c15b808

SHA256
a759e6c1b5b6ef75410207dd0e49b01f9e523ac8de9e4d5730b3f95cd461d2d8

SHA512
b1445723d0f06e1c1f70e2eb580cd08233d97a2e4c6e0b5324ed380e4d9d2aaa48c671aa18693682f0754b9ce1b41f77db1e220b858a6ab8c060f093743e6a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
Filesize
184KB

MD5
78d2083b7ee72ea74079aa6be32c2aba

SHA1
c0137ab5b7ba31f56f45bc1abcf2a79d52b4f52e

SHA256
f56463f497e418541cbb918bcb7e6c3424c879f64b4da5986eaf904d98d4bef1

SHA512
293223de9bc450c82854e8efb71de1a16093be655a960b575f1e202ed851ea2c2e59266b784abfbb9603876a583b6113844be3945f88989b37aa3293e7007a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
Filesize
184KB

MD5
47badc1660fc1edf10ab0b13f3e32e8a

SHA1
a195b0419f7b3b2da305540ef2d1f1126eb4f64d

SHA256
75ae6859998f140efe72da7a999952104ae018f7265b419cfb46ce9f1e626a8b

SHA512
c64784d25a24b9958e97e0aea924314ae4f406dd580d2333c470b97b14d302e128ca4fd98ae4b5a89a40fa3a0bbb9c79be3109c91e20e329161e621115770ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
Filesize
184KB

MD5
5607e3e289d3f0171af7ed73c5ec486d

SHA1
a24a9d867bad833576cd276a1123a06b349f2e25

SHA256
715c4d8327d9f84ae9025e72c2120f6585c1d08ad21c9fe067a4c27f038d43eb

SHA512
3aee5b9c60504ca2d09812c5a209a716d01de3b5cea89e4cada6599126801cc1fcad69e6322dfaaf73f343e831811c206064f989e1fc59d07e2bc71aabc6eb2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
Filesize
184KB

MD5
2373d8cb04953ba8d91d40222b36dd8e

SHA1
be9d3074e37cdf91c90fb1234205ae2ed392f6fc

SHA256
04cb9319f8f7c9dcfdd80cd5e33fc6587c22260a5aef8d20eacd552ea2fff6ef

SHA512
280ecadcd303285749d76391f9abea8846de611ec7bfc2fd7b4f4fcf956b7f0b990c30a396600b09964513bdf0d169ee4cfa0854cd5f2438ee8b505b9c5f4f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
Filesize
184KB

MD5
ebde1b8f7c2aae94ae4c5e4682922525

SHA1
67c04129d26dc9632abd928b65fa7dc316d59d8a

SHA256
7523bae42a25b8430cc7c63126088172e7d62637d5d6e748a46659cefad5c94a

SHA512
a610b600edd9ae481dfd7b1583dcc16af0d705981ad369f4a45e5e0739109af3e1fc72b1962deaa504062f89c334ca77d66bffb1814324160eb236445195f7fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
Filesize
184KB

MD5
53588bbf75fecdc3b991a63cabaf6ed3

SHA1
48e2daff41e12bbe92d16a9b866ebcf504503656

SHA256
3935dedebf3c0eae120f38968b6b80fc931245694f3ef8c4645d96baca428192

SHA512
584c5533314ce25cd6ec6b04c2471bca98034f3bfd52f2478924a1f480b78f7d39ada405109d7345ba818cfa64fad91079f66db41443a9c5ae1602ac88fac901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
Filesize
184KB

MD5
b886df014325849c456c6239774bf3b0

SHA1
e8e39380f86fa0c08a4e7dbe74ba354871b52140

SHA256
e83da6cb78034504fde78cf10a5aa3dcb086fdd49d29925bac58082a4f1dca76

SHA512
82494dc57665e900055c36bf1df8458b417f02b00454d634902f70cefd0007bdbea4469ff898b7d3558243ad60d84d475fc9240bfc949d83419578a1aa02ece0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
Filesize
184KB

MD5
2a735e9902974e7ebe139876445f81f7

SHA1
34c4a3a165c9b061c34cbdb1d704427f3810511f

SHA256
a62de6a70d63d2c5444ee9fda42c6438236879893bfc3ec19018dd702c599aea

SHA512
617cedd6234ccabebee82ea1bb8910c4c6313bf531cb78f24cad4c58677127c74ed71e2b703be43670eff117965c9bfb7d6cf858290e092e109cfc77b630dc82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
Filesize
184KB

MD5
18f87cf7d0df9cda45d5be9c716c81df

SHA1
8f8dd40cb127f8fbf8be884c78a7682b9cf9865b

SHA256
6c23fc01dc8ca38314af6936274a8740c6ac55dd934cb30ef6edd1237c5162c1

SHA512
a34ccba6cd26708fcce8fc84596d9fac512190e251d556cf22f5909cfef3c276a4589adb16b42916029495b03acbe04410fdb31a7ebdb76825b5cfef827f7631

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
Filesize
184KB

MD5
5948e65b1562d9d4eb263b0b647d4f7e

SHA1
1fd6d3b5b7082bfb0b6de2ea65d0c6a74587081e

SHA256
44acacd5ce589827e111e2cd3c9bf04c49c89d0ed6db3928013a6989fc0cbf69

SHA512
058dc20d622c137b1480f0d2fc5a61e9e9191a18a363135f0bb5246edf4856c5ace1d050a2aaecb668237c90547027dc3beb901166674baa6e8b3675d5b02b58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
Filesize
184KB

MD5
88f06ec254e83efda45dda4da985fc11

SHA1
d10120f03b7973a1cf69c7447312762c723d1458

SHA256
1ea3575274959c27c14e7fa754b8aed9dabf7c0f1c259bda03e209eb9ade540d

SHA512
f451737e8b3b4d63584e466a71dc109695d20c1b6af9a1d67edf8c1dc0e5965b7e2a8921f411e5966dd5349ec39969781ad468ec85a87323be6cf34388eb6a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
Filesize
184KB

MD5
23e98a2cfb34656d5d975e343456b4bf

SHA1
6a2d9009fc74a5f3a4233e4abc4c2254e2da4545

SHA256
eac64f92a7aa8cd2755b4c668371323e19b93c3809bd4324cd22f5829d1c9109

SHA512
87efb3e28dc7bce45958b9d8694f235e4356bb807825312afa0eca8fdb4ffc98584fababd22c628d23c5feee0f6ad731bec481cdbfee673973f07c4a3cdd04c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
Filesize
184KB

MD5
34dc99d34fe3e111b80af60d8faf837c

SHA1
8d96f7ac7ef0f1cd1d46e7a4ec275cc8904fedb0

SHA256
b2c7989759c67fe088fbe913bcb414e78d1782e6ea9253e38735c2b766e74d18

SHA512
c75a2549a3b9ff8b3f6cedb41288fe0cf642e10090153b9ae5f2be2dec06ddc6b76a388e4fce8f5f314bc60d8c4da3dcbbb65c2b5723a6f1afcda2a924284187

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
Filesize
184KB

MD5
97eeb9a6e3723465d2ecffc03034f7cf

SHA1
25fbef3f8de487c4924a025d8e03addcf8416e78

SHA256
5a543977240435fc48b5844366be8d79824ef54b28718a0c6b597009e7a743b8

SHA512
aaf7ecd5ccf7ef02d73286148074a8fdc0c64fc146ff9f6f6cda47260ae55220347f61b2f812770f9f885291313120e95b2727e549d8d7310f56a0e01a976b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
Filesize
184KB

MD5
77bf70f1583e23a6a481c4d4eaca9b26

SHA1
3de126cc1164cdef5204308f50cce9118b16d7ad

SHA256
5be15f9e0eecf959eb92334362a18473a4a7475c71dcb5cd8e10b0400688ce8c

SHA512
dd6879a33d0474c16d8e893383bee9f82a9c09447f09d9d6cf7976fd8e57f4011032edf1d821d2c43790b36747aff0715cc74d18f56bcefe0ac74f9eb543648e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
Filesize
184KB

MD5
50087d7bf2d45569381ee516747d8e5c

SHA1
1344588b4e0317d77e286626d98409548d325508

SHA256
643c81352102ebab11b15bd33c196a00bd752f642c048b4fc4b0b5c79ec337c8

SHA512
bd36b9c9816e21c794a3b4b727311e39bb203ee13a125a499dcb8e92fde152a4b4e94ae6274806e2ac52608835a775e6bcb2c3c31f39e9ee2cbdf49760341e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
Filesize
184KB

MD5
6edacc4ada6de08be62c1e64cf0c9ffa

SHA1
e61f477790b325b61a66db08c5e26807191268f2

SHA256
2ba7ccb9dea4181b8b8ad88b99606ec58d6b8de1a8a1b00f9c2e3b4f4c8876cb

SHA512
843ebd311bb37dbe37de654736c46cad1cc6a4bcec365906e65a617cdd822fa533085d98867d1f5a9a911d5b2085728f151fa188cb06813338b58fff2b69ed49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
Filesize
184KB

MD5
6b16221f9df7097dfbaecd36a6b6440c

SHA1
8d866151191f4c06d6beb8b166b800e6b5d30eeb

SHA256
81a077d22bf29d7fe24e6b9c45097168a5c2c1de54042a2828c12ae1f699fe5a

SHA512
e1fe501a5e74fbbb6b3ea71b2cf192c5b646ad02911cd54f5fc25c765e2d16ecb03ef9a0349af674228b11e191a4a1d9fe50b19d25a619dc481826361bf46258

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
Filesize
184KB

MD5
5e6ce9baf7ac604aae484a24ad764515

SHA1
72a838f1e44276063e4ab5d69e501e12cadf713f

SHA256
359e2d0ed4a2b30fc8af3280921fd2c02d7fccd00fd7d1ece119a05f80c1d713

SHA512
9ccec5f3465d569d8ac122af43a1f42feaaf04fb349dbc45152eeac7f46267c7d45db1b53bc86cf59f80f7f9c66fc0f8d97bcbad2188a4c1031dafc774dc273d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
Filesize
184KB

MD5
5a5a5eef2651f355cb26fa15c9532c4b

SHA1
fbb90bfd7f2b7587ecce2971e36d5dafd0960f41

SHA256
e061862a8803532612f597f4292a32bd81ba45f6b600532d28dbb5364885165a

SHA512
8df76c26bd9d14700c2c24228c5fdcede99666268d8dc79cee299b82c13e5ca2cfddacc213618e5276e00020d0b5b66d2bd1ad5548b70a951b4a5e31610146af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
Filesize
184KB

MD5
c3f58d38b8c70c006a2667509a5598af

SHA1
ed65eadcfc2504f650d24f51d726aa88740e8b84

SHA256
d4e63c92c1b7847291b1edf1d67dbce04f1ac09e70df617f9366a8ae068ddc1f

SHA512
1d76e401a0de0b715d217395935dd8d73b546ed5a44d37913b92ae63e8f2b0b742d61ea40c4cee9fa31a354ad920dfe49a662bef187345686b55ec868e767cc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
Filesize
184KB

MD5
14b50fed30de80ab66676980a32d7c30

SHA1
91ae4226dc5e139872883a3a1770c33ba7954039

SHA256
28ba7ea9c4076ca17074e82a7e63ca2a4d4adf790623cac28262ef9358c3a618

SHA512
af48df4dea6d4cb65a73c4fe9aeb68a69d4d191008a9825994edb478c9885998f68226ae3a809a8e4c3a16cf9454ad8378a39be729232aa0f7bc856f76f32734

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
Filesize
184KB

MD5
c9546231d8e17c569f1fe88ea84b96eb

SHA1
d1e10fbca970d1ad1b58f028b7253879afb3f2f3

SHA256
cf03120e15864b04679209f63c6f91451d6f6f675b261029e933190304bfec8e

SHA512
744c5c50a0023bc1bf1a0cd60f99f0b4e68400f2b77a1601c531cbd8f93c3520614bdaace6c4036e3d6285fdf3861bf7fbe5493c1d89d2e5b4b3e83bd65b401e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
Filesize
184KB

MD5
76a60eb1bf668d4969cd62a0cef0431a

SHA1
2d884565b85933bf8b5ace4e231384b1465a2601

SHA256
690fffe0bfcff5a29d32980cb0d5cdd7d31ad804e334a26a28afe83ac04dad98

SHA512
037684c5fa3072e4245005a708de1ed92d5e809f0ee2042481f523bb8a5c8f5e0ff633ad338843eea78aaf98896693a5ef78b97cb246ebd6a8d86d64d0772637

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
Filesize
184KB

MD5
708eff5bf7042cd0e1b89edba80fa1e0

SHA1
98d42720f1d1f5e3daa2cf7c2c2f3d4e74830995

SHA256
eb1d924cce046e918eecc8d8b151b2ac6cf425ca604dc2bf1c96626f668344f3

SHA512
5d122b9418137ef63125eb88f36553e762d69d6272d82adcfdf0da406bf529720459a728e349b7aae77119dbfcd369e348df26494d51f8258eef22cd933b1452

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
Filesize
184KB

MD5
bbcb49f03e82b23a38d7ab6cf695100e

SHA1
81e6d9fd171566276d2a171321690608805158f7

SHA256
ec99f0ff913c21ff4cbb17f9c98088575b506e3c40d8052c4d5e01fc5a5bbb12

SHA512
41167c37c15a24d5346d9db3f074032c1fe8ae4560eccff3c99b7141fd914ffac756371c5710f46ecc4676f8e837d6badd075865c3bcf4f0660e39f6023de6d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
Filesize
184KB

MD5
54c7133dd5e95ca8d93126f96314f685

SHA1
06b6b06f7123210d909d7c5ddf51d765e21d1d87

SHA256
e03b154b1a0e990f92575e452d215ee247349d3a3c2c4c62ae98139de72dc557

SHA512
c45faf95c31662b1c0e8ee9d52140f970b836130cac494f91ff3131add4f8a85f9a9c368a19628cf04b3e91bda1f0266b1daffad880b3edaa054c502d37a34ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
Filesize
184KB

MD5
04f6b883d8767513ceb393d411ef68e5

SHA1
ae21c94112889cdcda314f4eb1938609b9e48c80

SHA256
77bd2b7fe445e3b0f01468fc435ca623e5357f3dea27301f7adeb13462383cc0

SHA512
a9c1992592c169df943d0a620facde459e68c59c1c3ee66b3f32f8f963f7ae7b53224b70accd014350e961030eeed20cba5ae327598e1204c0ac8e6aab8ed3f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
Filesize
184KB

MD5
e5fecd0bdcf0c459e53a161ccf815c95

SHA1
337184d3a6b43da02f94916316a6e96fd1f22117

SHA256
9cc6052a5606575806aab6f1f2b273bcb613e125399be3c238c96f45f4f0ee89

SHA512
eaf7a1c5149b800d702426c86e69d8e65f1f7c726cffec398a59afa94808362d5ed0c311b46383fc97d9bb16c6eda922522b6da3afa213daec3db8a1abc20458

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
Filesize
184KB

MD5
6e15a5a727ed1ae4eee9800948f50edd

SHA1
358a2b683c504ef269b05197e5306b32a81f368b

SHA256
7a8d7bbb26fc0da4349a69524b690befd2493e12019bda282f7189ea739cf601

SHA512
6a931b2ceccdc38664434121ac838545d34e62b2110034a191c5f9dc8c734a237ec7961380bfe451d2f60fffb6e2e72976cdc2e5a3f20fa1074bd274a9a8367c

Download Submit
memory/328-45-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/548-20-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/704-259-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/764-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/856-552-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/856-214-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/876-272-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1068-174-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1092-185-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1120-291-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1144-7-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1236-153-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1276-290-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1388-256-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1688-83-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1736-27-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1924-227-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2028-94-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2080-33-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2464-268-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2676-176-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2692-3257-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2784-121-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2796-186-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2832-80-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2936-41-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2988-203-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3596-255-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3600-134-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3628-55-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3708-114-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3720-223-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3772-154-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3792-62-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3936-3339-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4368-3524-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4412-21-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4464-107-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4468-243-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4496-125-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4548-93-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4556-192-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4572-175-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4828-224-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4896-244-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4908-274-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4980-146-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5052-77-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5100-236-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5144-299-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5152-306-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5152-436-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5172-416-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5176-319-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5192-321-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5204-440-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5216-509-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5228-334-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5244-324-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5252-417-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5268-339-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5288-320-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5316-322-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5324-349-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5344-328-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5356-425-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5388-341-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5396-354-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5416-342-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5424-343-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5432-418-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5436-3559-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5456-348-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5488-516-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5492-510-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5624-508-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5664-447-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5688-450-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5708-518-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5712-517-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5732-449-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5856-393-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5904-394-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5912-474-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5920-396-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5928-473-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5956-397-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5964-469-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5972-398-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5988-519-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5992-399-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6008-401-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6044-402-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6076-477-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6100-475-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6124-413-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6160-548-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6216-554-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6244-565-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6280-570-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6364-4069-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6464-3505-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/7164-3591-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/9436-4068-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15048-3083-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15424-3404-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17708-3084-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/18220-3107-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download