abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312

Analysis

max time kernel
164s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe
Size

184KB
MD5

22a2c4a76ac6916bf64d255c22ed5392
SHA1

93b410b5d26c2f87912e9eaf740f100cf649751f
SHA256

abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312
SHA512

3c8b9555a8007f42235b41e692a95f0b10b9c635d2b6b9c70aa6c41aea2db26cdcc64094432006589090596e6c991a5816a50aab6a6cab529d7f8f4ebf64f38c
SSDEEP

3072:PcY3rMoT74BCdFaWeJ1LRKsRhl1ViF7n3:PcXoquFaBLYsRhl1ViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 23 IoCs

Processes:

Unicorn-37668.exeUnicorn-15229.exeUnicorn-30500.exeUnicorn-17761.exeUnicorn-61095.exeUnicorn-36353.exeUnicorn-3107.exeUnicorn-8323.exeUnicorn-40999.exeUnicorn-31140.exeUnicorn-15011.exeUnicorn-3878.exeUnicorn-5181.exeUnicorn-12797.exeUnicorn-62206.exeUnicorn-23751.exeUnicorn-61063.exeUnicorn-32766.exeUnicorn-51207.exeUnicorn-27399.exeUnicorn-31678.exeUnicorn-25607.exeUnicorn-54302.exe

pid	process
452	Unicorn-37668.exe
3556	Unicorn-15229.exe
3192	Unicorn-30500.exe
2252	Unicorn-17761.exe
2992	Unicorn-61095.exe
3972	Unicorn-36353.exe
232	Unicorn-3107.exe
4612	Unicorn-8323.exe
1408	Unicorn-40999.exe
3048	Unicorn-31140.exe
396	Unicorn-15011.exe
4084	Unicorn-3878.exe
3144	Unicorn-5181.exe
3604	Unicorn-12797.exe
3428	Unicorn-62206.exe
4152	Unicorn-23751.exe
3972	Unicorn-61063.exe
1120	Unicorn-32766.exe
5016	Unicorn-51207.exe
2468	Unicorn-27399.exe
184	Unicorn-31678.exe
3560	Unicorn-25607.exe
4728	Unicorn-54302.exe

Program crash 20 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2544	3544	WerFault.exe	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe
1132	452	WerFault.exe	Unicorn-37668.exe
4428	3556	WerFault.exe	Unicorn-15229.exe
1584	3192	WerFault.exe	Unicorn-30500.exe
4564	3972	WerFault.exe	Unicorn-36353.exe
536	232	WerFault.exe	Unicorn-3107.exe
3152	4612	WerFault.exe	Unicorn-8323.exe
4372	1408	WerFault.exe	Unicorn-40999.exe
2308	3048	WerFault.exe	Unicorn-31140.exe
2224	396	WerFault.exe	Unicorn-15011.exe
4516	4084	WerFault.exe	Unicorn-3878.exe
2232	3144	WerFault.exe	Unicorn-5181.exe
4656	3604	WerFault.exe	Unicorn-12797.exe
4748	3428	WerFault.exe	Unicorn-62206.exe
2744	4152	WerFault.exe	Unicorn-23751.exe
1328	3972	WerFault.exe	Unicorn-61063.exe
5012	1120	WerFault.exe	Unicorn-32766.exe
4924	5016	WerFault.exe	Unicorn-51207.exe
3612	2468	WerFault.exe	Unicorn-27399.exe
1948	184	WerFault.exe	Unicorn-31678.exe

Suspicious use of SetWindowsHookEx 24 IoCs

Processes:

abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exeUnicorn-37668.exeUnicorn-15229.exeUnicorn-30500.exeUnicorn-17761.exeUnicorn-61095.exeUnicorn-36353.exeUnicorn-3107.exeUnicorn-8323.exeUnicorn-40999.exeUnicorn-31140.exeUnicorn-15011.exeUnicorn-3878.exeUnicorn-5181.exeUnicorn-12797.exeUnicorn-62206.exeUnicorn-23751.exeUnicorn-61063.exeUnicorn-32766.exeUnicorn-51207.exeUnicorn-27399.exeUnicorn-31678.exeUnicorn-25607.exeUnicorn-54302.exe

pid	process
3544	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe
452	Unicorn-37668.exe
3556	Unicorn-15229.exe
3192	Unicorn-30500.exe
2252	Unicorn-17761.exe
2992	Unicorn-61095.exe
3972	Unicorn-36353.exe
232	Unicorn-3107.exe
4612	Unicorn-8323.exe
1408	Unicorn-40999.exe
3048	Unicorn-31140.exe
396	Unicorn-15011.exe
4084	Unicorn-3878.exe
3144	Unicorn-5181.exe
3604	Unicorn-12797.exe
3428	Unicorn-62206.exe
4152	Unicorn-23751.exe
3972	Unicorn-61063.exe
1120	Unicorn-32766.exe
5016	Unicorn-51207.exe
2468	Unicorn-27399.exe
184	Unicorn-31678.exe
3560	Unicorn-25607.exe
4728	Unicorn-54302.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 3544 wrote to memory of 452	3544	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	Unicorn-37668.exe
PID 3544 wrote to memory of 452	3544	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	Unicorn-37668.exe
PID 3544 wrote to memory of 452	3544	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	Unicorn-37668.exe
PID 452 wrote to memory of 3556	452	Unicorn-37668.exe	Unicorn-15229.exe
PID 452 wrote to memory of 3556	452	Unicorn-37668.exe	Unicorn-15229.exe
PID 452 wrote to memory of 3556	452	Unicorn-37668.exe	Unicorn-15229.exe
PID 3556 wrote to memory of 3192	3556	Unicorn-15229.exe	Unicorn-30500.exe
PID 3556 wrote to memory of 3192	3556	Unicorn-15229.exe	Unicorn-30500.exe
PID 3556 wrote to memory of 3192	3556	Unicorn-15229.exe	Unicorn-30500.exe
PID 3192 wrote to memory of 2252	3192	Unicorn-30500.exe	Unicorn-17761.exe
PID 3192 wrote to memory of 2252	3192	Unicorn-30500.exe	Unicorn-17761.exe
PID 3192 wrote to memory of 2252	3192	Unicorn-30500.exe	Unicorn-17761.exe
PID 2252 wrote to memory of 2992	2252	Unicorn-17761.exe	Unicorn-61095.exe
PID 2252 wrote to memory of 2992	2252	Unicorn-17761.exe	Unicorn-61095.exe
PID 2252 wrote to memory of 2992	2252	Unicorn-17761.exe	Unicorn-61095.exe
PID 2992 wrote to memory of 3972	2992	Unicorn-61095.exe	Unicorn-36353.exe
PID 2992 wrote to memory of 3972	2992	Unicorn-61095.exe	Unicorn-36353.exe
PID 2992 wrote to memory of 3972	2992	Unicorn-61095.exe	Unicorn-36353.exe
PID 3972 wrote to memory of 232	3972	Unicorn-36353.exe	Unicorn-3107.exe
PID 3972 wrote to memory of 232	3972	Unicorn-36353.exe	Unicorn-3107.exe
PID 3972 wrote to memory of 232	3972	Unicorn-36353.exe	Unicorn-3107.exe
PID 232 wrote to memory of 4612	232	Unicorn-3107.exe	Unicorn-8323.exe
PID 232 wrote to memory of 4612	232	Unicorn-3107.exe	Unicorn-8323.exe
PID 232 wrote to memory of 4612	232	Unicorn-3107.exe	Unicorn-8323.exe
PID 4612 wrote to memory of 1408	4612	Unicorn-8323.exe	Unicorn-40999.exe
PID 4612 wrote to memory of 1408	4612	Unicorn-8323.exe	Unicorn-40999.exe
PID 4612 wrote to memory of 1408	4612	Unicorn-8323.exe	Unicorn-40999.exe
PID 1408 wrote to memory of 3048	1408	Unicorn-40999.exe	Unicorn-31140.exe
PID 1408 wrote to memory of 3048	1408	Unicorn-40999.exe	Unicorn-31140.exe
PID 1408 wrote to memory of 3048	1408	Unicorn-40999.exe	Unicorn-31140.exe
PID 3048 wrote to memory of 396	3048	Unicorn-31140.exe	Unicorn-15011.exe
PID 3048 wrote to memory of 396	3048	Unicorn-31140.exe	Unicorn-15011.exe
PID 3048 wrote to memory of 396	3048	Unicorn-31140.exe	Unicorn-15011.exe
PID 396 wrote to memory of 4084	396	Unicorn-15011.exe	Unicorn-3878.exe
PID 396 wrote to memory of 4084	396	Unicorn-15011.exe	Unicorn-3878.exe
PID 396 wrote to memory of 4084	396	Unicorn-15011.exe	Unicorn-3878.exe
PID 4084 wrote to memory of 3144	4084	Unicorn-3878.exe	Unicorn-5181.exe
PID 4084 wrote to memory of 3144	4084	Unicorn-3878.exe	Unicorn-5181.exe
PID 4084 wrote to memory of 3144	4084	Unicorn-3878.exe	Unicorn-5181.exe
PID 3144 wrote to memory of 3604	3144	Unicorn-5181.exe	Unicorn-12797.exe
PID 3144 wrote to memory of 3604	3144	Unicorn-5181.exe	Unicorn-12797.exe
PID 3144 wrote to memory of 3604	3144	Unicorn-5181.exe	Unicorn-12797.exe
PID 3604 wrote to memory of 3428	3604	Unicorn-12797.exe	Unicorn-62206.exe
PID 3604 wrote to memory of 3428	3604	Unicorn-12797.exe	Unicorn-62206.exe
PID 3604 wrote to memory of 3428	3604	Unicorn-12797.exe	Unicorn-62206.exe
PID 3428 wrote to memory of 4152	3428	Unicorn-62206.exe	Unicorn-23751.exe
PID 3428 wrote to memory of 4152	3428	Unicorn-62206.exe	Unicorn-23751.exe
PID 3428 wrote to memory of 4152	3428	Unicorn-62206.exe	Unicorn-23751.exe
PID 4152 wrote to memory of 3972	4152	Unicorn-23751.exe	Unicorn-61063.exe
PID 4152 wrote to memory of 3972	4152	Unicorn-23751.exe	Unicorn-61063.exe
PID 4152 wrote to memory of 3972	4152	Unicorn-23751.exe	Unicorn-61063.exe
PID 3972 wrote to memory of 1120	3972	Unicorn-61063.exe	Unicorn-32766.exe
PID 3972 wrote to memory of 1120	3972	Unicorn-61063.exe	Unicorn-32766.exe
PID 3972 wrote to memory of 1120	3972	Unicorn-61063.exe	Unicorn-32766.exe
PID 1120 wrote to memory of 5016	1120	Unicorn-32766.exe	Unicorn-51207.exe
PID 1120 wrote to memory of 5016	1120	Unicorn-32766.exe	Unicorn-51207.exe
PID 1120 wrote to memory of 5016	1120	Unicorn-32766.exe	Unicorn-51207.exe
PID 5016 wrote to memory of 2468	5016	Unicorn-51207.exe	Unicorn-27399.exe
PID 5016 wrote to memory of 2468	5016	Unicorn-51207.exe	Unicorn-27399.exe
PID 5016 wrote to memory of 2468	5016	Unicorn-51207.exe	Unicorn-27399.exe
PID 2468 wrote to memory of 184	2468	Unicorn-27399.exe	Unicorn-31678.exe
PID 2468 wrote to memory of 184	2468	Unicorn-27399.exe	Unicorn-31678.exe
PID 2468 wrote to memory of 184	2468	Unicorn-27399.exe	Unicorn-31678.exe
PID 184 wrote to memory of 3560	184	Unicorn-31678.exe	Unicorn-25607.exe

C:\Users\Admin\AppData\Local\Temp\abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe
"C:\Users\Admin\AppData\Local\Temp\abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:232

C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
12⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:396

C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe
13⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-5181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5181.exe
14⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
15⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe
16⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
18⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
19⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
20⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe
21⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
22⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:184

C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
23⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
24⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 184 -s 724
23⤵
- Program crash
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 744
22⤵
- Program crash
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 724
21⤵
- Program crash
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 724
20⤵
- Program crash
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 724
19⤵
- Program crash
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 724
18⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 724
17⤵
- Program crash
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 740
16⤵
- Program crash
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 724
15⤵
- Program crash
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 724
14⤵
- Program crash
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 744
13⤵
- Program crash
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 724
12⤵
- Program crash
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 740
11⤵
- Program crash
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 740
10⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 232 -s 740
9⤵
- Program crash
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 724
8⤵
- Program crash
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 724
5⤵
- Program crash
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 740
4⤵
- Program crash
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 724
3⤵
- Program crash
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 724
2⤵
- Program crash
PID:2544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3544 -ip 3544
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 452 -ip 452
1⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3556 -ip 3556
1⤵
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3192 -ip 3192
1⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2252 -ip 2252
1⤵
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2992 -ip 2992
1⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3972 -ip 3972
1⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 232 -ip 232
1⤵
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4612 -ip 4612
1⤵
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1408 -ip 1408
1⤵
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3048 -ip 3048
1⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 396 -ip 396
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4084 -ip 4084
1⤵
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3144 -ip 3144
1⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3604 -ip 3604
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3428 -ip 3428
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4152 -ip 4152
1⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3972 -ip 3972
1⤵
PID:912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1120 -ip 1120
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5016 -ip 5016
1⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2468 -ip 2468
1⤵
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 184 -ip 184
1⤵
PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe

Filesize
184KB

MD5
2aea4f21db9d72f2626a74a9a2379516

SHA1
23c94f9fe6515cb1ad98e99612a18ca53eaf9169

SHA256
53dab94f5f1b08676521c4ad6b6f57635e29b565d9db7b8563603d04f261f583

SHA512
9d2fc5b4f45dca8dec8553479e019baa427da923f1dc3e6ccc956a9da37a262ead0b33eeb3bf4d6ae03636d4271cb5c2baee007f4491317781c176caf607ee85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe

Filesize
184KB

MD5
d9735b475dcdd6c93bddd2661255bfa6

SHA1
6dd86ad587c310825debb35badca4257507479d2

SHA256
235aea092b40da3673b3685eb37c6a04cc33295506af22f55dcbf9fb4409f52b

SHA512
956d2919abd28af3b7ba35d875b2651ead82b62680ae327490f0987193f1695ecd962d0611c8d5f7eed7a6e2854ccee38b28ef41d55c516c5b40401b9f07e101

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe

Filesize
184KB

MD5
3c7da2340e8d782a819fcc5c7de4fa71

SHA1
4e06decfc0fd2842fcbe67e8589b8bae07f0b672

SHA256
f8cdf87719bd856363837fe5110b4f0f90faafb3ddd558cd8ca74b5a1668d0d3

SHA512
a17a30f0441d8fdb6c26e6833ea31a1950b9bbb59eb9ac1bb3e792665d5332ddaeb5dd79baa1ace4f4888522b9f4edd24466be1e490e5c96752ebf63cd5b4f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe

Filesize
184KB

MD5
27f0d8cb4313fde011cf66dbd7c17337

SHA1
321c01fc2bd9b73eb5d4fff2b166c50b0819c371

SHA256
a530e310c97af6da036e2c671908a745ddae7ae8f681acc2dee61c3252b4c4dc

SHA512
949188899496ad14091ea87c7ea6c13aa4634470b4f327f1b81fa43877727341161745c773f83576027f68023798839e884042e873919940f3096a874d8582d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe

Filesize
184KB

MD5
dce85f745ae0250a8e522e6d5e446c79

SHA1
bf09f775b74b3306f0cea90ce5d3d2cbe15eb18b

SHA256
2c51bcd67fef59cf0aebd30c260fdafa47b7f434182f8fe74bf213fc9b97c9ed

SHA512
a187cad11072a5c0fe2c17871a63f2e2524f4ef0fe1821a9fc7ed83c5a5649c9ca158a02d4e2c7d404ea68c7b6fff749c3e4e93b6f3c49c0acf8b1e7198b670c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe

Filesize
184KB

MD5
c87b8bf2844c1b7669d7c15a49fc42b9

SHA1
41efe6c7b4bae4f33eedd9c76e0ad9c9cf8e06c9

SHA256
aef56125daef89e1afb5625fc664c0bb29e26d9637a045bfb7678b5bd6bf14be

SHA512
fcd90dcec7c3994c94a109a4c7fdd32b8b787a55c0cd54e89bc77eb923f4a11fe48f42aefeb5161d595ec75c2ec988a6adf41a72bb2f4854f3091d27a2f97f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe

Filesize
184KB

MD5
6e368190a6b4029859859e730dbeed5b

SHA1
f2a6599f605ec30a393d18fa9c268d2bd2e5b1c6

SHA256
e3bd2b2d3f27dadb82e0c055c1f7ba63c8cc0080f10b28a8b66740f3da129a05

SHA512
75c5665fbd2d030782c42d6242fc8416568db49d3880161a76abd60f717bc7273135bb994139859956501be8167c14ef16face61888710e0eeebbbb69e6421d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe

Filesize
184KB

MD5
6c674ee644c4ea5af16bbab03619cfac

SHA1
7c53f3b35d034138da8f6920058c3762dba4bd20

SHA256
42ba65e874cbd629eb5c9489ce19b05dc00c00fe3c059df4841eb3c985afd8f4

SHA512
274696f61415d212d3b50af7594dd9ff5248dde07307e305a9adb0ca5248c495c3841554de9126c697b602351b433fef817b0bceb2c652c147b6653628699f60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe

Filesize
184KB

MD5
4b28a5cf992babe04c2aafa998df75ad

SHA1
7cc12330eeed02f3e5b76ba9b1a5f6c712004968

SHA256
5fb3bb2a4dec1702718d370c7b738682cb0f4071c98f9c22071c3f1219b8af94

SHA512
021fa03a0c592243264dad5f01f653ef57a4d1d3492068b5684e1ffa91f4ce168bcb3405994e6ea059f69918aae9ffa613838729174912423b97f093006fc7ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe

Filesize
184KB

MD5
48d7370dd85db407071df0c8531a2a5d

SHA1
1b7c2f0923db0aecd3a5d28c98df9afb95103477

SHA256
3045b295e4720980f33dd8ca1731a7263883acf2c339cbe9c691f46bde805a71

SHA512
71aeea373aba3e7c887aadaf55c4456e44b451f52a54e3ec93079abdcff2f92faa685e425357c72b0c105d0a072078ec97a1b1b1fb445307d15974fb98e31db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe

Filesize
184KB

MD5
c1828ca645cc71f097326014c98a9ed2

SHA1
2abe1bdd29dfa8dca52a8da7c9163ec7d6adc2c3

SHA256
707d96022c2175985c0012a607863e96619ee22e72bd590c6e6a0ebe6c7da8b5

SHA512
1578177d67b878d7054b660341068adea190b7444373996060994a10fa0628f75c85ed01c83cdcc91a183c69ec860cd254595793d2931e62cc63857cea78e739

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe

Filesize
184KB

MD5
b472390af13bff6f175b3a8d824358dc

SHA1
c7eb8f8c4be9f12edaa7f81c9ef09a56c3628590

SHA256
9cd4648d1d4d4d9456548f06d02fa4e1cf69c6ebf96cb2a3ca9ec5b72f1298fa

SHA512
0581463995a1f648ed1f58320db2712b124a5d16a3a3f98e5c026b9461d387b0610356a06b97e3a5760c6453e81d4359b9f2835d08f7efe598c59c7cbf5f359b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe

Filesize
184KB

MD5
5f472397f06d4632cb32ce8a4e1e08cd

SHA1
05a0c5d697bb1a6e34900aebd75f6ae73ade877a

SHA256
bad1bcfd23688045197e02eeae47db9c1aad30f110d102487d98177551f20b3a

SHA512
b492b7607c24eeef11362c4f0da14b696dacfedd9b0d8dc45a5f5c47fef92476f4e0db22615aeff371c3bd9b14df890be55fb5ddaff9c88e3849cfe907347781

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe

Filesize
184KB

MD5
96b83054d9b28c18ceb9ef93a0a47f21

SHA1
e3f249a3fc7aac29f8240cad82d69cd10cdae459

SHA256
5876219d335fe77df99f4e3fa814de262ca541f0822dbf8af2cfbde46c622cdd

SHA512
b88bd802e0d1dce5990268a05deda13c63ae15c0cd3a76fe0d3c6f4c9dcd81f94ef9aaeedfb44b5857d579211bfbd406efba021b9ef5dd88df17dfe92598fb8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe

Filesize
184KB

MD5
bc664a86d9051f46e802bbc2f70b9be5

SHA1
586ec7c25fd670c0f4066573fb86e2c74cc75720

SHA256
059cd0676e160c9a2fd4acb161507df15f81a49d6d4636e59a6634aa5f131ac1

SHA512
9b40920105cb8e84708ae96dacf638490d1d6d25421c265d0670d21d003132ca0ed142a0aaec4b1041ab93f52142c27735b072dca3cf57b81a17a71353bdd771

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe

Filesize
184KB

MD5
e2b98c0aa46e7fe13c8a8d49dac32326

SHA1
7b356b566ab5296a998da49cf85566eb83ad2143

SHA256
00438d6e769786929b76fdd4e1ef8a49c74ac5f5edc7ec4c1adf2e4cedc3c69f

SHA512
8b2365a342cf699107877dcb5fecc3c47da7f292ece26617a884f481b88ada582283ca4769320154835b94f4e325066f74b6db925bf87525364a342ffab92bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe

Filesize
184KB

MD5
07be1ac860cf8aa49a93c07eb6c55226

SHA1
c088c99bcfe35410c20ce0c91f31d5ecd1807491

SHA256
9ef92f64ecf40d750d1db7f3ce37995ddec3cf315edf5d0df259282f997f4781

SHA512
793baca76ae613937714d41c3fc36fdbe30735885c33e305cef912acbdc66e9f269d771f897c5f58b8e2240c6fdb4d0c101db3cb91bcb9bc4ac791c143c6ee0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5181.exe

Filesize
184KB

MD5
794d3f0ed0db0e18f0f4af567ce85bda

SHA1
369abce645c6fd78898317344022f6d31c4b3da5

SHA256
f371a1432ecc0f462ff541adfa140cf770e2fd7c449a81a82d49a6791c4d29b5

SHA512
616e05c36e780d81d36effa9d64655d0c318223dd1e3b8f909b4e93425dae4e172614259663aae5c46cfe9ad83ed3e05fdc4de10079d77f679eb30dc5b1a4fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe

Filesize
184KB

MD5
0a6b2cb27871dfb5b27a07fcddb08f3f

SHA1
5323b06daabfce529e65d5e1aa672e93fbb7e4d7

SHA256
71dbdc42b7afff0a8854ab480be951007193b29a45bfd3342b3cd51b68fa7ffe

SHA512
3dda0df973f8b688b56661086e09f958c8cc778dbed8999803dde8794eb0f24d22f3bda408418b6deab5f1f37a3cba4a47991cf08ceb0628ad6d10868fb9b284

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe

Filesize
184KB

MD5
f580139bd8a5c2d5850b20749e1ba74f

SHA1
a89b3656e6086602b8060231d3ecf426f8171341

SHA256
8121ab89259436a91d0cf922a5d3030f4423360d0d3db44ace3130334e2f91bf

SHA512
16204c98a15a8199ac7b80b885872fb06c6a8b017eb2131ef7ac09a39dc7b9cc2186023b8fe3933db14cc1620e4f70d9c9f060f76c99e7af156fe420ea61a22c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe

Filesize
184KB

MD5
6a8ae9f17e0e7affebcbb72620edbd25

SHA1
dcfe2fcf45982ae1bd11a8a6ee7c9d3277abb047

SHA256
9b2145967beb4443b6f627b217ac57ca1311ae03938ddd2b991d5fd83b921974

SHA512
ec6bee173946157ca0783213f3937e65a06a1d66dcf16a8d96d92bd5ef297b444f611df47fb517fb08e572b5bb4cc112cc45b8dce1cd0ad900f08405abb99b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe

Filesize
184KB

MD5
c00fd283197c1b41572929aa6ededa3a

SHA1
f662d85adcec5a681c93237d9d23d7c9ae348693

SHA256
df0122de45750c6eef9db1f7bbdcd179e4b75af59c06a9cd0bbb90fd0a877768

SHA512
39ad37dbf3528ac5213cc93b70e1d968aa4670678ff170ca9b6e9731d7adc1579121ff5b287699c745e0554c376a399da126ffb38478706d252e35523c605cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe

Filesize
184KB

MD5
d0a0173269f1e51ef5f2ff728d42c3b1

SHA1
1296a02d6061429832ab0d33d0787718edcc4cd2

SHA256
afb9174dce5e7ce8a1a75b83d90e44152e9477e48e442cccbee2977be1d20103

SHA512
eb8ad0ceeb9cce9649f5d69cade76fe9528985336a120b0d8e326718db342f0d831c015049c3d62f718be26412e3aa6182659ea0e4971bdf5982f60a7d7ae4c4

Download Submit