48a37500594e919bc15de9f9c6708fa28a993568aa3ae59cde9feb6c85b2ba8a

Analysis

max time kernel
138s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48a37500594e919bc15de9f9c6708fa28a993568aa3ae59cde9feb6c85b2ba8a.exe
Size

184KB
MD5

9a7a904f5fca4d10f7778a2142936082
SHA1

2a24002d26f0a90a399061bdc84db7377dd4a9e4
SHA256

48a37500594e919bc15de9f9c6708fa28a993568aa3ae59cde9feb6c85b2ba8a
SHA512

cdb4bb76cc4994a325a0088aa83fdfa48c72ed90cc77904a581edfc8e095da028936c98f545605a69c1d62e66aae7edcaaf06a165866af849f681efea3dde0f1
SSDEEP

3072:8tUvhko5yjPCd2DtliLn8AiHixvnqkniucnp:8tRo4u2Dk8vHixPqkniuc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 43 IoCs

pid	Process
4572	Unicorn-47899.exe
2288	Unicorn-20235.exe
4696	Unicorn-5050.exe
4896	Unicorn-55211.exe
3408	Unicorn-40027.exe
3556	Unicorn-60229.exe
2400	Unicorn-59399.exe
2404	Unicorn-44023.exe
4648	Unicorn-28839.exe
4132	Unicorn-13462.exe
4856	Unicorn-63815.exe
2468	Unicorn-42277.exe
3960	Unicorn-27093.exe
5040	Unicorn-12484.exe
1020	Unicorn-62837.exe
3164	Unicorn-12650.exe
4688	Unicorn-50715.exe
1264	Unicorn-31255.exe
1824	Unicorn-50881.exe
5064	Unicorn-35505.exe
2140	Unicorn-476.exe
4504	Unicorn-34457.exe
3108	Unicorn-62059.exe
4104	Unicorn-46875.exe
4896	Unicorn-31499.exe
4236	Unicorn-16315.exe
2840	Unicorn-54187.exe
1952	Unicorn-39003.exe
4452	Unicorn-59205.exe
3684	Unicorn-5126.exe
2440	Unicorn-24561.exe
1020	Unicorn-62625.exe
1492	Unicorn-26829.exe
4792	Unicorn-50347.exe
4508	Unicorn-31079.exe
1548	Unicorn-61587.exe
940	Unicorn-3196.exe
3576	Unicorn-14654.exe
4860	Unicorn-11530.exe
764	Unicorn-57799.exe
2900	Unicorn-42423.exe
1516	Unicorn-27239.exe
4716	Unicorn-342.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3960	4316	WerFault.exe	87
5064	4316	WerFault.exe	87
5040	4572	WerFault.exe	88
3640	4572	WerFault.exe	88
3540	2288	WerFault.exe	95
3252	2288	WerFault.exe	95
4512	4696	WerFault.exe	100
3516	4696	WerFault.exe	100
3644	4896	WerFault.exe	109
3668	4896	WerFault.exe	109
5008	3408	WerFault.exe	115
1112	3408	WerFault.exe	115
4516	3556	WerFault.exe	122
2964	3556	WerFault.exe	122
1572	2400	WerFault.exe	127
8	2400	WerFault.exe	127
3004	2404	WerFault.exe	132
944	2404	WerFault.exe	132
4068	4648	WerFault.exe	137
4592	4648	WerFault.exe	137
728	4132	WerFault.exe	143
4320	4132	WerFault.exe	143
1816	4856	WerFault.exe	148
5024	4856	WerFault.exe	148
4560	2468	WerFault.exe	154
1592	2468	WerFault.exe	154
940	3960	WerFault.exe	159
8	3960	WerFault.exe	159
3004	5040	WerFault.exe	164
944	5040	WerFault.exe	164
3792	1020	WerFault.exe	169
3384	1020	WerFault.exe	169
1228	3164	WerFault.exe	174
1708	3164	WerFault.exe	174
4844	4688	WerFault.exe	179
4660	4688	WerFault.exe	179
3492	1264	WerFault.exe	184
2792	1264	WerFault.exe	184
2024	1824	WerFault.exe	189
4704	1824	WerFault.exe	189
2832	5064	WerFault.exe	194
4092	5064	WerFault.exe	194
5004	2140	WerFault.exe	199
4404	2140	WerFault.exe	199
5040	4504	WerFault.exe	204
3652	4504	WerFault.exe	204
3384	3108	WerFault.exe	209
4680	3108	WerFault.exe	209
1660	4104	WerFault.exe	214
4372	4104	WerFault.exe	214
408	4896	WerFault.exe	219
2128	4896	WerFault.exe	219
4788	4236	WerFault.exe	224
3788	4236	WerFault.exe	224
3316	2840	WerFault.exe	229
4540	2840	WerFault.exe	229
3640	1952	WerFault.exe	234
5064	1952	WerFault.exe	234
1252	4452	WerFault.exe	239
1656	4452	WerFault.exe	239
4900	3684	WerFault.exe	244
4876	3684	WerFault.exe	244
3948	2440	WerFault.exe	249
1320	2440	WerFault.exe	249

Suspicious use of SetWindowsHookEx 44 IoCs

pid	Process
4316	48a37500594e919bc15de9f9c6708fa28a993568aa3ae59cde9feb6c85b2ba8a.exe
4572	Unicorn-47899.exe
2288	Unicorn-20235.exe
4696	Unicorn-5050.exe
4896	Unicorn-55211.exe
3408	Unicorn-40027.exe
3556	Unicorn-60229.exe
2400	Unicorn-59399.exe
2404	Unicorn-44023.exe
4648	Unicorn-28839.exe
4132	Unicorn-13462.exe
4856	Unicorn-63815.exe
2468	Unicorn-42277.exe
3960	Unicorn-27093.exe
5040	Unicorn-12484.exe
1020	Unicorn-62837.exe
3164	Unicorn-12650.exe
4688	Unicorn-50715.exe
1264	Unicorn-31255.exe
1824	Unicorn-50881.exe
5064	Unicorn-35505.exe
2140	Unicorn-476.exe
4504	Unicorn-34457.exe
3108	Unicorn-62059.exe
4104	Unicorn-46875.exe
4896	Unicorn-31499.exe
4236	Unicorn-16315.exe
2840	Unicorn-54187.exe
1952	Unicorn-39003.exe
4452	Unicorn-59205.exe
3684	Unicorn-5126.exe
2440	Unicorn-24561.exe
1020	Unicorn-62625.exe
1492	Unicorn-26829.exe
4792	Unicorn-50347.exe
4508	Unicorn-31079.exe
1548	Unicorn-61587.exe
940	Unicorn-3196.exe
3576	Unicorn-14654.exe
4860	Unicorn-11530.exe
764	Unicorn-57799.exe
2900	Unicorn-42423.exe
1516	Unicorn-27239.exe
4716	Unicorn-342.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 4572	4316	48a37500594e919bc15de9f9c6708fa28a993568aa3ae59cde9feb6c85b2ba8a.exe	88
PID 4316 wrote to memory of 4572	4316	48a37500594e919bc15de9f9c6708fa28a993568aa3ae59cde9feb6c85b2ba8a.exe	88
PID 4316 wrote to memory of 4572	4316	48a37500594e919bc15de9f9c6708fa28a993568aa3ae59cde9feb6c85b2ba8a.exe	88
PID 4572 wrote to memory of 2288	4572	Unicorn-47899.exe	95
PID 4572 wrote to memory of 2288	4572	Unicorn-47899.exe	95
PID 4572 wrote to memory of 2288	4572	Unicorn-47899.exe	95
PID 2288 wrote to memory of 4696	2288	Unicorn-20235.exe	100
PID 2288 wrote to memory of 4696	2288	Unicorn-20235.exe	100
PID 2288 wrote to memory of 4696	2288	Unicorn-20235.exe	100
PID 4696 wrote to memory of 4896	4696	Unicorn-5050.exe	109
PID 4696 wrote to memory of 4896	4696	Unicorn-5050.exe	109
PID 4696 wrote to memory of 4896	4696	Unicorn-5050.exe	109
PID 4896 wrote to memory of 3408	4896	Unicorn-55211.exe	115
PID 4896 wrote to memory of 3408	4896	Unicorn-55211.exe	115
PID 4896 wrote to memory of 3408	4896	Unicorn-55211.exe	115
PID 3408 wrote to memory of 3556	3408	Unicorn-40027.exe	122
PID 3408 wrote to memory of 3556	3408	Unicorn-40027.exe	122
PID 3408 wrote to memory of 3556	3408	Unicorn-40027.exe	122
PID 3556 wrote to memory of 2400	3556	Unicorn-60229.exe	127
PID 3556 wrote to memory of 2400	3556	Unicorn-60229.exe	127
PID 3556 wrote to memory of 2400	3556	Unicorn-60229.exe	127
PID 2400 wrote to memory of 2404	2400	Unicorn-59399.exe	132
PID 2400 wrote to memory of 2404	2400	Unicorn-59399.exe	132
PID 2400 wrote to memory of 2404	2400	Unicorn-59399.exe	132
PID 2404 wrote to memory of 4648	2404	Unicorn-44023.exe	137
PID 2404 wrote to memory of 4648	2404	Unicorn-44023.exe	137
PID 2404 wrote to memory of 4648	2404	Unicorn-44023.exe	137
PID 4648 wrote to memory of 4132	4648	Unicorn-28839.exe	143
PID 4648 wrote to memory of 4132	4648	Unicorn-28839.exe	143
PID 4648 wrote to memory of 4132	4648	Unicorn-28839.exe	143
PID 4132 wrote to memory of 4856	4132	Unicorn-13462.exe	148
PID 4132 wrote to memory of 4856	4132	Unicorn-13462.exe	148
PID 4132 wrote to memory of 4856	4132	Unicorn-13462.exe	148
PID 4856 wrote to memory of 2468	4856	Unicorn-63815.exe	154
PID 4856 wrote to memory of 2468	4856	Unicorn-63815.exe	154
PID 4856 wrote to memory of 2468	4856	Unicorn-63815.exe	154
PID 2468 wrote to memory of 3960	2468	Unicorn-42277.exe	159
PID 2468 wrote to memory of 3960	2468	Unicorn-42277.exe	159
PID 2468 wrote to memory of 3960	2468	Unicorn-42277.exe	159
PID 3960 wrote to memory of 5040	3960	Unicorn-27093.exe	164
PID 3960 wrote to memory of 5040	3960	Unicorn-27093.exe	164
PID 3960 wrote to memory of 5040	3960	Unicorn-27093.exe	164
PID 5040 wrote to memory of 1020	5040	Unicorn-12484.exe	169
PID 5040 wrote to memory of 1020	5040	Unicorn-12484.exe	169
PID 5040 wrote to memory of 1020	5040	Unicorn-12484.exe	169
PID 1020 wrote to memory of 3164	1020	Unicorn-62837.exe	174
PID 1020 wrote to memory of 3164	1020	Unicorn-62837.exe	174
PID 1020 wrote to memory of 3164	1020	Unicorn-62837.exe	174
PID 3164 wrote to memory of 4688	3164	Unicorn-12650.exe	179
PID 3164 wrote to memory of 4688	3164	Unicorn-12650.exe	179
PID 3164 wrote to memory of 4688	3164	Unicorn-12650.exe	179
PID 4688 wrote to memory of 1264	4688	Unicorn-50715.exe	184
PID 4688 wrote to memory of 1264	4688	Unicorn-50715.exe	184
PID 4688 wrote to memory of 1264	4688	Unicorn-50715.exe	184
PID 1264 wrote to memory of 1824	1264	Unicorn-31255.exe	189
PID 1264 wrote to memory of 1824	1264	Unicorn-31255.exe	189
PID 1264 wrote to memory of 1824	1264	Unicorn-31255.exe	189
PID 1824 wrote to memory of 5064	1824	Unicorn-50881.exe	194
PID 1824 wrote to memory of 5064	1824	Unicorn-50881.exe	194
PID 1824 wrote to memory of 5064	1824	Unicorn-50881.exe	194
PID 5064 wrote to memory of 2140	5064	Unicorn-35505.exe	199
PID 5064 wrote to memory of 2140	5064	Unicorn-35505.exe	199
PID 5064 wrote to memory of 2140	5064	Unicorn-35505.exe	199
PID 2140 wrote to memory of 4504	2140	Unicorn-476.exe	204

C:\Users\Admin\AppData\Local\Temp\48a37500594e919bc15de9f9c6708fa28a993568aa3ae59cde9feb6c85b2ba8a.exe
"C:\Users\Admin\AppData\Local\Temp\48a37500594e919bc15de9f9c6708fa28a993568aa3ae59cde9feb6c85b2ba8a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40027.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12650.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62625.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3196.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 720
        45⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 744
        44⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 784
        44⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 724
        43⤵
        
        PID:180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 768
        43⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 744
        42⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 764
        42⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 744
        41⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 768
        41⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 724
        40⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 768
        40⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 724
        39⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 760
        39⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 744
        38⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 720
        38⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 724
        37⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 772
        37⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 724
        36⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 748
        36⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 724
        35⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 768
        35⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 744
        34⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 764
        34⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 740
        33⤵
        Program crash
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 748
        33⤵
        Program crash
        
        PID:1320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 744
        32⤵
        Program crash
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 764
        32⤵
        Program crash
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 744
        31⤵
        Program crash
        
        PID:1252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 784
        31⤵
        Program crash
        
        PID:1656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 724
        30⤵
        Program crash
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 768
        30⤵
        Program crash
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 724
        29⤵
        Program crash
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 724
        29⤵
        Program crash
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 724
        28⤵
        Program crash
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 756
        28⤵
        Program crash
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 716
        27⤵
        Program crash
        
        PID:408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 716
        27⤵
        Program crash
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 744
        26⤵
        Program crash
        
        PID:1660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 744
        26⤵
        Program crash
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 744
        25⤵
        Program crash
        
        PID:3384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 768
        25⤵
        Program crash
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 744
        24⤵
        Program crash
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 764
        24⤵
        Program crash
        
        PID:3652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 744
        23⤵
        Program crash
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 768
        23⤵
        Program crash
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 724
        22⤵
        Program crash
        
        PID:2832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 748
        22⤵
        Program crash
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 724
        21⤵
        Program crash
        
        PID:2024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 724
        21⤵
        Program crash
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 744
        20⤵
        Program crash
        
        PID:3492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 744
        20⤵
        Program crash
        
        PID:2792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 740
        19⤵
        Program crash
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 748
        19⤵
        Program crash
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 744
        18⤵
        Program crash
        
        PID:1228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 784
        18⤵
        Program crash
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 752
        17⤵
        Program crash
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 752
        17⤵
        Program crash
        
        PID:3384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 724
        16⤵
        Program crash
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 748
        16⤵
        Program crash
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 724
        15⤵
        Program crash
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 724
        15⤵
        Program crash
        
        PID:8
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 744
        14⤵
        Program crash
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 768
        14⤵
        Program crash
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 744
        13⤵
        Program crash
        
        PID:1816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 720
        13⤵
        Program crash
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 724
        12⤵
        Program crash
        
        PID:728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 724
        12⤵
        Program crash
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 724
        11⤵
        Program crash
        
        PID:4068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 748
        11⤵
        Program crash
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 724
        10⤵
        Program crash
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 724
        10⤵
        Program crash
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 724
        9⤵
        Program crash
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 748
        9⤵
        Program crash
        
        PID:8
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 740
        8⤵
        Program crash
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 748
        8⤵
        Program crash
        
        PID:2964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 744
        7⤵
        Program crash
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 780
        7⤵
        Program crash
        
        PID:1112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 724
        6⤵
        Program crash
        
        PID:3644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 724
        6⤵
        Program crash
        
        PID:3668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 744
        5⤵
        Program crash
        
        PID:4512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 768
        5⤵
        Program crash
        
        PID:3516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 744
      4⤵
      Program crash
      PID:3540
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 768
      4⤵
      Program crash
      PID:3252
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 744
    3⤵
    - Program crash
    PID:5040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 784
    3⤵
    - Program crash
    PID:3640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 744
  2⤵
  - Program crash
  PID:3960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 740
  2⤵
  - Program crash
  PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4316 -ip 4316
1⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4316 -ip 4316
1⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1308,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4472 /prefetch:8
1⤵
PID:1000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4572 -ip 4572
1⤵
PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4572 -ip 4572
1⤵
PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2288 -ip 2288
1⤵
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2288 -ip 2288
1⤵
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4696 -ip 4696
1⤵
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4696 -ip 4696
1⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4896 -ip 4896
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4896 -ip 4896
1⤵
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3408 -ip 3408
1⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3408 -ip 3408
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3556 -ip 3556
1⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3556 -ip 3556
1⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2400 -ip 2400
1⤵
PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2400 -ip 2400
1⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2404 -ip 2404
1⤵
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2404 -ip 2404
1⤵
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4648 -ip 4648
1⤵
PID:1840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4648 -ip 4648
1⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4132 -ip 4132
1⤵
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4132 -ip 4132
1⤵
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4856 -ip 4856
1⤵
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4856 -ip 4856
1⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2468 -ip 2468
1⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2468 -ip 2468
1⤵
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3960 -ip 3960
1⤵
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3960 -ip 3960
1⤵
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5040 -ip 5040
1⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5040 -ip 5040
1⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1020 -ip 1020
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1020 -ip 1020
1⤵
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3164 -ip 3164
1⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3164 -ip 3164
1⤵
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4688 -ip 4688
1⤵
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4688 -ip 4688
1⤵
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1264 -ip 1264
1⤵
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1264 -ip 1264
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1824 -ip 1824
1⤵
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1824 -ip 1824
1⤵
PID:692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 5064 -ip 5064
1⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5064 -ip 5064
1⤵
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2140 -ip 2140
1⤵
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2140 -ip 2140
1⤵
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4504 -ip 4504
1⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4504 -ip 4504
1⤵
PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3108 -ip 3108
1⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3108 -ip 3108
1⤵
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4104 -ip 4104
1⤵
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4104 -ip 4104
1⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4896 -ip 4896
1⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4896 -ip 4896
1⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4236 -ip 4236
1⤵
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4236 -ip 4236
1⤵
PID:1264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2840 -ip 2840
1⤵
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2840 -ip 2840
1⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1952 -ip 1952
1⤵
PID:8

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1952 -ip 1952
1⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4452 -ip 4452
1⤵
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4452 -ip 4452
1⤵
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3684 -ip 3684
1⤵
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3684 -ip 3684
1⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2440 -ip 2440
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 2440 -ip 2440
1⤵
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1020 -ip 1020
1⤵
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1020 -ip 1020
1⤵
PID:1828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 1492 -ip 1492
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 1492 -ip 1492
1⤵
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4792 -ip 4792
1⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4792 -ip 4792
1⤵
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4508 -ip 4508
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4508 -ip 4508
1⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1548 -ip 1548
1⤵
PID:1780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1548 -ip 1548
1⤵
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 940 -ip 940
1⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 940 -ip 940
1⤵
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3576 -ip 3576
1⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3576 -ip 3576
1⤵
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4860 -ip 4860
1⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4860 -ip 4860
1⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 764 -ip 764
1⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 764 -ip 764
1⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2900 -ip 2900
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2900 -ip 2900
1⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1516 -ip 1516
1⤵
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1516 -ip 1516
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4716 -ip 4716
1⤵
PID:3352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe

Filesize
184KB

MD5
e23e30aac404d125b6aaad3e7a561d3e

SHA1
d00d3b77ed09f7a7f2c6c3beec4a7221de84b3fd

SHA256
5d6c10a6bc0ebb0f7a5a988545fb9c21cd7ba539598dd62f96b048b70b417999

SHA512
a33954d4815829a3cdd201e7f6f908514b7b248f2dea8eeb37b1576ddf0795f348d376114337afc840669f473db17f3d685c31766ec1f3ce0262f342f9aa8a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12650.exe

Filesize
184KB

MD5
121f2cdcab6a45f2ad60b2298a19d0a3

SHA1
722a569d46f4ac0a6eccbe8da861964b39be642f

SHA256
46c0b00d79ab707508ad06dda9f1b73360db8aa8bb6648012d8c3593e8fb68f4

SHA512
15c5638266e54550c2e946a7332bbb51f7c3016e2a3663457ac443fa80920424ebcdd38cc26752f91fe15b459ccab4f0d9242560bd8d0cc1754a896098c87c29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe

Filesize
184KB

MD5
7d88db0e903d45f04eecf2e098abca2f

SHA1
46d9d45e6db16a6f6b0e2617c18ac9bf76b90a17

SHA256
3471300489602335d96af14f57a33346c71380ae0ec250cf8146bfdb7231908d

SHA512
51c31252515f2955e5849ba766b92d28ac58db075dcb26b245ba120aa7a3232ff963d89d1923aad6079d018e67e8160aa4383fb5edc9bfb1c00199e7b1865714

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe

Filesize
184KB

MD5
c2d8ad397d82620cb5d952192134b4be

SHA1
ba6ab175c9d7c7efc6470c6de7135e46851e8164

SHA256
c49edc4e1411e05c4d3f2140e4a2410e244c663079ea2333e37fb67783876ca5

SHA512
568211f0c9582557c3093e526554c6ed9f5988fa6a06c78e094e70893370556d0efcfed6434f98f85bf6bd51d7ea41609cc7721643496b81b8d425cb79e5d13c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe

Filesize
184KB

MD5
7dacf8cd16e58330bd58b6bfad1a6692

SHA1
266a9b26fd9c7e267e7b6548a2ae4dba9aa16d4a

SHA256
721061388c7b435d479e6e1e30c83bd801dc5ffece32abd0c9371d3ff00e6dbc

SHA512
246654779f21eef5afd9928dd05eab644f26940a2996be5ee098dae60c80fa4dd61e163cc4c573254b833b1e2773552ec0c84a2f6854d19f6bc2f3b599e34265

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe

Filesize
184KB

MD5
66ce267681316a74ebdf36573bf0eb8e

SHA1
c28af43b93cd7887ff8759e9c69b62eff9cca998

SHA256
bad1067cc7a79b32a2239a23371853afd676dee26c3d5177fbe9c7af4bdd1aa0

SHA512
7ac1a0534be7ced53ed938afec66cb690e7f5c117f7f590665db85700034f5b5c4e0788c7570763e97d3b5e686a1a8209e160fa9d186691e7516ac8aad1fa8c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe

Filesize
184KB

MD5
6e73c0d936e3ea6ca995fe734c0838c8

SHA1
9639325e6666abadcf9b61da9fc3202e697d4dac

SHA256
5980c614ea5054dcb9ae6b0b568d0d0a93a11c6d6edf201e8d76969f61b8fb5c

SHA512
907de5836549bcd8144f0c48f25f3973eccfdc37a005c2a61f346addc63cd789d7b2cdb9bb6d9ac8861cbd5a65ab171b53ef98bb31048dfbbb35132a42cd5405

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe

Filesize
184KB

MD5
4b129a03fd2abddf4fc47c2dd7737643

SHA1
06634a4d43ab018d99b110e443514b49ddfe14f7

SHA256
8b10d31c34acf38ae50c3b2999498c9e97a45413fc662a2416f01accdde50120

SHA512
ff8cd8492899cda46b76a0ea0b7c3fd4555b11c0c693b6787ee244c3985d97cc522ac0228a4f12c92cc55f34f2daa5d0f5fd0f6e9bb8ff4c3036161818586097

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe

Filesize
184KB

MD5
1067f794e67614e7c84c6d53b97be97e

SHA1
c963ca32febb37e88ff9d0523666aff870d645d1

SHA256
0ac65bc9dd5619452ac20a7d38c07d8ea595d51e72a873182206d48b41bc488e

SHA512
2e4041e19b3010d9457b15d3817377f772dfecb6fdf402733d05017dab8181478024e06dfb74cb47d59d0b291a555ee4f617db11e488fcd2b455e09e0b8b5eac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe

Filesize
184KB

MD5
b5f4e583346bdb75381e151d8df7c227

SHA1
3a963ca5b3b2c123b171cf321e507b0bd515a55e

SHA256
3b3b2433ac2c09bc69203f58c4f830a481ac8f81d799e5090e530ca71137ceb0

SHA512
bac8fefdc9441fcc59c3c2229f290ddba5dc66b9717689ccac2a4c8b4794b319c53dfc6de1098e40ac9f26c29b0f6c6f3e0fe36023eeca30166735cb51d02bfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe

Filesize
184KB

MD5
f769cdc079c5701fe800d6870053e04c

SHA1
1474a486f4a2aea9a656787ccc9bda9be7dfb482

SHA256
7babd977f50207b1c5ad39e88df83f3381d41de38c079a473d8ec489f7af97c8

SHA512
c3ccca82c28916157e64a7c3820228dd09c579d7568c93d59c0b0db095c569fdc885694264d3cb8a25eef01b9e527648bd4c0e8fc841490c7904c87ee7cab380

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe

Filesize
184KB

MD5
5698b42a3f8966cf4045ded7b8e9a7dc

SHA1
da5e9037ffd6b8f248f3e4024175e4eef42ee512

SHA256
a5338a449d7e5cf4569c773d79c0a5d26e76164f89a67d14cbf8c2d6c5f11ea8

SHA512
562e187a5db8172bddf489b248ca44490cc85aa09bb17e709101dca71b61def62f9096492d1e3031f3d8c9c6c4664cbb04cd1ed799d79a9822ea908295b4b0e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe

Filesize
184KB

MD5
90275a5a0a656814acea4c51e9b530cf

SHA1
bcd9907279a5c7ac7865b9ecd9ae0f0b8f26e02a

SHA256
75a59c23ad06c8b399c3a8d238e1e23af8db8ac4a23fd4dab4541aeccbebb901

SHA512
3e9b2facc37fffa5cbdd311c2115b7bf41f1163a9cfc8e2b0905f878bb944cb1952fdbeee579edae6a5b1daccab8e017c195382974e3dc7db520526fec61fea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40027.exe

Filesize
184KB

MD5
db497bf8ae9a6d33001e5a54b28b9a4c

SHA1
a7c4535e4ac1172d13b0cc2db5c1456351a4dfcf

SHA256
6bd6aa3c8ec4312ac2c6bd4fbbf9559ec0127490758936205b4f327d9e6c7e5f

SHA512
95650ab6d8244d0e84841e6497353dd0f6d2c38e252a30c38d5e06952fc9d7d57df76efde58f7d65738195b2a1896e3cb9e9baa8f02b3b632c1aa08137adec85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe

Filesize
184KB

MD5
45690f1bd2c4fccf172e273e10633028

SHA1
23dcc42fe37eecc3a156bf4f02d8bd9cb4b9aff0

SHA256
b9cae474ed2195ff3dbdf488b00eda292f3eb3597f096142298ced24c9943e02

SHA512
b64b9cab28178dc1ffe51fb21f40b23515397a76d2fa1d3b36186f02e6a6c0e19d5caf89433995d332541682c73472333df3edc7d2e8151248b59fe6b2b329ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe

Filesize
184KB

MD5
819706a3fc3e9cb43a47bc2d6f4c137a

SHA1
60416a9f50fa2c238494284621aedeb7360a6cc3

SHA256
69abe2f2a3557cb73936f90609c33d59ffcfd23809da8ae460671fa852d78fed

SHA512
9d2a90c3777b76118bb11bcdcef4ed1fa9af64af6688404f4f50aeb46cb4b474c3d871c5c8000f36416145928b94623c58367699a341f582f575dec29cf1f6ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe

Filesize
184KB

MD5
cc0519ad26bdc994c1a3e3d9864fd88c

SHA1
43ce4498b8d41ad4a3cb357f07c3587fa2c74c5b

SHA256
8014ae8377088644fc9d172e359adb8faecb8a3a954ed9b1ab2815a7f8183ca2

SHA512
7ded1a2828ff09431c527a8bcaa887c340666d62b1cc029c747ed124e6ad1c6b0a3fbb47541bf32d43f2c8d4bfae4ba7036386f6f766f87731c25199d12d9f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe

Filesize
184KB

MD5
083a1ecf50ed480e26fd25696d660403

SHA1
b78fd1d838185a6c5eecfa26e978ebcc42ee0fd1

SHA256
f0c65fb107c0180987a65a55748666a7cd39e8e8751eff0661a46ab1f7e446b0

SHA512
fbb106b09024ab391e11fb7d56895f6f46313db8d78ba4669705aa004c58d4292ae722bce9e6986028d1ee55d491948748b1b70972b275b3114d5a53f09e3377

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe

Filesize
184KB

MD5
25bf9a16fac4a055e834ce3dabb7c072

SHA1
292363de78c8c1643feb44d12c3700be8de9ad70

SHA256
14a2d561793701edda7c4185c28a7c2d106e3d021e7542f36d7adfd790bdbfbe

SHA512
0b0786b06385b104dbe44429a41254e5ebc8b94589b1d530e2682c75592e04eb3be66eefd65fae9d9a8ed892d948d9c9a3c3c5f59bd547141efe4f202c41852e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe

Filesize
184KB

MD5
b1ba63efa64624b47d332c5138742ace

SHA1
7abbf0dc9bf98ea0059f9e3d1a4e6743f9d5f26e

SHA256
8aeec8832e2a134a39a69be1cd659c1501eccdacb3dcc47fa95b1890b4080f96

SHA512
5ec662fc910190b978da46ce0ad6e699a550f6d9da52df13247dc41f75566cb59bc139aeb2e43d9b014425f1f9ebf571f14fb4ad53f525beb05313887266f1cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe

Filesize
184KB

MD5
d3ec4aa10e6ebe9d66ce09e96b34a277

SHA1
316b3da5d50fcfdc076fc57cf0ead6327d1275c0

SHA256
679d7d0f62c643cefda9f585a6b0064d11449c0f2db05816506c86e43992043f

SHA512
be6b2c5034b97b5d3a4115dd6b608f1c8c25462ac49d97f040709e4f910ee437caaa1128df80104f424de031af843a38d247ed6b3442ea6ede0aba8063fba7d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe

Filesize
184KB

MD5
0b8dbd636d792f2f292fa1c2af612401

SHA1
7212aa9863f5e67a731b99ddd63b9cddf699ec6d

SHA256
2cbb3b509c05537b8653d712f7ad2b234ae7d0d837e79e0a09178f768e48b7ee

SHA512
2c99e95871b7015177663fa62736d8b6e621e7a2afb637d33f6a69ae0bc449abe93ef54a318f96688880f4b0a6571f640b60c1c333f20e0d700bdf06f0a52fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe

Filesize
184KB

MD5
1e8b4d766fce246e6a605a4c0b3f0947

SHA1
a42f29b7c2843b16ba6f2441c28df12e5ff87f07

SHA256
880df54e708b8327d2f178046293b9464ec28cd65f2ce0a96f911d6bb9ee5bb7

SHA512
8511b424f66c6a5eb47d47aacc9699667e849a269c0207b16619182ed3b72901c13fc3fa614ca1f0076cc4a46f013c9d3f4b7040a137ae0a2974c568ebfae878

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe

Filesize
184KB

MD5
79ae2e33667194c32d83f583d71a510b

SHA1
03b79c534e9b889142e6d9afd7e95eafaa734bad

SHA256
ddf3a2900c65c5335645d50b5983f976ddfcd7c239dd9e72caa9d606d559bdf0

SHA512
39cb25b6b198b56b58895c478b593d03bd05dd1f8bcf00ee628158a0b07fb550036fe921cfdb1d5cb2457115488f0d907e45266f00fe2b54768a6c1a536c61d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe

Filesize
184KB

MD5
ded861b7ce8d2ea3c959d56ff3377308

SHA1
932a32cbd62d6323886caeb73b42cd3f75c080f7

SHA256
919300bd90aac7f2b17c936b54d0510f7861782b44226ae88677dad04f297503

SHA512
e7edda247b93c7fb64722d89e77732c6ed78f52e2cfd69ff25e887e88e77d80a3c42723ca69c9a95b5083fa4c314a0385c1b79cb5432d460446c1c2feab3c025

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe

Filesize
184KB

MD5
0d2abd8a41adaeb8dcc35726acc43205

SHA1
6b1edd6b238526e3efea8183633a9a8cbf523aa2

SHA256
8eda80c3a74a0ca41fc2b173d8a09bac1b7e31f63868e82d6d67e1a12854e3c3

SHA512
4ca1e771386f6c42e7fad70b142b896c7d83cdccc3b2c8929df5c481df601ab13d4fb21dbaad2b746e65cf4ba2dd0e2030d78a4f8438fbd0f094a2aaedcbd3ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe

Filesize
184KB

MD5
d8a5233ca6ff70296a366b28d4896b70

SHA1
a7452ecde0d4c2865049a32b0c39c029e083979c

SHA256
6bf022e8060d6ecc9a5467a7e27c832af88f8a1f6474aacc510efe495cb42a48

SHA512
9fa5f68f778a3462c8f3ae2f12bcaca3853f97fcbb52ed4565ec244805cae141f961c647adb16a4afb3113eef32718a4aa351ba385d4deac0f7653462285239c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe

Filesize
184KB

MD5
198e2a4ce88f4d679ad671ed4e54282c

SHA1
ee9fec38659ba083f618a47137ea20b2d242b9bc

SHA256
fd79db3fcc1411784ec1a79f420f5470c6c0aaeb18666074e05937c14bce23b5

SHA512
f23531e4eb7c31dff4dc09a691f50c4c0cb2dcd109295e435702a3a93a2f5f8009bb954e61d41e42b98dafc39093f2841096458bd5813d8a1598e96741370569

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe

Filesize
184KB

MD5
5ddf82bbaa0f14e01440f9647597a8d1

SHA1
15488f0934159342fac93c00b5f0d5fbfd1ea9ff

SHA256
ef38ce196b15b3fb3689624d57df850baec9a2cbf8cc027f8649ae2829f72875

SHA512
8e46e4acab2fdecf9547f2f445903feb8a5a290d69645b402b494ad5349f53e7fe99b09ff00a8e398a776b77671b65cf7946707d8b079cef075035b4b554f633

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62625.exe

Filesize
184KB

MD5
37a525473d7ef0450885301c65720d5b

SHA1
e1ff29c440a8492a0c484932048eb282b3a4312d

SHA256
7552e031eaabfa6925378c91d53d3fc50417fc9b976ee868c5218cec980329cf

SHA512
8884f9c4b7e09cd54608ee34dd6996f989a211765231501fdea9735ce64cc34d203b91a4f9a618729277e9b04d4d8a30a4f31093bea4b10708767d967d028f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe

Filesize
184KB

MD5
e8233afd6ec22d4bfb84c194e8c98876

SHA1
18d3c6c9edb88ba522b017085840143fcd149efa

SHA256
6d45c336619561f4417d34b153ee55280ab69d32bdff5d51bdd36b08b32081df

SHA512
117f678437571866baa2fb2f242cfebfe0e6bff6e98bfe934923fe474dedb1568dc677e1104c6b6ae0d1104b5a2ff40215d1ac6757ffc1bfbce0e22547dec34c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe

Filesize
184KB

MD5
3be5d99d2ff35af320c9fca7d3b23d95

SHA1
53d72f65a74b0fbdae0ead3a8562ae0ac04eee00

SHA256
6f8618c28daafbae959fcd36c35b03e823cc7e9c4123f39baeca9f6679ac0fb6

SHA512
eccddd7ad14043f64ab0c97aa260056f7d62a6cb4f652e1b86e26dd4cf1b1867f9c71603e1e0a1e841d0a0844363c88449014e81736a6dd0e7e08bb8acff5b9a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads