8d17754acb1d28978d3e6abbaceb8ccd5fe8e49e6d3c72ff207eb9be7ddfe04a

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-03-2024 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe
Size

192KB
MD5

19ffda18bce56182a738ec1eca6c862b
SHA1

53d3cfe3ddd9dca5a60ccacc2b1aa1d292580734
SHA256

8d17754acb1d28978d3e6abbaceb8ccd5fe8e49e6d3c72ff207eb9be7ddfe04a
SHA512

d5c64b1b763f741210e9d14a595df7267ef0590e1586d87bf57b54cb4f666b1a496d29b021b48bcfe65106f392056ac9a2b0d5287e078a13bd33eb4d1b2f6062
SSDEEP

3072:J/QYoGoZmtOX33fbdjjWsJZw651Mmu6HuLxsjTcH9lTvpFf:J/ToUQX3Dd/WsJf5vW9lTvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2116	Unicorn-9899.exe
2708	Unicorn-15265.exe
2796	Unicorn-11928.exe
2712	Unicorn-17927.exe
2480	Unicorn-3008.exe
2972	Unicorn-45961.exe
2096	Unicorn-58571.exe
2956	Unicorn-54124.exe
2644	Unicorn-21068.exe
1960	Unicorn-8410.exe
872	Unicorn-3771.exe
936	Unicorn-7178.exe
2332	Unicorn-9674.exe
1592	Unicorn-14121.exe
2904	Unicorn-50515.exe
1184	Unicorn-63898.exe
824	Unicorn-42731.exe
1604	Unicorn-24100.exe
1076	Unicorn-16302.exe
2036	Unicorn-33406.exe
1832	Unicorn-42342.exe
792	Unicorn-25046.exe
2016	Unicorn-3893.exe
2324	Unicorn-14116.exe
2948	Unicorn-49550.exe
2992	Unicorn-29300.exe
2744	Unicorn-52404.exe
2456	Unicorn-24906.exe
2720	Unicorn-65170.exe
2512	Unicorn-49794.exe
1356	Unicorn-4272.exe
2684	Unicorn-48642.exe
2828	Unicorn-13016.exe
2960	Unicorn-41050.exe
1028	Unicorn-59306.exe
768	Unicorn-39440.exe
1468	Unicorn-59306.exe
1972	Unicorn-39763.exe
2640	Unicorn-63753.exe
2876	Unicorn-29596.exe
2152	Unicorn-30630.exe
2404	Unicorn-16519.exe
1780	Unicorn-36385.exe
2296	Unicorn-41215.exe
2052	Unicorn-43633.exe
832	Unicorn-30635.exe
1508	Unicorn-53484.exe
1764	Unicorn-12643.exe
1976	Unicorn-12643.exe
2192	Unicorn-12643.exe
1792	Unicorn-12643.exe
1996	Unicorn-12643.exe
2964	Unicorn-4916.exe
2604	Unicorn-46333.exe
2140	Unicorn-4916.exe
2536	Unicorn-59249.exe
3156	Unicorn-52078.exe
3188	Unicorn-35550.exe
3228	Unicorn-52462.exe
3320	Unicorn-56655.exe
3364	Unicorn-9758.exe
3420	Unicorn-34071.exe
3520	Unicorn-53204.exe
3556	Unicorn-44844.exe

Loads dropped DLL 64 IoCs

pid	Process
2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe
2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe
2116	Unicorn-9899.exe
2116	Unicorn-9899.exe
2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe
2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe
2708	Unicorn-15265.exe
2116	Unicorn-9899.exe
2708	Unicorn-15265.exe
2116	Unicorn-9899.exe
2796	Unicorn-11928.exe
2796	Unicorn-11928.exe
2784	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
2480	Unicorn-3008.exe
2708	Unicorn-15265.exe
2480	Unicorn-3008.exe
2708	Unicorn-15265.exe
2712	Unicorn-17927.exe
2712	Unicorn-17927.exe
2796	Unicorn-11928.exe
2796	Unicorn-11928.exe
2972	Unicorn-45961.exe
2972	Unicorn-45961.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
2096	Unicorn-58571.exe
2096	Unicorn-58571.exe
2644	Unicorn-21068.exe
2644	Unicorn-21068.exe
2712	Unicorn-17927.exe
2712	Unicorn-17927.exe
872	Unicorn-3771.exe
872	Unicorn-3771.exe
2972	Unicorn-45961.exe
2972	Unicorn-45961.exe
1960	Unicorn-8410.exe
1960	Unicorn-8410.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
2280	WerFault.exe
2280	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2832	2088	WerFault.exe	27
2784	2116	WerFault.exe	28
572	2708	WerFault.exe	29
1296	2796	WerFault.exe	30
1804	2712	WerFault.exe	33
2280	2972	WerFault.exe	34
2400	2096	WerFault.exe	37
2620	2644	WerFault.exe	38
2136	1960	WerFault.exe	39
2544	872	WerFault.exe	40
2776	2480	WerFault.exe	32
1692	2904	WerFault.exe	46
1836	824	WerFault.exe	48
1188	1592	WerFault.exe	45
964	2036	WerFault.exe	53
1516	2948	WerFault.exe	59
1728	1076	WerFault.exe	52
1800	792	WerFault.exe	56
3000	2992	WerFault.exe	58
2624	1184	WerFault.exe	47
2020	2332	WerFault.exe	44
3016	2456	WerFault.exe	66
2040	2684	WerFault.exe	70
1040	1604	WerFault.exe	51
2272	1356	WerFault.exe	69
596	1028	WerFault.exe	74
2980	2744	WerFault.exe	62
2652	1832	WerFault.exe	54
992	2828	WerFault.exe	71
1956	1972	WerFault.exe	76
3124	2512	WerFault.exe	67
3276	2640	WerFault.exe	77
3344	2960	WerFault.exe	72
3444	2720	WerFault.exe	68
3544	1468	WerFault.exe	75
3668	2016	WerFault.exe	55
3676	2324	WerFault.exe	57
4040	768	WerFault.exe	73
3172	832	WerFault.exe	87
3180	2052	WerFault.exe	85
3352	2876	WerFault.exe	82
3428	1780	WerFault.exe	83
3392	2152	WerFault.exe	81
3924	1792	WerFault.exe	97
4012	1976	WerFault.exe	95
4060	2604	WerFault.exe	99
3244	2140	WerFault.exe	101
3284	1996	WerFault.exe	98
3360	2964	WerFault.exe	100
3704	2192	WerFault.exe	96
4112	3228	WerFault.exe	119
4168	1508	WerFault.exe	93
4160	3420	WerFault.exe	124
4196	1764	WerFault.exe	94
4348	3320	WerFault.exe	121
4356	3364	WerFault.exe	123
4388	2536	WerFault.exe	102
4544	3780	WerFault.exe	133
4608	3156	WerFault.exe	117
4636	3520	WerFault.exe	126
4828	3884	WerFault.exe	135
5052	2296	WerFault.exe	86
4440	3600	WerFault.exe	129
2244	3800	WerFault.exe	149

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe
2116	Unicorn-9899.exe
2708	Unicorn-15265.exe
2796	Unicorn-11928.exe
2712	Unicorn-17927.exe
2480	Unicorn-3008.exe
2972	Unicorn-45961.exe
2096	Unicorn-58571.exe
872	Unicorn-3771.exe
2644	Unicorn-21068.exe
1960	Unicorn-8410.exe
936	Unicorn-7178.exe
2332	Unicorn-9674.exe
2904	Unicorn-50515.exe
1184	Unicorn-63898.exe
824	Unicorn-42731.exe
1592	Unicorn-14121.exe
1604	Unicorn-24100.exe
1832	Unicorn-42342.exe
2016	Unicorn-3893.exe
1076	Unicorn-16302.exe
2036	Unicorn-33406.exe
2324	Unicorn-14116.exe
2948	Unicorn-49550.exe
792	Unicorn-25046.exe
2992	Unicorn-29300.exe
2744	Unicorn-52404.exe
2456	Unicorn-24906.exe
2720	Unicorn-65170.exe
1356	Unicorn-4272.exe
2684	Unicorn-48642.exe
2960	Unicorn-41050.exe
1028	Unicorn-59306.exe
1468	Unicorn-59306.exe
2512	Unicorn-49794.exe
768	Unicorn-39440.exe
2640	Unicorn-63753.exe
2828	Unicorn-13016.exe
1972	Unicorn-39763.exe
2876	Unicorn-29596.exe
2404	Unicorn-16519.exe
2052	Unicorn-43633.exe
832	Unicorn-30635.exe
2296	Unicorn-41215.exe
2152	Unicorn-30630.exe
1780	Unicorn-36385.exe
1508	Unicorn-53484.exe
1996	Unicorn-12643.exe
1976	Unicorn-12643.exe
1792	Unicorn-12643.exe
1764	Unicorn-12643.exe
2192	Unicorn-12643.exe
2604	Unicorn-46333.exe
2140	Unicorn-4916.exe
2964	Unicorn-4916.exe
2536	Unicorn-59249.exe
3228	Unicorn-52462.exe
3156	Unicorn-52078.exe
3188	Unicorn-35550.exe
3320	Unicorn-56655.exe
3364	Unicorn-9758.exe
3420	Unicorn-34071.exe
3556	Unicorn-44844.exe
3520	Unicorn-53204.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2116	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	28
PID 2088 wrote to memory of 2116	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	28
PID 2088 wrote to memory of 2116	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	28
PID 2088 wrote to memory of 2116	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	28
PID 2116 wrote to memory of 2708	2116	Unicorn-9899.exe	29
PID 2116 wrote to memory of 2708	2116	Unicorn-9899.exe	29
PID 2116 wrote to memory of 2708	2116	Unicorn-9899.exe	29
PID 2116 wrote to memory of 2708	2116	Unicorn-9899.exe	29
PID 2088 wrote to memory of 2796	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	30
PID 2088 wrote to memory of 2796	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	30
PID 2088 wrote to memory of 2796	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	30
PID 2088 wrote to memory of 2796	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	30
PID 2088 wrote to memory of 2832	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	31
PID 2088 wrote to memory of 2832	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	31
PID 2088 wrote to memory of 2832	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	31
PID 2088 wrote to memory of 2832	2088	19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe	31
PID 2116 wrote to memory of 2712	2116	Unicorn-9899.exe	33
PID 2116 wrote to memory of 2712	2116	Unicorn-9899.exe	33
PID 2116 wrote to memory of 2712	2116	Unicorn-9899.exe	33
PID 2116 wrote to memory of 2712	2116	Unicorn-9899.exe	33
PID 2708 wrote to memory of 2480	2708	Unicorn-15265.exe	32
PID 2708 wrote to memory of 2480	2708	Unicorn-15265.exe	32
PID 2708 wrote to memory of 2480	2708	Unicorn-15265.exe	32
PID 2708 wrote to memory of 2480	2708	Unicorn-15265.exe	32
PID 2796 wrote to memory of 2972	2796	Unicorn-11928.exe	34
PID 2796 wrote to memory of 2972	2796	Unicorn-11928.exe	34
PID 2796 wrote to memory of 2972	2796	Unicorn-11928.exe	34
PID 2796 wrote to memory of 2972	2796	Unicorn-11928.exe	34
PID 2116 wrote to memory of 2784	2116	Unicorn-9899.exe	35
PID 2116 wrote to memory of 2784	2116	Unicorn-9899.exe	35
PID 2116 wrote to memory of 2784	2116	Unicorn-9899.exe	35
PID 2116 wrote to memory of 2784	2116	Unicorn-9899.exe	35
PID 2480 wrote to memory of 2956	2480	Unicorn-3008.exe	36
PID 2480 wrote to memory of 2956	2480	Unicorn-3008.exe	36
PID 2480 wrote to memory of 2956	2480	Unicorn-3008.exe	36
PID 2480 wrote to memory of 2956	2480	Unicorn-3008.exe	36
PID 2708 wrote to memory of 2096	2708	Unicorn-15265.exe	37
PID 2708 wrote to memory of 2096	2708	Unicorn-15265.exe	37
PID 2708 wrote to memory of 2096	2708	Unicorn-15265.exe	37
PID 2708 wrote to memory of 2096	2708	Unicorn-15265.exe	37
PID 2712 wrote to memory of 2644	2712	Unicorn-17927.exe	38
PID 2712 wrote to memory of 2644	2712	Unicorn-17927.exe	38
PID 2712 wrote to memory of 2644	2712	Unicorn-17927.exe	38
PID 2712 wrote to memory of 2644	2712	Unicorn-17927.exe	38
PID 2796 wrote to memory of 1960	2796	Unicorn-11928.exe	39
PID 2796 wrote to memory of 1960	2796	Unicorn-11928.exe	39
PID 2796 wrote to memory of 1960	2796	Unicorn-11928.exe	39
PID 2796 wrote to memory of 1960	2796	Unicorn-11928.exe	39
PID 2972 wrote to memory of 872	2972	Unicorn-45961.exe	40
PID 2972 wrote to memory of 872	2972	Unicorn-45961.exe	40
PID 2972 wrote to memory of 872	2972	Unicorn-45961.exe	40
PID 2972 wrote to memory of 872	2972	Unicorn-45961.exe	40
PID 2708 wrote to memory of 572	2708	Unicorn-15265.exe	41
PID 2708 wrote to memory of 572	2708	Unicorn-15265.exe	41
PID 2708 wrote to memory of 572	2708	Unicorn-15265.exe	41
PID 2708 wrote to memory of 572	2708	Unicorn-15265.exe	41
PID 2796 wrote to memory of 1296	2796	Unicorn-11928.exe	42
PID 2796 wrote to memory of 1296	2796	Unicorn-11928.exe	42
PID 2796 wrote to memory of 1296	2796	Unicorn-11928.exe	42
PID 2796 wrote to memory of 1296	2796	Unicorn-11928.exe	42
PID 2096 wrote to memory of 936	2096	Unicorn-58571.exe	43
PID 2096 wrote to memory of 936	2096	Unicorn-58571.exe	43
PID 2096 wrote to memory of 936	2096	Unicorn-58571.exe	43
PID 2096 wrote to memory of 936	2096	Unicorn-58571.exe	43

C:\Users\Admin\AppData\Local\Temp\19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19ffda18bce56182a738ec1eca6c862b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        5⤵
        Executes dropped EXE
        
        PID:2956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 368
        5⤵
        Program crash
        
        PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        11⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 376
        12⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 376
        11⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 368
        10⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 368
        9⤵
        Program crash
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 376
        8⤵
        Program crash
        
        PID:3172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 376
        7⤵
        Program crash
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
        9⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 376
        9⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 380
        8⤵
        Program crash
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 376
        7⤵
        Program crash
        
        PID:3180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 376
        6⤵
        Program crash
        
        PID:1040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 376
        5⤵
        Program crash
        
        PID:2400
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17927.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        10⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12351.exe
        11⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        12⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 376
        12⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 376
        11⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 376
        10⤵
        Program crash
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        10⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        11⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
        12⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
        13⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 376
        12⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 368
        11⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 376
        10⤵
        Program crash
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 376
        9⤵
        Program crash
        
        PID:3392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 376
        8⤵
        Program crash
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12351.exe
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        11⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
        12⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 376
        12⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 368
        11⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 376
        10⤵
        Program crash
        
        PID:2244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 376
        9⤵
        Program crash
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 376
        8⤵
        Program crash
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 368
        7⤵
        Program crash
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
        10⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 376
        10⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 376
        9⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 376
        8⤵
        Program crash
        
        PID:4060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 376
        7⤵
        Program crash
        
        PID:992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 376
        6⤵
        Program crash
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32710.exe
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        10⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 376
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 376
        9⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 376
        8⤵
        Program crash
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 376
        7⤵
        Program crash
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
        9⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 376
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 376
        8⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 376
        7⤵
        Program crash
        
        PID:5052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 376
        6⤵
        Program crash
        
        PID:3676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 368
        5⤵
        Program crash
        
        PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33406.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        9⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 376
        9⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 376
        8⤵
        Program crash
        
        PID:3704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 376
        7⤵
        Program crash
        
        PID:3124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 372
        6⤵
        Program crash
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23459.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        9⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 376
        9⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 368
        8⤵
        Program crash
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
        9⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 368
        9⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 376
        8⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 380
        7⤵
        Program crash
        
        PID:4168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 376
        6⤵
        Program crash
        
        PID:2272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 380
        5⤵
        Program crash
        
        PID:1188
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:1804
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 380
        9⤵
        Program crash
        
        PID:3924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 376
        8⤵
        Program crash
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 376
        7⤵
        Program crash
        
        PID:1728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 380
        6⤵
        Program crash
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45228.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        11⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 380
        11⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 376
        10⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 376
        9⤵
        Program crash
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 376
        8⤵
        Program crash
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 376
        7⤵
        Program crash
        
        PID:1956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 376
        6⤵
        Program crash
        
        PID:3000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 368
        5⤵
        Program crash
        
        PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        9⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        10⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5529.exe
        11⤵
        
        PID:948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 376
        11⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 376
        10⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 376
        9⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 376
        8⤵
        Program crash
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 376
        7⤵
        Program crash
        
        PID:596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 376
        6⤵
        Program crash
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
        8⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
        9⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 376
        9⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 368
        8⤵
        Program crash
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 376
        7⤵
        Program crash
        
        PID:3360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 376
        6⤵
        Program crash
        
        PID:3276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 376
        5⤵
        Program crash
        
        PID:2624
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        9⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
        11⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 380
        10⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 376
        9⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 376
        8⤵
        Program crash
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 376
        7⤵
        Program crash
        
        PID:3344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 368
        6⤵
        Program crash
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        9⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 376
        10⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 376
        9⤵
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 376
        8⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 376
        7⤵
        Program crash
        
        PID:4196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 376
        6⤵
        Program crash
        
        PID:4040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 380
        5⤵
        Program crash
        
        PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3893.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        9⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 376
        9⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 376
        8⤵
        Program crash
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 376
        7⤵
        Program crash
        
        PID:3428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 376
        6⤵
        Program crash
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
        8⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 376
        8⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 376
        7⤵
        
        PID:6472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 368
        6⤵
        
        PID:4476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 376
        5⤵
        Program crash
        
        PID:3668
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 376
      4⤵
      Program crash
      PID:2136
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1296
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 376
  2⤵
  - Program crash
  PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe

Filesize
192KB

MD5
95185d2b65212c23b4f8684b6df776ec

SHA1
a1507073fa9e063308ec73ced1ec58887ecb2442

SHA256
495d667fd0de9759517c2aee6efe56ed3b5208066859ded4635310fb087f5dc8

SHA512
61132305ae709250cda5dce0fa30d0b640b3eef77f6d4f41a580b19d6e36582c8f20aeeef531f9b299cfb53446d864d3a9dbb47add8307ffdab4fe790fd8ef0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5529.exe

Filesize
192KB

MD5
4de2d9c1c3369cfc11dabab8b90c06b9

SHA1
6ca336d084a5cb7d4170c0be2e4e8febeefaf18c

SHA256
0523389ace3c3b35075848b27719357a2badabfd91f66b687ce5fe196dfc50f6

SHA512
1701c104e4c1aaf36ce8d2a30de9078bd8f3bc57563a8ad52c13aa5afd30fcc31cc820c220eb5ac9622141d5315cef912195827143b432dc37465e373b0b7d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe

Filesize
192KB

MD5
b5e78c1c84d76b7fef746c54b3744c8e

SHA1
b61515684d81371bd2aa2db8878735a3c5f93a9f

SHA256
bdf9d736798a6b98e6ea231a191435d7180396ed8faa01e2eafa6923e9ec127f

SHA512
d61e74feffd0987e6d70e3aa02926b0a77ffc8cd4e2650efd1efd59fcbc1d47197793d4488e71aafa13a508d509c657c8a833594be4c46e40d9713bc44bc4fe7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe

Filesize
192KB

MD5
28f766d7b80b1e53c483dd59e7f80cb4

SHA1
f406a0e6a9d9f0d6cbbacc1fcd9c097d74939f0d

SHA256
2364169ddf670a951bd21876446193ea01218893d95de15a777af9805355dcd1

SHA512
c29e3ecac6abb98984a29a1f1ca878adc7286a3aa1e4dc2ce52bd78773cb5c9e65abd7017c926076905eb85b9c16320242f94ffcefe6ac1121bc85805cb0f2a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe

Filesize
192KB

MD5
cb99df6a60208681efbcda5187b5c654

SHA1
a66315ad6c79498ea6b8b2fa6ac16a0fa184c116

SHA256
d4011d50713ff0424848760c8c92d3e2088eb7c3d82a620472ba4e3332c9ab19

SHA512
05bebce433a1f355cbbfeb0298b000a028e0ec57dfd02b001abf2e6f8ba21f4b28a3a517c6ab57ce49edd57344d0edcfe60edd59253940131a509b8075c0b313

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17927.exe

Filesize
192KB

MD5
df4acbad303be662a5127fe54ebf7be8

SHA1
b7ca17e61fe3477432e0fb563ff370b86631df5e

SHA256
45f202afb002539a543fa78ba59feae4da66596ab0259496c4737baec70e34d9

SHA512
d31b1103b4aa43727446ec0d356468f0dc021c149a5300c82b46c6b2b8d77f2cb98e7c2c4cc6b8c6a70136a905c9a1427d6c99bde78c4893810813808139393f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe

Filesize
192KB

MD5
83c663e2702711aba942dcb32cde1c89

SHA1
af7c112fb58e70eec21b3f6169e0d0672f3bec7f

SHA256
ccad36f2c94316c4c9c43096e92750e3a39e7db8af7420f0ecd66aadd8e6cbb7

SHA512
c806edb1bb913f1d2446b42b066e4483ebd3c8132eb41f5fd69b990d5dfc6d162318d9b5c2baddb3b2e93cefcb509aace312378cd3155e0917b76c90f37a0592

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe

Filesize
192KB

MD5
69dfde7f4d6c4e10951eaeb100a907f1

SHA1
ddd721e63c536ca9adcaadc653a687fac3d1b6a3

SHA256
b38a61841c10bcc38f4cb5dda06b4673b87ee51efef9604babea0ae108384598

SHA512
21b14b5ec0b6d2e11564a7b6ba501fadace92e143245698e99bcd2faefdf6c69a836001a80ef9c0717064dc836df635d088cd5bce329e871970f0d38f8ea468a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe

Filesize
192KB

MD5
942e003fa1a29e1acde0aad85124f1d2

SHA1
46584802c05ecc4c58301ba8d3cedb9111f347a3

SHA256
1a09af475be1ddc17e3d0b2b435f1f5776a4ae63d94e127f3b35466251185479

SHA512
b7c7a94ac1c9151d67ff6dbb08681cc974c5752f76038283017462f1ad882a8af0752f66ba4dd3514bb0da7d056491dc3bdec066c7365d6aba262165eeca5c9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe

Filesize
192KB

MD5
edbbeb12e7a2650bed894175d4fbe048

SHA1
a76197267175a6af3b28f6b45614dd0b3ffb7e6b

SHA256
0baad2b4286978b0773291d72e08dd7b0558e3f324720c77f7accfdc8f7fe0bc

SHA512
8b0f98e9abfb4b243f0e6bd9c681e61a784e999e71ab63c927cd4b7b9d8ee9144e74a226832985cd9a93c6db2174dc68ab6d0a0a858c892926cb2855943769f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe

Filesize
192KB

MD5
a62f5aa86daa5ad17fb3fef02daf2000

SHA1
12cfd92f2854d5db5a70a746bb692697dce12ebd

SHA256
703be413063182fc396c93bc29839f90b8376b932ddce70eee2eba02b41e5cb3

SHA512
503ca8f47ddd84a940ddea032d369bf0b1d76a05d02eec3a1f2eb9bdd112fa99656ff8d87be8cf5bf0c388ef080a3aa5ff95688f0a9605ae5d9a01c804ea8140

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe

Filesize
192KB

MD5
42e294efbd04cb68a8c6dd8a0335b62a

SHA1
9980429cb3705ffb3d0887e5c1242e0660001bc8

SHA256
045c3deb0a6c86e69ff131cbea566b7b8cf6163d8eccb7925766c6887fcbbb83

SHA512
f62cd39f05fc6abbe129d4fe526c97f9a4291edf1ef419efb5adba4f1c9fb58b8b55ef80dcab938c269658f61e44ea7b6f69eb5acb1bd711aa347df49f3aa524

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe

Filesize
192KB

MD5
811090852d2ca8a8d631f244cf803857

SHA1
a1a5edef40274def29d93b39bffb5d36184f281b

SHA256
1b8a59f4f45fcddffc756773f4b38fe3b8c79b3f19a88b8c98e64220903c61f6

SHA512
cebbec8d78a5266bfb31ce8062b6e39b30a01257cefb16f0632e8aee3987deaae48b0a1110d658d8c5df46851fbd4494a4886265302cf9e3d5325fec67b3ac00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads