f2c81f7da0d28e45259c26d73df27d035c4c7933b3bc3978657e782d731aefa4

Analysis

max time kernel
74s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-04-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe
Size

196KB
MD5

e0170bd68b57d95971b92f32388fcee8
SHA1

632ea96478b8f7379f5fcd724fd5793e96448f8f
SHA256

f2c81f7da0d28e45259c26d73df27d035c4c7933b3bc3978657e782d731aefa4
SHA512

812dd31d31a0552d0fe4940f7f63210e2994631aeb68e2d98e479a9303d58f46bed6b1ab66934e80d50949a661ff0eb62a81e0aa68b445cce051b33c1531f78b
SSDEEP

3072:4rXJoq2McwAUkbn19ddQJi8l6h2br+KVTbRFx7xvn/2lVvMe:4rZoxhjbLdyJi8tdx12lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 63 IoCs

pid	Process
1788	Unicorn-16155.exe
2536	Unicorn-60786.exe
2688	Unicorn-50158.exe
2616	Unicorn-1528.exe
2708	Unicorn-47200.exe
2392	Unicorn-17865.exe
2880	Unicorn-45187.exe
2652	Unicorn-13583.exe
2828	Unicorn-817.exe
2144	Unicorn-37211.exe
1568	Unicorn-26582.exe
2492	Unicorn-8041.exe
1720	Unicorn-4512.exe
2088	Unicorn-49266.exe
1216	Unicorn-65.exe
2572	Unicorn-14600.exe
2188	Unicorn-26298.exe
344	Unicorn-42826.exe
2796	Unicorn-48534.exe
2924	Unicorn-36241.exe
2972	Unicorn-8207.exe
1264	Unicorn-35364.exe
968	Unicorn-53428.exe
1768	Unicorn-42799.exe
1680	Unicorn-46521.exe
1052	Unicorn-2151.exe
1964	Unicorn-38353.exe
2296	Unicorn-63049.exe
2084	Unicorn-2343.exe
880	Unicorn-38545.exe
2300	Unicorn-10511.exe
1532	Unicorn-30377.exe
1640	Unicorn-18483.exe
340	Unicorn-23121.exe
2500	Unicorn-59515.exe
2720	Unicorn-2146.exe
2172	Unicorn-61762.exe
2448	Unicorn-57123.exe
1760	Unicorn-53786.exe
2668	Unicorn-32619.exe
2636	Unicorn-65483.exe
1888	Unicorn-37449.exe
2908	Unicorn-8306.exe
272	Unicorn-24643.exe
320	Unicorn-29473.exe
1628	Unicorn-330.exe
1636	Unicorn-37558.exe
2640	Unicorn-4886.exe
2904	Unicorn-24752.exe
1528	Unicorn-41088.exe
1492	Unicorn-21222.exe
1736	Unicorn-47642.exe
696	Unicorn-49680.exe
992	Unicorn-35944.exe
804	Unicorn-55810.exe
3068	Unicorn-43749.exe
2660	Unicorn-28743.exe
1332	Unicorn-19314.exe
2644	Unicorn-24107.exe
1896	Unicorn-5134.exe
2100	Unicorn-54953.exe
2008	Unicorn-17987.exe
1624	Unicorn-60088.exe

Loads dropped DLL 64 IoCs

pid	Process
2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe
2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe
1788	Unicorn-16155.exe
1788	Unicorn-16155.exe
2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe
2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe
1788	Unicorn-16155.exe
1788	Unicorn-16155.exe
2536	Unicorn-60786.exe
2536	Unicorn-60786.exe
2688	Unicorn-50158.exe
2688	Unicorn-50158.exe
2708	Unicorn-47200.exe
2708	Unicorn-47200.exe
2616	Unicorn-1528.exe
2616	Unicorn-1528.exe
2536	Unicorn-60786.exe
2536	Unicorn-60786.exe
2392	Unicorn-17865.exe
2392	Unicorn-17865.exe
2688	Unicorn-50158.exe
2688	Unicorn-50158.exe
2880	Unicorn-45187.exe
2880	Unicorn-45187.exe
2708	Unicorn-47200.exe
2708	Unicorn-47200.exe
2828	Unicorn-817.exe
2828	Unicorn-817.exe
2652	Unicorn-13583.exe
2652	Unicorn-13583.exe
2616	Unicorn-1528.exe
1568	Unicorn-26582.exe
2616	Unicorn-1528.exe
1568	Unicorn-26582.exe
2144	Unicorn-37211.exe
2144	Unicorn-37211.exe
2392	Unicorn-17865.exe
2392	Unicorn-17865.exe
2492	Unicorn-8041.exe
2492	Unicorn-8041.exe
2880	Unicorn-45187.exe
2880	Unicorn-45187.exe
1720	Unicorn-4512.exe
1720	Unicorn-4512.exe
2088	Unicorn-49266.exe
2088	Unicorn-49266.exe
2828	Unicorn-817.exe
2828	Unicorn-817.exe
1216	Unicorn-65.exe
1216	Unicorn-65.exe
2652	Unicorn-13583.exe
2652	Unicorn-13583.exe
2572	Unicorn-14600.exe
2572	Unicorn-14600.exe
2188	Unicorn-26298.exe
2188	Unicorn-26298.exe
1568	Unicorn-26582.exe
1568	Unicorn-26582.exe
2796	Unicorn-48534.exe
2796	Unicorn-48534.exe
2144	Unicorn-37211.exe
2144	Unicorn-37211.exe
344	Unicorn-42826.exe
344	Unicorn-42826.exe

Program crash 14 IoCs

pid	pid_target	Process	procid_target
1816	2296	WerFault.exe	55
2624	2300	WerFault.exe	58
540	1264	WerFault.exe	49
1840	2500	WerFault.exe	62
1132	2720	WerFault.exe	63
620	2172	WerFault.exe	64
1432	2448	WerFault.exe	65
2276	1760	WerFault.exe	66
752	340	WerFault.exe	61
2792	968	WerFault.exe	50
664	2972	WerFault.exe	48
2280	3068	WerFault.exe	94
1008	1896	WerFault.exe	100
2976	992	WerFault.exe	84

Suspicious use of SetWindowsHookEx 58 IoCs

pid	Process
2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe
1788	Unicorn-16155.exe
2536	Unicorn-60786.exe
2688	Unicorn-50158.exe
2708	Unicorn-47200.exe
2616	Unicorn-1528.exe
2392	Unicorn-17865.exe
2880	Unicorn-45187.exe
2652	Unicorn-13583.exe
2828	Unicorn-817.exe
2144	Unicorn-37211.exe
1568	Unicorn-26582.exe
2492	Unicorn-8041.exe
1720	Unicorn-4512.exe
2088	Unicorn-49266.exe
1216	Unicorn-65.exe
2572	Unicorn-14600.exe
2188	Unicorn-26298.exe
344	Unicorn-42826.exe
2796	Unicorn-48534.exe
2924	Unicorn-36241.exe
2972	Unicorn-8207.exe
1264	Unicorn-35364.exe
968	Unicorn-53428.exe
1768	Unicorn-42799.exe
1680	Unicorn-46521.exe
1052	Unicorn-2151.exe
1964	Unicorn-38353.exe
2296	Unicorn-63049.exe
2084	Unicorn-2343.exe
2300	Unicorn-10511.exe
880	Unicorn-38545.exe
1532	Unicorn-30377.exe
1640	Unicorn-18483.exe
340	Unicorn-23121.exe
2500	Unicorn-59515.exe
2720	Unicorn-2146.exe
2172	Unicorn-61762.exe
2448	Unicorn-57123.exe
1760	Unicorn-53786.exe
2668	Unicorn-32619.exe
1888	Unicorn-37449.exe
2636	Unicorn-65483.exe
272	Unicorn-24643.exe
2908	Unicorn-8306.exe
320	Unicorn-29473.exe
2904	Unicorn-24752.exe
1528	Unicorn-41088.exe
1636	Unicorn-37558.exe
2640	Unicorn-4886.exe
1628	Unicorn-330.exe
804	Unicorn-55810.exe
696	Unicorn-49680.exe
3068	Unicorn-43749.exe
2660	Unicorn-28743.exe
1896	Unicorn-5134.exe
992	Unicorn-35944.exe
1736	Unicorn-47642.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 1788	2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe	28
PID 2952 wrote to memory of 1788	2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe	28
PID 2952 wrote to memory of 1788	2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe	28
PID 2952 wrote to memory of 1788	2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe	28
PID 1788 wrote to memory of 2536	1788	Unicorn-16155.exe	29
PID 1788 wrote to memory of 2536	1788	Unicorn-16155.exe	29
PID 1788 wrote to memory of 2536	1788	Unicorn-16155.exe	29
PID 1788 wrote to memory of 2536	1788	Unicorn-16155.exe	29
PID 2952 wrote to memory of 2688	2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe	30
PID 2952 wrote to memory of 2688	2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe	30
PID 2952 wrote to memory of 2688	2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe	30
PID 2952 wrote to memory of 2688	2952	e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe	30
PID 2536 wrote to memory of 2616	2536	Unicorn-60786.exe	32
PID 2536 wrote to memory of 2616	2536	Unicorn-60786.exe	32
PID 2536 wrote to memory of 2616	2536	Unicorn-60786.exe	32
PID 2536 wrote to memory of 2616	2536	Unicorn-60786.exe	32
PID 1788 wrote to memory of 2708	1788	Unicorn-16155.exe	31
PID 1788 wrote to memory of 2708	1788	Unicorn-16155.exe	31
PID 1788 wrote to memory of 2708	1788	Unicorn-16155.exe	31
PID 1788 wrote to memory of 2708	1788	Unicorn-16155.exe	31
PID 2688 wrote to memory of 2392	2688	Unicorn-50158.exe	33
PID 2688 wrote to memory of 2392	2688	Unicorn-50158.exe	33
PID 2688 wrote to memory of 2392	2688	Unicorn-50158.exe	33
PID 2688 wrote to memory of 2392	2688	Unicorn-50158.exe	33
PID 2708 wrote to memory of 2880	2708	Unicorn-47200.exe	34
PID 2708 wrote to memory of 2880	2708	Unicorn-47200.exe	34
PID 2708 wrote to memory of 2880	2708	Unicorn-47200.exe	34
PID 2708 wrote to memory of 2880	2708	Unicorn-47200.exe	34
PID 2616 wrote to memory of 2652	2616	Unicorn-1528.exe	35
PID 2616 wrote to memory of 2652	2616	Unicorn-1528.exe	35
PID 2616 wrote to memory of 2652	2616	Unicorn-1528.exe	35
PID 2616 wrote to memory of 2652	2616	Unicorn-1528.exe	35
PID 2536 wrote to memory of 2828	2536	Unicorn-60786.exe	36
PID 2536 wrote to memory of 2828	2536	Unicorn-60786.exe	36
PID 2536 wrote to memory of 2828	2536	Unicorn-60786.exe	36
PID 2536 wrote to memory of 2828	2536	Unicorn-60786.exe	36
PID 2392 wrote to memory of 2144	2392	Unicorn-17865.exe	37
PID 2392 wrote to memory of 2144	2392	Unicorn-17865.exe	37
PID 2392 wrote to memory of 2144	2392	Unicorn-17865.exe	37
PID 2392 wrote to memory of 2144	2392	Unicorn-17865.exe	37
PID 2688 wrote to memory of 1568	2688	Unicorn-50158.exe	38
PID 2688 wrote to memory of 1568	2688	Unicorn-50158.exe	38
PID 2688 wrote to memory of 1568	2688	Unicorn-50158.exe	38
PID 2688 wrote to memory of 1568	2688	Unicorn-50158.exe	38
PID 2880 wrote to memory of 2492	2880	Unicorn-45187.exe	39
PID 2880 wrote to memory of 2492	2880	Unicorn-45187.exe	39
PID 2880 wrote to memory of 2492	2880	Unicorn-45187.exe	39
PID 2880 wrote to memory of 2492	2880	Unicorn-45187.exe	39
PID 2708 wrote to memory of 1720	2708	Unicorn-47200.exe	40
PID 2708 wrote to memory of 1720	2708	Unicorn-47200.exe	40
PID 2708 wrote to memory of 1720	2708	Unicorn-47200.exe	40
PID 2708 wrote to memory of 1720	2708	Unicorn-47200.exe	40
PID 2828 wrote to memory of 2088	2828	Unicorn-817.exe	41
PID 2828 wrote to memory of 2088	2828	Unicorn-817.exe	41
PID 2828 wrote to memory of 2088	2828	Unicorn-817.exe	41
PID 2828 wrote to memory of 2088	2828	Unicorn-817.exe	41
PID 2652 wrote to memory of 1216	2652	Unicorn-13583.exe	42
PID 2652 wrote to memory of 1216	2652	Unicorn-13583.exe	42
PID 2652 wrote to memory of 1216	2652	Unicorn-13583.exe	42
PID 2652 wrote to memory of 1216	2652	Unicorn-13583.exe	42
PID 2616 wrote to memory of 2572	2616	Unicorn-1528.exe	43
PID 2616 wrote to memory of 2572	2616	Unicorn-1528.exe	43
PID 2616 wrote to memory of 2572	2616	Unicorn-1528.exe	43
PID 2616 wrote to memory of 2572	2616	Unicorn-1528.exe	43

C:\Users\Admin\AppData\Local\Temp\e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e0170bd68b57d95971b92f32388fcee8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19314.exe
        9⤵
        Executes dropped EXE
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        11⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
        8⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        10⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        11⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49126.exe
        12⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
        7⤵
        Executes dropped EXE
        
        PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 244
        8⤵
        Program crash
        
        PID:1432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 248
        7⤵
        Program crash
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 244
        7⤵
        Program crash
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42799.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        8⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        7⤵
        Program crash
        
        PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18483.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17987.exe
        9⤵
        Executes dropped EXE
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20069.exe
        10⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 244
        8⤵
        Program crash
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 244
        7⤵
        Program crash
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        7⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 244
        7⤵
        Program crash
        
        PID:1840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 248
        6⤵
        Program crash
        
        PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 244
        7⤵
        Program crash
        
        PID:1132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 248
        6⤵
        Program crash
        
        PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 244
        6⤵
        Program crash
        
        PID:620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41088.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        8⤵
        Executes dropped EXE
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        9⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        6⤵
        Executes dropped EXE
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        6⤵
        Program crash
        
        PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48534.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        7⤵
        Executes dropped EXE
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 244
        7⤵
        Program crash
        
        PID:1008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 244
        6⤵
        Program crash
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        7⤵
        
        PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe

Filesize
196KB

MD5
db84f1d6b53dfca4862b14ec07d45d32

SHA1
a7a38d3cc93eada894157643e94b4204c8ff2124

SHA256
545a27e9ac038d28fe79f45030f3f2cbc69546cd821037cbb930319bb73365d9

SHA512
12bf3fce7463139b0342ab6d4d8d22085d9656a4e8a0abebf853f20b05f675d18b3cf3d51f4bcf2dd3a71e544ab56e9cbd1e8db240030e4d01ce1ff75a836893

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe

Filesize
196KB

MD5
d1c91666118fb5142c26ea2054f7fb13

SHA1
e816ae0996e525b112467f05444d6dc0f2df6788

SHA256
eb1dc2fc5ae566a71a0261c099aec1d697ceafbe098dbe0a6fb97d57bbd099c2

SHA512
1ac75075165e56483d92afccc1ac3fd8f7b1c0e6726b69e0ebc7d622a81058309cdfbc8f879a20d369d086e94a3d67e8a74102a7ed5b8f9a1cd6d364e79e608c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe

Filesize
196KB

MD5
4ddae11d1394e3abdcde39fbf2c4e065

SHA1
b2a661e5ef7c8aba87474530c096c77bd95b3b72

SHA256
a46deb4ba92944e2ae3d80b24e1f0ad60bf36b326b288d6b7b2fb1b2aa33c795

SHA512
fe8e72a88557bfe674bbbd7a6fba86534175883280d15707c177315685f286d4b43538b7c05007c21fd53984cab2b7bed282f165f6820ab8841b6ca90aeb41b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe

Filesize
196KB

MD5
cdcd2276fbc4723cedede01558ef7e3a

SHA1
7f6d877162f129dd3a48acff4c4c4ae8618a6946

SHA256
4b3e69dc6c3c74a3b4622c44e5dd023a8121a3815423c2f83c3b0a223527a731

SHA512
a6f7c9ef77a068b51683f84f1265cbaf30ea495f68eb1cfda8943465c124caa51e3d45f8682dd9ef8c88aaf937e3f06ce0ff8f88407802a9b9cad86306ce30fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe

Filesize
196KB

MD5
5615f9f7525e5990b9fa111f15929cb0

SHA1
7d0f52201a3a569f32e3620c37cd42214b4bc263

SHA256
80078d1eaf55ac1bd1b69772de257c7ced3568bb47f0675cb1f3cb6e4e739806

SHA512
33d28852769bcbc1b1ca43fb4fc551c7cf39c205a9306303901d4aaa65c3fd3728fb6335c8d4a9a205fbc308e04fc6f2af1bfc323e7c61a1c343a85617ed09af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe

Filesize
196KB

MD5
6c36a83de16a7b20864c2fc5a5cabac3

SHA1
f4368b43fbb4eae9f07711cd5921470ba9286ca8

SHA256
3be6dcd483179e8461ade5e38b17bce8ee8c6f31276fb4608deb4569186cf143

SHA512
cdb75e7d5f5a763e47ab6a35a3cee3d5ecf027e8bb8d6e41c2da1668930221e2ddda802d64c960231fd1b2a04c6115500451d668890d719251d3c41001453f51

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe

Filesize
196KB

MD5
beb84c0aabf50ada9b15189a086ee446

SHA1
ca2dac6ada0db99fd810ca255754b05871875822

SHA256
e0c306a2dade3e678b6c00badb5882e5c04924b30d2793513428d6b16c3bc464

SHA512
229685149e167a310a87824c6800f35e99512e57d9cb4af33b6ea0ada32811ea408d2c5d2cad3946fc1aad4c404302dd0a29dc835d2a7017fd6ea081c6a6bc7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe

Filesize
196KB

MD5
4968483235ccda69cfc81d97ffa9321d

SHA1
96fe4eaa64583cb92ba1c6a182ec4aeee4db5b5d

SHA256
0e9f2d606810d14a85e88cf726f6f6193cd9caa04c540741f11af0c98882ab06

SHA512
d1840ad93c0a84764a2add6c1fedd7611d7de55c865c35fbc6411e3c572892cb7d11815e28cffc4b826a01c0dfdfb575b19e8548d12788d03d995de89416b1a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe

Filesize
196KB

MD5
41eb78a4cedf39301b3d16c8c8d8c645

SHA1
e2a0531a7f28c5dd6c53c67b00ace4c6f3ab9a40

SHA256
944412b86ef35bb882f96d3c6213902c77bc106f8ec938f8b7c55278efad7007

SHA512
d3486b92893095d67bed3b2b4975efe0735f419314116d409b1921d185cf1cd16e3173ce9eea1acb429fdbb6a9f2dc37eb375de28a0397aae712eae4d89f468d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe

Filesize
196KB

MD5
78155bbf69505d710cb9c3e303976aaa

SHA1
74229776dc4eab4680f22a0e9f9d1a7e63d035ea

SHA256
4b41b7e1303d56d6da431edef976df355da2728a06c5b894730eb7341cee8bfc

SHA512
8b800a9f224846b09b99e2e60d7cdb269c3779122864ffd021244425bc99a7a58af1ab912efd3c83c94e2c011219ba1f60fc680a0c42c8d92c57c8711ca8da21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe

Filesize
196KB

MD5
5bd1c5a35f45fd7d73beaf3dfa9c59be

SHA1
812443e2418e76e775d5f4b31899fd344fa7fa69

SHA256
f49dbd2d4b1047c6264ad5f4975ce935366227ad1799844ff854dba794deef99

SHA512
203f8e2468cd65b963788ccea8fffa1faec4da2d9a181be6ef440dd48ad03a41255d4e43209095a83615f4410ca11bde790fbb9c579db66b547a06283656a17d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe

Filesize
196KB

MD5
74c6ed8405cf77e986df4c279247d7e8

SHA1
ad31e4b89d4c64bbd28285ca536fd81c990ec84a

SHA256
b2db8ee8d32d78b15b427a6b4c3d9dad0ed11cdbb225b8c5224646526f692ef9

SHA512
92ee18ed328032b71c015bb347aae96dbd2bc19fcc572604b0283a1c05dbf433d191a10bc5c3928d776db111d2b6582e79d5d4e565073928e8b96ddf7a1a1c9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe

Filesize
196KB

MD5
b271edd60a614794ff4a660158b4db5c

SHA1
bf1b6e61d002305959a15cac1dd7dd2126a3dceb

SHA256
96252f770e5798612ee2b8474e7137af8de02c3fbecd536ff50f292e354db02e

SHA512
2721fef377dcc9c8784b4eb6ca0be7f3e4fff3e3017dcefc736663244ca99e558d8b4032e9956d2072f5cac54d88daf43dd5c9de96e5d9341a468616dd207816

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe

Filesize
196KB

MD5
ee0e644b9fd0b23c11fcae8de0340ac6

SHA1
5171bff8c2dfdef233d16c4a043a0d0983a7666a

SHA256
e5408daaa162458fd42718eafaf0212f581c0993346ad6ae5a4fe151bb5491dc

SHA512
fe864ae519a62c63915682b26cac929947883dbc20ea99cb143dabfc9d11fa9ff5efb7943aecf405cb3dc30d73f258f389a3cbece28e92b2d53e4bbd630425b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe

Filesize
196KB

MD5
f6162da913fc8c30c06f411ec901eabd

SHA1
3561839c09eaf4f9decb1aaed5f0c368883535b2

SHA256
a5344bf809aa84bc428af3fca11acdb2c2af4f10d77c6625dc8e9a17830fe097

SHA512
4a73771275bacfe31ad2e02459f315909387e7da418afdd466be8a54d0909392d15168c3412fc1e579be93428ec9653bc13030c378ad6bf195ef06c682a4a29a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65.exe

Filesize
196KB

MD5
4686c243fa82d676027cc4e92096f9b9

SHA1
9736350075611be7c1f53bb2a8bbdf79d8569c52

SHA256
5d5dfc2790fb2ee4440bdb857975dc45e5b0eebdec46b2bb07348c710692e4ce

SHA512
2b09217e23d121d05a153192fa654a96af33353f989b5b5081d01317161cf03a967b142400fe1689151f35c675409dfed88433e80666d079c41de02c30cab048

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe

Filesize
196KB

MD5
07f04120772a92551baba895bbb928fe

SHA1
471a3c07a8fe505869150120c4b9d651bcea18e6

SHA256
2ca039e226de691ec119785618067b2f5fbb930e7b60697da8e37a1066a4c06e

SHA512
e96e3d58be405c071fd06f9b80e348787ef6b51f550d365586984a7028257842bd37abf0b79c51fc1b001f3f72a5c050a487e21283078e70206681ce775b4a1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-817.exe

Filesize
196KB

MD5
252e95f8130aea7df657de336a2825e0

SHA1
713d1b6984fc9e49235721d6e7f89287e7c14cbd

SHA256
af16b543c29d7021968cd98fe2a2b7462d307d591e11f3a5408075adf39b1018

SHA512
9cc69d2b1775c087531d343271bca56a9100f6beb36583dcbeebe95bea36e9b50e83d3f446cfbd659ac912753323a77a3d0fb57eb98e4c937b4464db6b063baa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads