a9fbae1f9bf753467ff61e1d93d79c8937206f4e4b9897932e326a0751f4acb4

Analysis

max time kernel
151s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

233effc04e0380b06e2868e4fcfd9297.exe
Size

184KB
MD5

233effc04e0380b06e2868e4fcfd9297
SHA1

90793af022d2183e7d1d9262f6384f04b52b332d
SHA256

a9fbae1f9bf753467ff61e1d93d79c8937206f4e4b9897932e326a0751f4acb4
SHA512

daf76ee6a0775ac5db96ac4aab5be44dec44e146131be764e66a5bde71f42f7596cf63bd7a5a88a67de49edeb4685816b58065d30290835b10b6c027272bf7ba
SSDEEP

3072:QA7aomxH02qTVYjgqUYWLjBL9ZR6zw6iaEEx9zPppslPvpFW:QAGoxpTVpq5WLjtpUXslPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2748	Unicorn-47333.exe
2784	Unicorn-48931.exe
2308	Unicorn-46238.exe
2724	Unicorn-40483.exe
2260	Unicorn-38620.exe
2464	Unicorn-37297.exe
1988	Unicorn-32035.exe
1644	Unicorn-41246.exe
1540	Unicorn-18688.exe
2356	Unicorn-58137.exe
1096	Unicorn-54157.exe
2384	Unicorn-46544.exe
760	Unicorn-17209.exe
2444	Unicorn-28069.exe
108	Unicorn-25377.exe
1548	Unicorn-50504.exe
2284	Unicorn-11609.exe
548	Unicorn-27946.exe
2520	Unicorn-51059.exe
2528	Unicorn-9471.exe
3004	Unicorn-5942.exe
3012	Unicorn-25808.exe
1608	Unicorn-30446.exe
2624	Unicorn-14214.exe
2728	Unicorn-65169.exe
3052	Unicorn-65361.exe
1864	Unicorn-16715.exe
2200	Unicorn-24329.exe
2560	Unicorn-55055.exe
2872	Unicorn-46503.exe
820	Unicorn-61832.exe
756	Unicorn-57364.exe
1724	Unicorn-24499.exe
2532	Unicorn-10685.exe
1532	Unicorn-20245.exe
1528	Unicorn-54671.exe
2892	Unicorn-37048.exe
1936	Unicorn-26742.exe
1932	Unicorn-23212.exe
892	Unicorn-60182.exe
1012	Unicorn-3368.exe
1256	Unicorn-41708.exe
2768	Unicorn-11536.exe
2692	Unicorn-40124.exe
2288	Unicorn-45600.exe
1780	Unicorn-52953.exe
584	Unicorn-64650.exe
1000	Unicorn-52206.exe
2060	Unicorn-41900.exe
2080	Unicorn-9035.exe
1852	Unicorn-43846.exe
2104	Unicorn-15642.exe
1616	Unicorn-12112.exe
664	Unicorn-14826.exe
2636	Unicorn-22248.exe
2176	Unicorn-51905.exe
1728	Unicorn-29901.exe
1912	Unicorn-566.exe
1068	Unicorn-24411.exe
2084	Unicorn-61168.exe
2332	Unicorn-13358.exe
1756	Unicorn-24433.exe
1624	Unicorn-32601.exe
2432	Unicorn-18787.exe

Loads dropped DLL 64 IoCs

pid	Process
2044	233effc04e0380b06e2868e4fcfd9297.exe
2044	233effc04e0380b06e2868e4fcfd9297.exe
2044	233effc04e0380b06e2868e4fcfd9297.exe
2044	233effc04e0380b06e2868e4fcfd9297.exe
2748	Unicorn-47333.exe
2748	Unicorn-47333.exe
2784	Unicorn-48931.exe
2784	Unicorn-48931.exe
2308	Unicorn-46238.exe
2308	Unicorn-46238.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
3040	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
2724	Unicorn-40483.exe
2724	Unicorn-40483.exe
2260	Unicorn-38620.exe
2260	Unicorn-38620.exe
1900	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1988	Unicorn-32035.exe
2464	Unicorn-37297.exe
2464	Unicorn-37297.exe
1988	Unicorn-32035.exe
2260	Unicorn-38620.exe
2260	Unicorn-38620.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
1540	Unicorn-18688.exe
1540	Unicorn-18688.exe
1988	Unicorn-32035.exe
2356	Unicorn-58137.exe
2356	Unicorn-58137.exe
1988	Unicorn-32035.exe
2464	Unicorn-37297.exe
1644	Unicorn-41246.exe
2464	Unicorn-37297.exe
1644	Unicorn-41246.exe
1672	WerFault.exe
1672	WerFault.exe
1672	WerFault.exe
1672	WerFault.exe
1672	WerFault.exe
904	WerFault.exe
904	WerFault.exe
904	WerFault.exe
904	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2840	2044	WerFault.exe	8
2192	2748	WerFault.exe	28
3040	2784	WerFault.exe	29
1900	2308	WerFault.exe	31
1588	2724	WerFault.exe	32
2256	2260	WerFault.exe	35
1672	2464	WerFault.exe	38
904	1988	WerFault.exe	37
2348	1540	WerFault.exe	41
2688	1644	WerFault.exe	42
2408	2356	WerFault.exe	43
312	108	WerFault.exe	47
1848	2444	WerFault.exe	48
1716	760	WerFault.exe	50
436	2384	WerFault.exe	49
952	1096	WerFault.exe	46
308	3052	WerFault.exe	70
2612	2728	WerFault.exe	71
2720	2284	WerFault.exe	54
740	2528	WerFault.exe	57
1736	3004	WerFault.exe	59
1700	2520	WerFault.exe	56
2812	1608	WerFault.exe	60
1652	548	WerFault.exe	55
2508	1724	WerFault.exe	67
1224	1528	WerFault.exe	75
2884	2560	WerFault.exe	73
656	756	WerFault.exe	69
3104	820	WerFault.exe	68
3164	1864	WerFault.exe	65
3220	1532	WerFault.exe	76
3228	1936	WerFault.exe	83
3312	892	WerFault.exe	86
3360	2892	WerFault.exe	82
3420	2200	WerFault.exe	64
3436	2872	WerFault.exe	66
3476	1932	WerFault.exe	84
3520	1256	WerFault.exe	88
3568	3012	WerFault.exe	58
3628	1548	WerFault.exe	53
3984	2532	WerFault.exe	74
3648	2692	WerFault.exe	90
3620	1624	WerFault.exe	116
3600	1780	WerFault.exe	94
3588	1000	WerFault.exe	98
4008	2636	WerFault.exe	106
3720	584	WerFault.exe	95
3540	2332	WerFault.exe	114
4032	2080	WerFault.exe	100
2052	2104	WerFault.exe	103
3796	2432	WerFault.exe	118
4100	1616	WerFault.exe	104
4036	2624	WerFault.exe	72
4260	2084	WerFault.exe	113
4252	1912	WerFault.exe	110
4244	1852	WerFault.exe	101
4276	2060	WerFault.exe	99
4284	2768	WerFault.exe	89
4852	664	WerFault.exe	105
5476	1756	WerFault.exe	115
5848	4024	WerFault.exe	148
5840	1728	WerFault.exe	109
5928	3884	WerFault.exe	144
5936	3580	WerFault.exe	136

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2044	233effc04e0380b06e2868e4fcfd9297.exe
2748	Unicorn-47333.exe
2784	Unicorn-48931.exe
2308	Unicorn-46238.exe
2724	Unicorn-40483.exe
2260	Unicorn-38620.exe
2464	Unicorn-37297.exe
1988	Unicorn-32035.exe
1540	Unicorn-18688.exe
1644	Unicorn-41246.exe
2356	Unicorn-58137.exe
2384	Unicorn-46544.exe
2444	Unicorn-28069.exe
1096	Unicorn-54157.exe
760	Unicorn-17209.exe
108	Unicorn-25377.exe
1548	Unicorn-50504.exe
2284	Unicorn-11609.exe
548	Unicorn-27946.exe
2520	Unicorn-51059.exe
2528	Unicorn-9471.exe
3012	Unicorn-25808.exe
3004	Unicorn-5942.exe
1608	Unicorn-30446.exe
2624	Unicorn-14214.exe
3052	Unicorn-65361.exe
2200	Unicorn-24329.exe
2560	Unicorn-55055.exe
2872	Unicorn-46503.exe
820	Unicorn-61832.exe
1864	Unicorn-16715.exe
1724	Unicorn-24499.exe
2728	Unicorn-65169.exe
756	Unicorn-57364.exe
1532	Unicorn-20245.exe
1528	Unicorn-54671.exe
2532	Unicorn-10685.exe
2892	Unicorn-37048.exe
1936	Unicorn-26742.exe
1932	Unicorn-23212.exe
892	Unicorn-60182.exe
1256	Unicorn-41708.exe
2288	Unicorn-45600.exe
2768	Unicorn-11536.exe
2692	Unicorn-40124.exe
584	Unicorn-64650.exe
1780	Unicorn-52953.exe
1000	Unicorn-52206.exe
2060	Unicorn-41900.exe
2080	Unicorn-9035.exe
1852	Unicorn-43846.exe
2104	Unicorn-15642.exe
1616	Unicorn-12112.exe
664	Unicorn-14826.exe
2176	Unicorn-51905.exe
2636	Unicorn-22248.exe
1068	Unicorn-24411.exe
1728	Unicorn-29901.exe
1912	Unicorn-566.exe
2332	Unicorn-13358.exe
2084	Unicorn-61168.exe
1624	Unicorn-32601.exe
1756	Unicorn-24433.exe
2432	Unicorn-18787.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2748	2044	233effc04e0380b06e2868e4fcfd9297.exe	28
PID 2044 wrote to memory of 2748	2044	233effc04e0380b06e2868e4fcfd9297.exe	28
PID 2044 wrote to memory of 2748	2044	233effc04e0380b06e2868e4fcfd9297.exe	28
PID 2044 wrote to memory of 2748	2044	233effc04e0380b06e2868e4fcfd9297.exe	28
PID 2044 wrote to memory of 2784	2044	233effc04e0380b06e2868e4fcfd9297.exe	29
PID 2044 wrote to memory of 2784	2044	233effc04e0380b06e2868e4fcfd9297.exe	29
PID 2044 wrote to memory of 2784	2044	233effc04e0380b06e2868e4fcfd9297.exe	29
PID 2044 wrote to memory of 2784	2044	233effc04e0380b06e2868e4fcfd9297.exe	29
PID 2748 wrote to memory of 2308	2748	Unicorn-47333.exe	31
PID 2748 wrote to memory of 2308	2748	Unicorn-47333.exe	31
PID 2748 wrote to memory of 2308	2748	Unicorn-47333.exe	31
PID 2748 wrote to memory of 2308	2748	Unicorn-47333.exe	31
PID 2784 wrote to memory of 2724	2784	Unicorn-48931.exe	32
PID 2784 wrote to memory of 2724	2784	Unicorn-48931.exe	32
PID 2784 wrote to memory of 2724	2784	Unicorn-48931.exe	32
PID 2784 wrote to memory of 2724	2784	Unicorn-48931.exe	32
PID 2044 wrote to memory of 2840	2044	233effc04e0380b06e2868e4fcfd9297.exe	30
PID 2044 wrote to memory of 2840	2044	233effc04e0380b06e2868e4fcfd9297.exe	30
PID 2044 wrote to memory of 2840	2044	233effc04e0380b06e2868e4fcfd9297.exe	30
PID 2044 wrote to memory of 2840	2044	233effc04e0380b06e2868e4fcfd9297.exe	30
PID 2748 wrote to memory of 2192	2748	Unicorn-47333.exe	33
PID 2748 wrote to memory of 2192	2748	Unicorn-47333.exe	33
PID 2748 wrote to memory of 2192	2748	Unicorn-47333.exe	33
PID 2748 wrote to memory of 2192	2748	Unicorn-47333.exe	33
PID 2784 wrote to memory of 3040	2784	Unicorn-48931.exe	34
PID 2784 wrote to memory of 3040	2784	Unicorn-48931.exe	34
PID 2784 wrote to memory of 3040	2784	Unicorn-48931.exe	34
PID 2784 wrote to memory of 3040	2784	Unicorn-48931.exe	34
PID 2308 wrote to memory of 2260	2308	Unicorn-46238.exe	35
PID 2308 wrote to memory of 2260	2308	Unicorn-46238.exe	35
PID 2308 wrote to memory of 2260	2308	Unicorn-46238.exe	35
PID 2308 wrote to memory of 2260	2308	Unicorn-46238.exe	35
PID 2308 wrote to memory of 1900	2308	Unicorn-46238.exe	36
PID 2308 wrote to memory of 1900	2308	Unicorn-46238.exe	36
PID 2308 wrote to memory of 1900	2308	Unicorn-46238.exe	36
PID 2308 wrote to memory of 1900	2308	Unicorn-46238.exe	36
PID 2724 wrote to memory of 2464	2724	Unicorn-40483.exe	38
PID 2724 wrote to memory of 2464	2724	Unicorn-40483.exe	38
PID 2724 wrote to memory of 2464	2724	Unicorn-40483.exe	38
PID 2724 wrote to memory of 2464	2724	Unicorn-40483.exe	38
PID 2260 wrote to memory of 1988	2260	Unicorn-38620.exe	37
PID 2260 wrote to memory of 1988	2260	Unicorn-38620.exe	37
PID 2260 wrote to memory of 1988	2260	Unicorn-38620.exe	37
PID 2260 wrote to memory of 1988	2260	Unicorn-38620.exe	37
PID 2724 wrote to memory of 1588	2724	Unicorn-40483.exe	40
PID 2724 wrote to memory of 1588	2724	Unicorn-40483.exe	40
PID 2724 wrote to memory of 1588	2724	Unicorn-40483.exe	40
PID 2724 wrote to memory of 1588	2724	Unicorn-40483.exe	40
PID 2464 wrote to memory of 1644	2464	Unicorn-37297.exe	42
PID 2464 wrote to memory of 1644	2464	Unicorn-37297.exe	42
PID 2464 wrote to memory of 1644	2464	Unicorn-37297.exe	42
PID 2464 wrote to memory of 1644	2464	Unicorn-37297.exe	42
PID 1988 wrote to memory of 1540	1988	Unicorn-32035.exe	41
PID 1988 wrote to memory of 1540	1988	Unicorn-32035.exe	41
PID 1988 wrote to memory of 1540	1988	Unicorn-32035.exe	41
PID 1988 wrote to memory of 1540	1988	Unicorn-32035.exe	41
PID 2260 wrote to memory of 2356	2260	Unicorn-38620.exe	43
PID 2260 wrote to memory of 2356	2260	Unicorn-38620.exe	43
PID 2260 wrote to memory of 2356	2260	Unicorn-38620.exe	43
PID 2260 wrote to memory of 2356	2260	Unicorn-38620.exe	43
PID 2260 wrote to memory of 2256	2260	Unicorn-38620.exe	44
PID 2260 wrote to memory of 2256	2260	Unicorn-38620.exe	44
PID 2260 wrote to memory of 2256	2260	Unicorn-38620.exe	44
PID 2260 wrote to memory of 2256	2260	Unicorn-38620.exe	44

C:\Users\Admin\AppData\Local\Temp\233effc04e0380b06e2868e4fcfd9297.exe
"C:\Users\Admin\AppData\Local\Temp\233effc04e0380b06e2868e4fcfd9297.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18688.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54157.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
        12⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        13⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 384
        13⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 384
        12⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 368
        11⤵
        Program crash
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
        11⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        12⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 384
        12⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 384
        11⤵
        Program crash
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 372
        10⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        11⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe
        12⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        13⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 376
        13⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 384
        12⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 372
        11⤵
        Program crash
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        10⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        11⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        12⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 384
        12⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 384
        11⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 372
        10⤵
        Program crash
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 376
        9⤵
        Program crash
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        10⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        11⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
        12⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 372
        12⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 384
        11⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 380
        10⤵
        Program crash
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 376
        9⤵
        Program crash
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 376
        8⤵
        Program crash
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
        10⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 376
        11⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 372
        10⤵
        Program crash
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 376
        9⤵
        Program crash
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        11⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        12⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 376
        12⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 384
        11⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 368
        10⤵
        Program crash
        
        PID:3540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 376
        9⤵
        Program crash
        
        PID:3476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 376
        8⤵
        Program crash
        
        PID:1700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 380
        7⤵
        Program crash
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50504.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46503.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26742.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39674.exe
        11⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 384
        12⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 372
        11⤵
        Program crash
        
        PID:4008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 376
        10⤵
        Program crash
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        11⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        12⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 384
        12⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 384
        11⤵
        Program crash
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 380
        10⤵
        Program crash
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 376
        9⤵
        Program crash
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
        8⤵
        Executes dropped EXE
        
        PID:1012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 376
        8⤵
        Program crash
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        11⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 384
        11⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 384
        10⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 380
        9⤵
        Program crash
        
        PID:4032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 376
        8⤵
        Program crash
        
        PID:656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 376
        7⤵
        Program crash
        
        PID:436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 376
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        9⤵
        Program crash
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46664.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
        10⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        11⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 380
        11⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 384
        10⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 372
        9⤵
        Program crash
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 376
        8⤵
        Program crash
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe
        10⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        11⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 384
        11⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 384
        10⤵
        Program crash
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        10⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 380
        10⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 384
        9⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 368
        8⤵
        Program crash
        
        PID:3104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 376
        7⤵
        Program crash
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        8⤵
        Program crash
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 384
        9⤵
        Program crash
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 372
        8⤵
        Program crash
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 376
        7⤵
        Program crash
        
        PID:2812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 376
        6⤵
        Program crash
        
        PID:2408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 380
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2256
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:1900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 380
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20245.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
        10⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
        11⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        12⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 376
        12⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 384
        11⤵
        Program crash
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 380
        10⤵
        Program crash
        
        PID:3720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 368
        9⤵
        Program crash
        
        PID:3220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 376
        8⤵
        Program crash
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        10⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 384
        11⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 372
        10⤵
        Program crash
        
        PID:2052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 376
        9⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 376
        9⤵
        Program crash
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 376
        8⤵
        Program crash
        
        PID:3164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 380
        7⤵
        Program crash
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5942.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56960.exe
        11⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 384
        11⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 384
        10⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 372
        9⤵
        Program crash
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 376
        8⤵
        Program crash
        
        PID:3420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 376
        7⤵
        Program crash
        
        PID:1736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 376
        6⤵
        Program crash
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18787.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
        11⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        12⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 380
        12⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 376
        11⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 380
        10⤵
        Program crash
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
        9⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 384
        10⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 372
        9⤵
        Program crash
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 376
        8⤵
        Program crash
        
        PID:1224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 376
        7⤵
        Program crash
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39866.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        11⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 380
        11⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 372
        10⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 372
        9⤵
        Program crash
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 376
        8⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39373.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        10⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 384
        10⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 384
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
        9⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 376
        9⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 384
        8⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 376
        7⤵
        Program crash
        
        PID:2508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 368
        6⤵
        Program crash
        
        PID:1848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 380
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:1588
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 380
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 368
  2⤵
  - Program crash
  PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe

Filesize
184KB

MD5
5523c2faa14421722e8486b6aba0804d

SHA1
d9d5693a01ace62939aa2faf9a818a6af7e1cd7b

SHA256
944d90a8edc163435d8fb8885798a2b004dfef291a7c31f169c12c9c1d6b279d

SHA512
38633f589a2e0072d94be2260b5c81343f3515d529c144bce04396156fed0350ca459612d69e707b5081e53b72219f32af212062ca0845e11c6ce40cf8b9233c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe

Filesize
184KB

MD5
26b19cd9379b5775b73681c767918cf2

SHA1
19899b4862ed43c3af50a0681690c6bb3d04da21

SHA256
0ccbebbe1fc54b55bc74cd1c5275248a7dd6cc71cd04779eb0fcce3765c16bf6

SHA512
9fde8c66759855ef6d8d34634c8faf7e24111860c90a00b3420fa18a80886e063ba1a8f6b4f21eca18ea7f05840ea5e6b5bf3dc4d669eeaf9d45046321688371

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe

Filesize
147KB

MD5
84d64c3da8854a120789f0a195fd3b97

SHA1
28764a6d18813e3eb0d5cdb97a996d178b6baf08

SHA256
79703a46af9aaaca1d99fb88c4dbb6a77a24c573b05a488b56868ee8bcdf6d97

SHA512
f45a9ee4310434182ac525b59a0dfcc3825fcfc6e42d08928473d8559d72b89e0f540c24c8523e4ca3f6999ad0ac7e0ec6e792da9f30c423bceb6565b9dcccaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe

Filesize
106KB

MD5
e3f3436ed90771feda309e4b45179d9e

SHA1
f0359a86d8908867a7c0449f6804adfe02027fde

SHA256
504cbf05fa4febbdb3150365d8dd9be128e7ea4a04bfdbc4d3ec667aa31c682e

SHA512
21461a15fed4b78120b6188a39ae565dc7243339a45e6338363407e5a467f93fac4ca0842ebaf19a11a4409e905fbcd8a9144b98e866f3ed38c2f916442aede3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18688.exe

Filesize
184KB

MD5
100fbb917b36cacb56cb95f0d290fcbe

SHA1
1fcecc2d1b2058b1b69b109a9e165d5498db349a

SHA256
92e09fdb71a2f36cf0c4763668530c314759f67686409aabdf6ab62b36102ab8

SHA512
f5d6bb81dcfd260f3b4f1574fce3faa6a7aa3c6a81182a52a23a70798bef5f983e248ae493d2f5a8cde317b087ba828c9057b8d82452f097c6ce66113437cb9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe

Filesize
184KB

MD5
46020f5cc10c4e780c285e2f3ff89062

SHA1
a79b7cc033c5af84fd22c88ce34df211c2270d7e

SHA256
9e44af097c651cf67ec546b2a74aa0d8df6dbf0c0fe4803f2980080b3efb11ce

SHA512
3c56658b57b216d392e58bff990bde82a7dfbc12d68ccd4c1d4125a7cd1492dcfba8bce7b9cc417eb30adebd5c766faeb7ac00102d971fb86bbff8a10a265d6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe

Filesize
184KB

MD5
714374de431dc27212cb1f9436541a40

SHA1
620585af62bf12c149bc0942375b5151025ff0d6

SHA256
a6ce5866d2810c2f1ad1b80e15ceed9d3a52d2ebe13612d5a4c5f859affca388

SHA512
36f62daa51e76df2f0b2668f6a1b395c9132aa85747d4d1660855fa2738865e108794c7898df757db555062336fc771ed2fbd29c252bf03cb4166355a5fb2a94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe

Filesize
184KB

MD5
1762d627e5f9f8bc900281c2aa010578

SHA1
f2a6bf9ab064c87376ccd3a27573bb6eb0aa6ca2

SHA256
861469e8f8d990f5b6df792489d1f9cea873cb2a59de3714edbbb28eca9e9b78

SHA512
dfcb4b8fc9122bcece3cd8c1c3e7f86d0955ffb6776520928a6f8ef478fabf9cccc566b183775e7bf9f7084c0428265113393240ed41c6d494cef72e43daac89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe

Filesize
27KB

MD5
13077ec442eda4b92c8d65fa194fcf58

SHA1
62917663360457f85359b274ba206ad257aee9aa

SHA256
f147294223ddd9e6968cfeda5fedbebad91153c9a4e7a9bd6fad90eae28355e1

SHA512
190252feba776d8ce8e9feabeb8da37113c56d589531f302240142d1db7d4102beb5843f61558f0de63200a340ac7bad92c00e65b7759a39415768e32d575360

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe

Filesize
184KB

MD5
f495c80859eda336f854665e58c1e3f1

SHA1
3b08fa6c7d40bfb0ee020c35bec0c1a8691eb9a1

SHA256
400f2694b03532a4e369a5cf150b70b5de2b711423c94ea6f3299f2694a20b80

SHA512
40ad4661a30750c5d09620550e77deb76a9b1deb5664551a8399820c86a326cee5787d0400f6f474d5ae2f17e25869b61daa56b6b8a60173ca4c839d07d456dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe

Filesize
184KB

MD5
a5035d5528fea0f5577708d614b01199

SHA1
055e6948012304aff66ce5a5217fac097bf679f5

SHA256
5cddaf56af50ac0e88d8094376db71c31831a2a52b99e22a08df5c3b947e17e2

SHA512
fbf29f155e2b83fd28ce4c98a45ab99704f615e7761a3761dcfe05024860c2126d4b40ce0ae8b85f6e4a4e47e15a801e744e1d72a69597181858e0d5b20cacde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe

Filesize
184KB

MD5
a70409506c42b8a2648fd3e9e0bb0fd8

SHA1
e7cf177a89039c073aef21560d968e9d2cf8bae6

SHA256
cc2d83c2c2bc5abe54ff983b34cd6a0da83d8594c9d5b618ac10d8fd7bb7ff7f

SHA512
518cc62fb55a8d97b3352e2e359a2b7c323fd410ea0c96375b861c09c4c69f5bfc58a88be482ad1f05ff234ba765680695ee5b3ef07cc1a6377ba6a544747ad2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe

Filesize
64KB

MD5
6acf87d3ad77b8fb3cbda302cc57ee2f

SHA1
4243f628c740eab3856cc8ef71931a558e80a0c5

SHA256
3b6f879f9b010d406df117c38e3213a1436a7b5156eb64b271e945743a6603d0

SHA512
146582ad4bec09ed60b3418fcf4c0ec5f066d96451195cb59a94a944c305c0d5d0106a7e1dfba780348da551e45cf3b0fcce841cc10c43b6fbaf9c7a1cc95c56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe

Filesize
184KB

MD5
bcc000ca4d557b2fa751755c8ac64f0a

SHA1
232866fb625ec58ea3c4393efddceecd312d04d5

SHA256
f136541a09d224c43aa5739bc06f9aab0a241c622c05d6f5a133cf7540c81db0

SHA512
57e71b5700d2e964b6e9b95fcdef0d365b1406d2844ae57256ef932e8cc98ac45a32c0d45e338257df6b08d2cf4714a7e30f27e2190ecd0b8b26e77442339094

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe

Filesize
184KB

MD5
e05a1e08173623a57deef8ad718d2a19

SHA1
10b667d8837be32943420447a02e73284828659b

SHA256
ba088e047f86b10f7edcc87ea8c4cb7c9acc4a640b75adf6d36ba8824a5e6abd

SHA512
08ec254852fdea87ae15c9eb080da505ca89f56887da9ffeb758a9ff1eb1d1d354a6dae41e790936bf96c2b6af48be3e715d5885ce4735c1342fd5f756ce31ab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads