ca3dab204250fa8a62468b3bf1bb01c1e10293bfafe7a16df8666b1338d4ee67

Analysis

max time kernel
120s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

871fb8a7a0a0ffdf8743075b047fc730N.exe
Size

468KB
MD5

871fb8a7a0a0ffdf8743075b047fc730
SHA1

1a2a67a5c259083667486e220ad9610d127cbcc4
SHA256

ca3dab204250fa8a62468b3bf1bb01c1e10293bfafe7a16df8666b1338d4ee67
SHA512

a430dea9e7c0c4410e4e36e9f776fe605c23236d1f5eeaf078c7e3164313dfa780800871a8563ff6ea2bb199e6d3d47132e44d6bf2dae30309dd441536be5cd1
SSDEEP

3072:dRmaogBRj28U2bY9PzRyTf8/0DhWlIpZMpHGvTz8H7F+L5jeXglW:dRboiXU2+P9yTf60ZMH7gdjeX

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4876	Unicorn-16364.exe
2320	Unicorn-26800.exe
3580	Unicorn-15102.exe
464	Unicorn-37080.exe
4052	Unicorn-3705.exe
5084	Unicorn-22088.exe
376	Unicorn-18558.exe
3828	Unicorn-7671.exe
2016	Unicorn-32730.exe
2032	Unicorn-52596.exe
2536	Unicorn-52596.exe
1652	Unicorn-32176.exe
960	Unicorn-27827.exe
5108	Unicorn-8226.exe
748	Unicorn-34213.exe
3536	Unicorn-13831.exe
2708	Unicorn-18470.exe
2412	Unicorn-6431.exe
3672	Unicorn-49502.exe
1092	Unicorn-55632.exe
1604	Unicorn-63800.exe
4968	Unicorn-43188.exe
3480	Unicorn-43188.exe
2188	Unicorn-42923.exe
2832	Unicorn-64355.exe
4844	Unicorn-18684.exe
4012	Unicorn-24805.exe
212	Unicorn-60298.exe
1492	Unicorn-49363.exe
3928	Unicorn-13395.exe
4036	Unicorn-62596.exe
2360	Unicorn-42730.exe
1940	Unicorn-64442.exe
2820	Unicorn-25626.exe
3824	Unicorn-65402.exe
2780	Unicorn-55736.exe
5092	Unicorn-26956.exe
4196	Unicorn-3006.exe
2744	Unicorn-39762.exe
3064	Unicorn-2259.exe
2028	Unicorn-2259.exe
2148	Unicorn-30848.exe
2388	Unicorn-30848.exe
3268	Unicorn-10982.exe
2932	Unicorn-34932.exe
3652	Unicorn-10162.exe
728	Unicorn-63520.exe
3696	Unicorn-1802.exe
4704	Unicorn-2067.exe
1348	Unicorn-42138.exe
468	Unicorn-35486.exe
4536	Unicorn-49222.exe
4176	Unicorn-17641.exe
1252	Unicorn-34740.exe
4560	Unicorn-14319.exe
3312	Unicorn-14319.exe
4788	Unicorn-2622.exe
2152	Unicorn-44999.exe
840	Unicorn-58734.exe
4860	Unicorn-27532.exe
3872	Unicorn-35700.exe
3572	Unicorn-35700.exe
3388	Unicorn-35700.exe
1508	Unicorn-3582.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal	OfficeClickToRun.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
15944	15160	WerFault.exe	729
5244	14872	WerFault.exe	720

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2249.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\0018400F3999590B = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000273b68ebf60ea0448ae0d5b372d693460000000002000000000010660000000100002000000011d64899958c4a3592455c0e2df25bbeedcfe03f1d0a33a546849bce8e045253000000000e8000000002000020000000f5f77b9bd12de20f5e066fd57c94685dd1416c2da91c5ccc2e699d330bc49b9c80000000516f1b4c2424a650ac0cb1aec96f974e4ade9b25df35ee32cc0e4c1ffbeeb793a3dfec1064e28c27e6ea971ce586e33581bcb64a7c60229d47e154a61a2eb59cddae42d8d095dbf2a56a8eadd8ab8222fe1c51146ade6d4787632042b3b8204adcfe8af0a6547ad4f639284d04222751816cb80698a033614f48609b5abbf04f400000004d701cdbe477fc132b8777fa77910a81a5cc1c53c87f957e20b430d0a1634ca0c38f58156c6744cfc43e552ff233c034ba9bb1668616a9115fe98f94b03e3d9b	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\VersionId = "uint16_t\|0"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\ApplicationFlags = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.8 = 224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e44796e616d696343616e766173222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224f7574537061636543616e7661735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2250726f677265737355695c22203a207b205c224576656e74735c22203a207b205c22556e6578706f727461626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578706f727461626c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2243616e7661735c22203a207b205c225375624e616d657370616365735c22203a207b205c225765624469616c6f675c22203a207b205c225375624e616d657370616365735c22203a207b205c2242726f777365724576656e7448616e646c65725c22203a207b205c224576656e74735c22203a207b205c224f6e4c6f616465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224e617669676174696f6e48616e646c65725c22203a207b205c224576656e74735c22203a207b205c224f6e4e61766967617465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e457863656c222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436f617574685c22203a207b205c224576656e74735c22203a207b205c224f70656e46696c655c22203a207b205c224576656e74466c61675c22203a203330393632323437343338323231303536207d2c205c22457865637574654d65726765496e7374616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224b69636b4f6666517569636b536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22586c53796e6353746174654368616e67654c697374656e65724f6e53796e6353746174654368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f63734765744f70496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c6f7365576f726b626f6f6b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224261636b67726f756e6451756575655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e4765745265766973696f6e436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e4765745265766973696f6e526573706f6e736552656365697665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f70464275696c644765745265766973696f6e526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b5061636b61676546696c6553746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b5061636b61676546696c6553746f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b456e637279707465644d6574726f46696c6553746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b456e637279707465644d6574726f46696c6553746f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536b697070656443686743656c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243717532674872446f456e74657243656c6c466d6c61584c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c65536176655c22203a207b205c224576656e74735c22203a207b205c225361766541735361766546696c655c22203a207b205c224576656e74466c61675c22203a203330393632323437343338323231303536207d207d207d2c205c22496e6672615c22203a207b205c224576656e74735c22203a207b205c224164644c6f63616c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f6d6d616e645c22203a207b205c224576656e74735c22203a207b205c2252656672657368416c6c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22526566457874446174615c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2243616c635c22203a207b205c224576656e74735c22203a207b205c224669784d616e75616c43616c634f6e4c6f61645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4578706572696d656e746174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224564676546657463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164696e67466972737453657373696f6e43616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744665617475726573466f72534458556e65787065637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224142436f6e66696754726561746d656e7454797065556e65787065637465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e457874656e736962696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22446973636f7665725472794275795c22203a207b205c225375624e616d657370616365735c22203a207b205c2250795c22203a207b205c224576656e74735c22203a207b205c2253657276657244726976656e4e6f74696669636174696f6e55736572416374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253657276657244726976656e4e6f74696669636174696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224f66666963654a735c22203a207b205c224576656e74735c22203a207b205c22417070436f6d6d616e64446566696e6974696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070496e697469616c697a6174696f6e585c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225363726970744c6f6164585c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436174616c6f675c22203a207b205c224576656e74735c22203a207b205c2245786368616e67654765744c617374557064617465325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22547279446973636f76657245777355726c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245786368616e67654765744c6173745570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254727948616e646c6541757468656e7469636174696f6e526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245786368616e6765476574456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786368616e67654765744d616e6966657374735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786368616e676552656672657368457874656e73696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2241757468656e7469636174696f6e526963684170695c22203a207b205c224576656e74735c22203a207b205c22476574416363657373546f6b656e56324261636b67726f756e645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574416363657373546f6b656e56324d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574416363657373546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247657441757468546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22496e7374616c6c65725c22203a207b205c225375624e616d657370616365735c22203a207b205c225461736b456e67696e655c22203a207b205c224576656e74735c22203a207b205c224765744368616e676564536f6c7574696f6e735461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744368616e676564536f6c7574696f6e735461736b5265676973746572536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b52656769737465724e65757472616c5061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b5363686564756c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b526567697374726174696f6e4572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b537563636573735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b496e46696e616c697a655374617465457863657074696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b536574496e7374616c6c5374617475734572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b61676541707078457874726163746f725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b6167655265717565737465725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b6167655265717565737465725461736b53657276696365526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b446573747275637465644265666f7265436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b436f6d706c6574656446657463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b496e7374616c6c6564417070735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b4170704665746368446f6e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b61676553617665725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578705061636b616765526567697374726174696f6e496e666f5461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b616765536f6c7574696f6e49445570646174655461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578747261637446696c6573546573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245787472616374466f6f747072696e7446696c6573546573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b52756e4e657874457863657074696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f73664d616e696665737456616c696461746f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224765744368616e676564536f6c7574696f6e735461736b52656769737465724c6f63616c655061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c476574436f6e66696755726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253636176656e6765725461736b436c656172526567697374726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b5265676973746572536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b52656769737465724e65757472616c5061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b52656769737465724c6f63616c655061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b4c6f63616c65556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b5061636b616765556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253636176656e6765725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253636176656e6765725461736b436c656172526567697374726174696f6e4661696c65645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d61696e5c22203a207b205c224576656e74735c22203a207b205c225344584261636b67726f756e645461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c65725374617274436f6d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c657253746172744e6f74434f4d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c657253746172744d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c5363686564756c655461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c53687574646f776e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744e6574776f726b436f737454696d656f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744e6574776f726b436f737453657276696365556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d2c205c224576656e74735c22203a207b205c225061636b61676541707078457874726163746f725461736b5061636b616765496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253616e64626f785c22203a207b205c224576656e74735c22203a207b205c22506f73744f7366436f6e74726f6c4d6573736167655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f445041637469766174696f6e48616e67696e675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253616e64626f784372656174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654f7366436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225365744f4d546f6b656e4f6e54726964656e74486f73745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657454726964656e74486f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f445053686f775461736b70616e65436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654f7366436f6e74726f6c56325c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552656d6f7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61644d616e69666573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656c6f6164416c6c4f7366436f6e74726f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265737461727452656d6f7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265737461727453616e64626f7865735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746172744f7366436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22417070436f6d6d616e64735c22203a207b205c224576656e74735c22203a207b205c22526962626f6e5847656e657261746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070436d6450726f6a656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616368	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|10"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.3 = 456e61626c6557616d54656c656d65747279426c6f62222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e456e7375726550726f66696c65466f725072696d6172794964656e746974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e49676e6f726544697361626c654144414c61746f7057414d4f76657272696465466f725075726557414d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e53706f41757468436f6e74657874456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e5573654964656e7469747943726564656e7469616c734661696c757265496e666f222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e55736553706f436f6f6b696546726f6d53616d6554656e616e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72436f6e73756d657273222c20225622203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302e302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72534d42222c20225622203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302e302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c6547726163655769746857414350726f6d6f427573426172222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c654d6f6465726e41464f222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e486561727462656174446179734265666f726545787044617465222c20225622203a2022696e7433325f747c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e747353656c6653657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e74735472794275794578706572696d656e7454726561746d656e74222c20225622203a2022696e7433325f747c3222207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e53686f77564e6578745369676e4f75744469616c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564436f6e666967446570726f766973696f6e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564476574557365724c6963656e7365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e436c6f7564506f6c6963792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e54656e616e744173736f63696174696f6e4b65792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e5573654f637073563255726c496e57696e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4e616e63794f66666963655465616d2e7a686574616e34313232303231222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b45777353657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b4f6d657853657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e44697361626c6557696e646f7745787465726e616c436c6f73655364784469616c6f67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e496e766f6b6546657463684d616e696665737443616c6c6261636b4f6e446f776e6c6f61644d616e6966657374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e557365436c6f6e6564496e7374616e6365466f724572726f72222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e56616c6964617465446f776e6c6f61645265736f7572636573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4469616c6f6754776f5761794d6573736167696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e456e61626c654d696e43616368655265667265736820222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4964656e746974794361636865466f72636552656672657368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4f7366496e7374616c6c6572526567697374657242675461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e746974794d696e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e74697479526962626f6e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e5765624b69743246756c6c4469616c6f67415049222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e536574436f6e6e656374496e7465726e616c5570646174654576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e556e68616e646c6564457863657074696f6e4576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6172742e456e61626c65416972537061636547726f757044726167466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6172742e456e61626c65496e736572744d6564696154656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4170706c652e43576f726b73706163655573657255736555726c46726f6d526177556e69636f6465537472696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4368616e6765476174652e53686f77494150456e747279222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e44656570426174636853746f7265456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e52656e6465725570646174656457696e333252656458222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e53686f756c645573654e6574436f7374496e73746561644f664d736f426c6f636b696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e4c6173744d696c6554656c656d6574727954726163657274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e417474656d70744f75746c6f6f6b41757468466f7250726f66696c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e427567466978466f7255736572486561646572496e4964656e7469747941757468222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e4c696e6b6564496e4b32466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e5063784a756e65323031394275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33363134383230222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393039323635222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393435323833222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5043582e526970636f72642e56534f2e33363432383036222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e426c6f636b696e6757616974732e4f737250726f63657373222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e4368616e6765476174652e586c426f6f74436f6d706c657465416674657246696c654f70656e416e6453706c61736853637265656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c65476574496e736967687473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c6553656e645369676e616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e557365476574496e736967687473466c6f77466f724665746368696e67476f7665726e616e636544617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e436865636b56696577496e536c6964654a616e69746f724f62736572766572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e466f726365536f6674776172654d696e69617475726552656e646572696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e4d657267652e5573655468726f77696e674c69666567756172645374657073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e536c69646553686f772e52656c65617365536c69646553686f774d616e616765724265666f726547667853687574646f776e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e48616e646c65434c524372617368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e53756767657374696f6e732e456e61626c65436f6e74656e745265636f6d6d656e646174696f6e4974656d73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e744f6e6c696e652e4175676c6f6f702e436f70696c6f742e5354466978656450726573466f724e6f546f706963466f72416c6c54656d706c61746573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443325253657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e434c502e5570646174655374617475734261724f6e50726f66696c65537769746368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e43656e7472616c697a6564457874656e73696f6e536166657479436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e49524d2e5758505644697361626c654c6f616454656d706c617465734f6e426f6f74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4973457874656e73696f6e496e4c697374557064617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4d6f6e69746f72656446696c65457874656e73696f6e4c697374222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e50726f74656374696f6e536572766963652e4e657755784d6f64656c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e53686f756c6452756e436c6f75645365637572697479506f6c696379436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e5573654e6f526566436f756e74416d736953747265616d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e436c6f7564222c20225622203a20227374643a3a77737472696e677c5075626c696322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e46617374465445222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d53495442697a63686174416c6c6f776c697374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d6f636861222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4f584f416c6c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e50657270657475616c4c6963656e7365222c20225622203a20227374643a3a77737472696e677c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e5365676d656e74222c20225622203a20227374643a3a77737472696e677c4e4f4e4652444322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e56657273696f6e506172746974696f6e222c20225622203a20227374643a3a77737472696e677c57696e3332416e64726f6964486f7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e576f7264436f70696c6f74446f67666f6f64222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e416c6c6f775a65726f4c656e677468536561726368537472696e67222c20225622203a2022626f6f6c7c3122207d2c207b	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.12 = 224275736261725468656d6553656c656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c656d65747279222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436c69656e7453616d706c696e674f76657272696464656e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253797374656d4865616c74684d657461646174614e6574776f726b436f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224576656e7451756172616e74696e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164586d6c52756c65735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737349646c6551756575654a6f625c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22466c7573684576656e744275666665725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2254656c656d6574727953656e74696e656c56616c75655c22203a207b205c224576656e74466c61675c22203a2030207d207d2c205c224c6f636b65645c22203a2066616c7365207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c6c4d65222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c6c4d655741435c22203a207b205c224576656e74735c22203a207b205c225175657279526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54657874222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c225265736f75726365436c69656e745c22203a207b205c224576656e74735c22203a207b205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656164466f6e74456c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250757267654d756c7469706c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561645265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257726974655265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22474449417373697374616e745c22203a207b205c224576656e74735c22203a207b205c225265676973746572436c6f7564466f6e7443616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c6543616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22466f6e744d616e6167657244657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464436c6f7564466f6e745265736f757263655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22466f6e74537562737469747574696f6e5c22203a207b205c224576656e74735c22203a207b205c22436f6c6c656374466f6e74537562737469747574696f6e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5472616e736c61746f72222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22416c7465726e6174655472616e736c6174696f6e735265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6e7465787475616c53756767657374696f6e734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745465787453656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c61746564466565646261636b547269676765725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e43616e63656c6c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e53756767657374696f6e436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676541646465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676552656d6f7665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6963726f666565646261636b566f746553656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6f786d6c5472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e6773436c6f7365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e67734f70656e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546172676574537761707065645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546578744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546172676574446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546172676574546578744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546578745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e496e7365727465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e4c616e6775616765734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e5461624368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416c7465726e6174655472616e736c6174696f6e4578616d706c655265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416c7465726e6174655472616e736c6174696f6e436f706965645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464496e4c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5558222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436f6c6f725069636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d696e67536f6f6e54435348574e445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6f46696c65457874656e73696f6e49636f6e4d617070696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c225344585c22203a207b205c225375624e616d657370616365735c22203a207b205c224d65436f6e74726f6c5c22203a207b205c224576656e74735c22203a207b205c22547261636b65645363656e6172696f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c225465616368696e6743616c6c6f75745c22203a207b205c224576656e74735c22203a207b205c225465616368696e6743616c6c6f7574416c726561647953686f776e4d617854696d65735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465616368696e6743616c6c6f7574416c726561647953686f776e5468697353657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465616368696e6743616c6c6f7574546f6f4d616e7953686f776e5468697353657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2244796e616d69634470695c22203a207b205c224576656e74735c22203a207b205c22446973706c6179546f706f6c6f6779456e756d65726174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446973706c6179546f706f6c6f67794368616e6765645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22446f63756d656e745265636f766572795c22203a207b205c224576656e74735c22203a207b205c22496e76616c696461746550616e65735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22546f6f6c746970735c22203a207b205c224576656e74735c22203a207b205c2253686f77546f6f6c7469705c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416e63686f7252656769737472795c22203a207b205c224576656e74735c22203a207b205c224765744f72437265617465416e63686f7252656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22526962626f6e546162735c22203a207b205c224576656e74735c22203a207b205c22526962626f6e5461624163746976617465645f466c6f6f64676174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e576f7264222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224544505c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e744964656e746974794368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f6f66696e675c22203a207b205c224576656e74735c22203a207b205c2250726f6f66696e674e6f50726f6f66526567696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225453706c4c6f61644c6962726172795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c6f75645370656c6c6572436865636b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6f50726f6f6652756e4469666665727346726f6d5061726150726f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c617373696669636174696f6e4372697469717565526573706f6e7365506572664d61704578636565645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224772616d6d6172436865636b657243616c6c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22536176655c22203a207b205c224576656e74735c22203a207b205c22436d64446f53617665446f63436f7265436f6d6d616e64416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436d64446f53617665446f63436f7265416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22464d617953746172745472616e73616374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224669726553746174654f664175746f536176654f6e436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456964456e737572654f70656e466f72536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2242475361766546616c6c6261636b546f46475c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22576f72645c22203a207b205c225375624e616d657370616365735c22203a207b205c22426f6f745c22203a207b205c225375624e616d657370616365735c22203a207b205c2254696d696e675c22203a207b205c224576656e74735c22203a207b205c22446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22426f6f745c22203a207b205c224576656e74735c22203a207b205c22416464696e4d6f6e69746f7256616c6964617465426f6f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e44697361626c65644469616c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e4d6f6e69746f7256616c6964617465426f6f74325c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c654f70656e5c22203a207b205c224576656e74735c22203a207b205c22464e4d45696453657446726f6d5873747a46747970466e6d4469725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e697469616c697a6542696e6172794261636b696e6753746f72654361636865735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22576f72644d61696c5c22203a207b205c224576656e74735c22203a207b205c2248724c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872536176655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f6354696c696e675c22203a207b205c224576656e74735c22203a207b205c2254696c696e6749646c6542756e646c654576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c654865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c654669726542756e646c65644576656e74735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e7456696577476574456e756d657261746f724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e7456696577446973636f6e6e6563745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e745669657753696e6b52656769737465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e745669657753696e6b556e72656769737465725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f417574686f72696e675c22203a207b205c224576656e74735c22203a207b205c224f6373446f776e6c6f6164526566557064617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244796e616d696353617665496e697469616c496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22507573684f70526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22507573684f70436f6d706c657465645374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2254687265655761794d657267655c22203a207b205c224576656e74735c22203a207b205c22435254435265766572745265706c61794b706f7353636f70654475726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c65536176655c22203a207b205c224576656e74735c22203a207b205c22436d645361766546696c65436f7265325c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2255494d5c22203a207b205c224576656e74735c22203a207b205c224655494d426567696e556e646f4265666f726546426567696e556e646f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224655494d426567696e556e646f416674657246426567696e556e646f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224163636573736962696c6974795c22203a207b205c224576656e74735c22203a207b205c22416363436865636b657256696f6c6174696f6e547970655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2247726170686963735c22203a207b205c224576656e74735c22203a207b205c2245326f496e666f466f72446f63756d656e74436f6e7461696e696e674475706c696361746541727469645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446961676e6f737469635c22203a207b205c224576656e74735c22203a207b205c22496e636f73697374656e74526561644f6e6c79446f6350726f70657274795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22547261636b4368616e6765735c22203a207b205c224576656e74735c22203a207b205c22557463547261636b4368616e67657341646465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2255736572507265666572656e63655c22203a207b205c224576656e74735c22203a207b205c225365744972665c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e4368616e6765476174652e4361636865456e726963686d656e74416363657373546f6b656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.11 = 4e554c56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2256616c696461746553657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e4665617475726543616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22506572666f726d4c6963656e73696e674e6f74696669636174696f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224c5655585c22203a207b205c224576656e74735c22203a207b205c224e6f456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c224e6f456e7469746c656d656e74734578706572696d656e74547269676765725c22203a207b205c224576656e74466c61675c22203a203439343038207d207d207d2c205c224f6666696365436c69656e744c6963656e73696e675c22203a207b205c224576656e74735c22203a207b205c224c6963656e7365436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6567616379416374697669747953756363657373436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c656761637941637469766974794661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c69656e745c22203a207b205c224576656e74735c22203a207b205c224653686f756c6441637469766174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224865617274626561745c22203a207b205c224576656e74735c22203a207b205c22577269746543616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265616443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246756c6c56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f706572746965735c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f6b656e697a654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224272616e64696e675c22203a207b205c224576656e74735c22203a207b205c2247657441707056616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f6475637456616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253686f756c645573654d6963726f736f66743336354272616e64696e675c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2254656e616e745c22203a207b205c224576656e74735c22203a207b205c22496e697454656e616e7449645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224e756c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22466574636865725c22203a207b205c224576656e74735c22203a207b205c224765744e756c4f626a656374466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684d6f64656c46726f6d4f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744c6963656e73654665617475726573466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552657175657374426f64795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f64656c5c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574416c6c4c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225061727365526177526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e46656174757265526573756c74735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224d6f64655c22203a207b205c224576656e74735c22203a207b205c224765744d6f64655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224170695c22203a207b205c224576656e74735c22203a207b205c22437265617465526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656365697665526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2247657453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574556e766572696669656453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656e616d6546696c65546f55736555706461746564486173685c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c696461746f725c22203a207b205c224576656e74735c22203a207b205c224d61746368696e67486172776172656449645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22466c6f77735c22203a207b205c224576656e74735c22203a207b205c22536561726368466f72534341546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4d6f786965222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74466c61675c22203a203438383936207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f6666696365222c20225622203a20227374643a3a77737472696e677c7b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224e61747572616c4c616e67756167655c22203a207b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224372697469717565735c22203a207b205c224c6f636b65645c22203a2066616c73652c205c224576656e74735c22203a207b205c2250726f636573734175676c6f6f704372697469717565735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f636573734175676c6f6f7041646443726974697175655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f75746c6f6f6b222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224465736b746f705c22203a207b205c225375624e616d657370616365735c22203a207b205c2253796e635c22203a207b205c224576656e74735c22203a207b205c2253796e6350757267654f66666c696e654974656d735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2256696577735c22203a207b205c224576656e74735c22203a207b205c224872566965774c6f6164436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22566965774d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e506572666f726d616e6365222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22506572665363656e6172696f5c22203a207b205c224576656e74735c22203a207b205c2253636f70655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e506572736f6e616c697a6174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2246696c65496e736967687443616368654d616e616765725c22203a207b205c224576656e74735c22203a207b205c2250757267654578706972656443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225369676e616c50726f636573736f725c22203a207b205c224576656e74735c22203a207b205c2253656e645369676e616c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e50726f6772616d6d6162696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c656d657472795c22203a207b205c224576656e74735c22203a207b205c22446e61416464496e4c6f6164586c6c46696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f616445787465726e616c446c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f6164446e6146696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e43726173685c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416464696e735c22203a207b205c224576656e74735c22203a207b205c22417070416464496e4c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070416464496e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e446f634c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7465726e616c536574436f6e6e6563745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5365637572697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22506f6c696379546970735c22203a207b205c224576656e74735c22203a207b205c224d616e61676572436f6e74696e7565436c617373696669636174696f6e436c6173736966794368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c617373696669636174696f6e436c6173736966794368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436c705c22203a207b205c224576656e74735c22203a207b205c224c6162656c55736167655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f7574636f6d6555736167655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f66666963654a534765744c6162656c44657461696c735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436c70506f6c696379466574636843616c6c4261636b537563636573735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d616e6461746f72794c6162656c6c696e674469616c6f675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c4765744c6162656c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c5365744c6162656c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c506f6c696379436f6d706c657465496e697469616c697a655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253656c6563744a757374696669636174696f6e4f7074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253656e7369746976697479466c796f7574416e63686f72547261636b416e645265766f6b65427574746f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225265676973746572446f63756d656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2246657463684c6162656c7346726f6d5365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657444656661756c744c6162656c49445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744c6162656c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744f7574636f6d6573466f724c6162656c4368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f6e506f6c6963794d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f6e5265706c79466f72776172645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f70656e48656c7065725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f506f6c6963794d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f4c6162656c416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f46696c65416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6162656c696e67457870657269656e63655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224164644c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656d6f76654c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c705c22203a207b205c224576656e74735c22203a207b205c22446b6550726f746563746564436f6e74656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6163726f5c22203a207b205c224576656e74735c22203a207b205c22426c6f636b4d6163726f46726f6d496e7465726e6574506f6c69637953657474696e675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e636f756e74657265645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e61626c65645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2246696c65426c6f636b5c22203a207b205c224576656e74735c22203a207b205c2246696c65426c6f636b496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224f43585c22203a207b205c224576656e74735c22203a207b205c2254727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e6f6e54727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22416363657373456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22426c6f636b6564657874656e73696f6e735c22203a207b205c224576656e74735c22203a207b205c2246696c65457874656e73696f6e4c69737446726f6d536572766963655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22536563757265526561646572486f73745c22203a207b205c224576656e74735c22203a207b205c224f70656e496e4f53525c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d2c205c224576656e74735c22203a207b205c22436c70547279557067726164654c6162656c4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54617267657465644d6573736167696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t\|1725662319"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|2"	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.10 = 205c22446f63756d656e74536861726555726c5c22203a207b205c224576656e74735c22203a207b205c22556e7061636b536861726555726c416e6448616e646c65526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e556e7061636b55726c436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486c696e6b5c22203a207b205c224576656e74735c22203a207b205c224d736f4872486c696e6b43726561746546726f6d537472696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d534f5c22203a207b205c224576656e74735c22203a207b205c22434d736f4f4c446f634e657744657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f63616c446f63756d656e74496e666f557073656c6c4576656e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f63616c446f63756d656e74496e666f466c796f757444726f707065645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c65417574684661696c7572655f5573654578697374696e6743726564735f47656e657269634661696c7572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f4f4c446f6342617365476574504b4d436c69656e7445785c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f536572766572496e666f476574536572766572496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745265636f766572794872476574447270436f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745265636f766572794d736f4872426567696e4d6f646966794472705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225469746c654261725361766555694d616e616765725772697465537461747573546f5469746c654261725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164437369446c6c466f72436c69636b3252756e456e7669726f6e6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2249735365727665724361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d616e75616c5361766555736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c6553746f72655c22203a207b205c224576656e74735c22203a207b205c22465344436f7272757074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2247617262616765436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225a65726f4279746546696c6555706c6f6164417474656d707465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2252756e74696d6550726f706572746965735c22203a207b205c224576656e74735c22203a207b205c22496e636f6d70617469626c6543736956657273696f6e44657465637465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224f66666963655c22203a207b205c225375624e616d657370616365735c22203a207b205c2246696c65494f5c22203a207b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f707469637356325c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6f6373695c22203a207b205c224576656e74735c22203a207b205c22557064617465486f73745469705c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4772617068696373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22415243457863657074696f6e53636f70655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2245326f5669657752656e646572506572666f726d616e636541637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224172745669657756616c69646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f6669745368617065546f54657874436d645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f704c6576656c456666656374447261775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654269746d617046726f6d506c6174666f726d4269746d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e6b496e70757453757266616365426173655570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e53696d706c65506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224776697a536d61727441727450726f7065727469657354656c656d657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746544657669636544334431305c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22537065637472655472616e73636f646541637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e73657274496e646976696475616c4d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61646564496d61676550726f706572746965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e736572744d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22537065637472654372656174655363656e6541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d6f64656c334452656e64657241637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4964656e74697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22456e7375726550726f7669646572496e697465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574506572736f6e50726f66696c6553657475705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224964656e74697479536e617073686f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f7669646572466f7241757468536368656d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794964656e74697479506172656e744d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526f616d696e6750726f7879496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564437265645265667265736846726f6d53746f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561644f6e6546726f6d43726564656e7469616c4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22435265616453796e635461736b52756e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f6d61696e4a6f696e65644f72436c6f7564446f6d61696e4a6f696e656453657373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744164616c416363657373546f6b656e46726f6d4372656450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6e666967546f6b656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574426c6f636b696e67536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f70756c617465536572766963654d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657441757468656e74696361746564536572766963655469636b65745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526566726573684964656e7469746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765745365727669636555726c466f7246656465726174696f6e50726f7669646572416e616c797369735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365727669636555726c5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637175697265536572766963655469636b6574466f724144414c5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2253697465735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e496e736967687473222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436163686546696c654e6f7456616c69645c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d616c69645c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c224163746976697479715c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224163746976697479735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573345c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573365c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573375c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573385c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573395c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265667265736843616368656446696c65735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61645265736f757263655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241757468656e7469636174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526573756c7447726f7570546f52656e6465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64576562536f636b6574526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22576562536f636b657450696e67506f6e674c6174656e63795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446961676e6f737469635c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2238564d65686c6c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22356b69614b3747426b7a505746675c22203a207b205c224576656e74735c22203a207b205c22373139305c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c22385c22203a207b205c225375624e616d657370616365735c22203a207b205c227a424b387872415553554e52497859484e4b55415c22203a207b205c224576656e74735c22203a207b205c22393133335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d644d617463685c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c2241637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d68633863674f6a46515c22203a207b205c224576656e74735c22203a207b205c22383635335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22556952756e74696d655c22203a207b205c224576656e74735c22203a207b205c22437265617465576562536f636b65745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250726f636573735265717565737451756575655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e74656e745365727669636550726f78794f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4c6963656e73696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224c6963656e73696e67427573626172416374696f6e5c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c22487244697370617463685375625461736b53746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253617665416c6c536b75696473546f52656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257616974546f52657472794865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536561726368466f7253657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|6"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigIds = "std::wstring\|P-R-1098158-1-5,P-R-76757-1-2,P-R-54903-1-3,P-R-26146-7-17,P-D-29635-1-1,P-D-27087-1-9,P-R-79688-1-3,P-R-53532-1-5,P-R-51436-1-6,P-R-51427-18-12,P-R-40464-18-9,P-X-98518-6-9,P-R-38390-18-21,blockedgraphicsadapter5:475899,P-R-35099-2-4,P-R-61408-18-3,P-R-55746-2-5,P-R-53512-1-4,P-R-46974-18-18,P-R-38953-1-11,P-R-36551-18-18,P-R-71414-1-6,P-R-40253-6-19,P-R-40254-6-18,P-R-35401-6-7,P-R-32107-22-22,P-R-39146-14-15,P-R-39147-14-20,P-R-28546-6-11,P-R-28165-6-28,P-R-24980-8-48,P-R-24390-5-12,P-R-18279-2-65,P-D-34200-4-5,P-R-51145-2-7,P-R-29928-2-20,P-R-67932-1-4,P-R-67201-1-4,P-R-64545-1-4,P-R-64035-1-4,P-R-53515-18-9,P-R-53280-1-6,P-R-52247-1-5,P-R-51958-1-5,P-R-51842-1-5,P-R-51277-2-6,P-R-47451-18-20,P-R-45919-18-19,P-R-45085-18-12,P-R-41442-18-18,P-R-38085-12-9,P-R-18744-6-22,P-D-34239-1-6,P-R-1034169-10-7,P-E-28677-C1-3,P-R-55122-8-8,P-R-50255-10-9,P-R-44907-1-9,P-R-45314-10-16,P-R-44965-2-6,P-X-1240823-1-3,P-E-38231-C1-4,P-R-1245662-15-4,P-R-94560-14-12,P-R-94189-14-13,P-R-93882-14-26,P-R-54728-16-23,P-R-54698-16-16,P-R-54658-18-19,P-R-38306-18-3,P-R-35717-5-30,P-R-34019-4-3,win32devicecanary:541483,win32devicecanary:541483,P-X-53845-1-9,P-X-53772-1-3,P-X-51790-1-3,P-R-1025232-24-9,P-R-71358-1-4,P-R-70941-1-4,P-R-69065-1-3,P-R-67160-1-7,P-R-59781-1-4,P-R-55631-1-4,P-R-54215-1-4,P-R-53751-1-4,P-R-53752-1-4,P-R-53526-1-4,P-R-52110-1-4,P-R-49765-15-32,P-R-48818-17-25,P-R-50679-1-4,P-R-50486-18-12,P-R-44830-18-13,P-R-49416-4-14,P-R-48457-2-6,P-R-47974-16-18,P-R-46544-18-11,P-R-45609-14-6,P-R-45197-2-6,P-R-44046-18-11,P-R-44015-18-20,P-R-43723-2-6,P-R-41742-18-32,P-R-40980-18-16,P-R-40359-2-10,P-R-39029-5-18,P-R-38835-18-48,P-R-37676-18-46,P-R-36310-4-5,P-R-35945-10-5,P-R-35165-2-7,P-R-35143-4-4,P-R-33553-4-6,P-R-33536-12-13,P-R-29809-1-7,P-R-26968-3-9,P-R-18425-8-62,P-R-18426-5-30,P-R-18424-4-34,fiser190:377704,happy03172020-1:61977,happy02062020-0:28428,P-R-53545-4-5,P-R-50711-18-11,P-R-49736-6-22,P-R-48467-18-18,P-R-32106-7-33,P-R-30085-1-9,P-R-29138-38-83,P-R-29315-36-69,P-R-25009-1-8,P-R-24363-1-13,P-R-21631-10-64,P-R-19898-1-22,P-R-19814-1-62,P-R-19012-1-57,P-X-50220-1-3,P-X-49730-1-3,P-R-69347-1-5,P-R-64574-1-4,P-R-54116-1-4,P-R-53585-18-18,P-R-52594-18-5,P-R-52386-1-4,P-R-50980-2-4,P-R-50938-1-4,P-R-50152-18-20,P-R-49175-18-22,P-R-47260-18-23,P-R-44156-18-26,P-R-43284-18-19,P-R-43285-12-22,P-R-42482-1-4,P-R-40990-12-15,P-R-39333-18-28,P-R-35439-12-21,P-R-33215-18-19,P-R-31352-12-25,P-D-34269-2-5,gruse488:570358,grico406:19777,P-R-49830-18-15,P-R-40586-18-27,P-R-32996-18-24,P-D-40316-9-5,P-R-50429-18-8,P-R-65295-18-30,P-R-61861-1-4,P-R-61737-1-4,P-R-51777-18-8,P-R-50920-1-6,P-R-50366-18-19,P-R-35985-14-23,P-R-35891-18-5,P-R-32004-2-5,P-X-1276509-1-5,P-R-1280425-13-17,P-R-68336-2-4,P-R-67286-2-6,P-R-51513-2-4,i0d76970:598689,P-R-79963-1-2,P-R-52043-1-3,P-R-51764-1-4,P-R-49388-2-6,P-R-48335-4-16,P-R-47308-3-9,P-R-42392-2-4,P-R-39073-1-5,P-R-1123376-10-12,P-R-1009855-12-14,P-R-98856-18-48,P-R-43489-30-15,P-R-38410-12-23,P-X-1291246-2-3,P-X-1019581-1-3,P-X-1006174-1-5,P-R-66436-1-4,P-R-62873-1-4,P-R-51097-1-5,P-R-50706-18-7,P-R-50055-18-7,P-R-49315-18-5,P-R-42660-18-35,P-R-36649-8-9,ch371179:600396,oemic639:397753,oeall843:375887,P-R-42379-2-3,P-R-42378-2-3,P-R-66539-1-4,P-R-66538-1-4,P-R-65278-1-4,P-R-65279-1-4,P-R-59180-1-4,P-R-48070-1-5,P-R-47386-1-4,P-R-55342-2-2,P-R-53377-2-6,P-R-52481-2-5,P-R-49759-2-8,P-R-46100-20-9,P-R-38510-2-10,P-R-37550-20-13,P-R-32186-28-29,P-R-58135-2-4,P-R-56618-1-3,P-R-56027-1-4,P-R-46145-18-18,P-R-33892-1-8,P-R-33696-1-5,P-R-55749-1-4,P-R-53662-1-4,P-R-52246-1-4,P-R-52245-1-4,P-R-52238-1-5,P-R-43644-6-13,P-R-39912-1-2,P-R-39283-4-10,P-R-50380-18-18,P-R-50379-18-17,P-R-68146-1-5,P-R-63409-1-5,P-R-50542-18-14,P-R-50500-18-16,P-R-48365-18-24,P-R-48161-18-32,P-R-46597-1-4,P-R-33737-1-4,P-E-29662-2-3,P-R-29303-2-20,P-R-56654-2-4,P-R-53256-2-11,P-R-51703-1-5,P-R-50133-2-9,P-R-47242-18-11,P-R-46410-1-5,P-R-45550-C17-46,P-R-45490-16-9,P-R-44885-18-20,P-R-42512-1-3,P-R-40169-8-13,P-R-39700-2-7,P-R-37313-18-22,P-R-36664-4-4,P-R-35476-2-5,P-R-35407-4-3,P-R-35237-14-11,P-R-35150-2-4,P-R-35129-2-4,P-R-35056-4-5,P-R-34889-8-4,P-R-34044-2-4,P-R-33718-6-5,P-R-33459-1-5,P-R-33188-18-14,P-R-30292-4-7,P-R-28644-1-4,P-R-24037-1-7,P-R-23445-3-7,P-R-23434-3-7,P-R-23403-3-8,P-R-18513-1-30,P-D-34699-4-4,P-D-34697-2-4,P-D-34675-1-4,P-D-34673-1-4,P-D-34654-1-4,P-D-34587-3-5,P-D-34266-1-4,P-D-34262-1-5,P-D-34260-1-5,P-D-34258-2-5,P-D-32465-1-5,P-D-32459-2-4,P-D-32458-5-4,P-X-1083427-2-5,P-R-69529-1-5,P-R-65011-1-3,P-R-53622-18-4,P-R-50541-2-7,P-R-49893-22-9,P-R-36932-2-13,jh8ab447:380633,P-R-69232-18-13,P-R-23681-2-7,P-D-32502-2-3,P-D-32501-2-3,P-D-32415-2-3,P-R-64513-18-11,P-R-51916-84-31,P-R-38248-20-26,P-R-1286642-1-3,P-R-1280186-1-3,P-R-1267084-2-5,P-R-1258784-3-5,P-R-1245296-4-6,P-R-1236953-3-5,P-R-1157570-2-4,P-R-1132821-2-4,P-R-1119013-1-3,P-R-1098796-1-3,P-R-1094445-1-3,P-R-1080412-1-3,P-R-1069769-2-4,P-R-1068115-1-3,P-R-1045118-2-4,P-R-25269-14-21,P-R-1044408-1-3,P-R-1044141-7-9,P-R-1037887-1-3,P-R-1037879-1-3,P-R-1036293-1-3,P-R-1036292-1-3,P-R-1036289-2-4,P-R-1036288-1-3,P-R-1036068-2-4,P-R-1035933-2-4,P-R-1035149-2-4,P-R-1033817-1-3,P-R-1028168-1-3,P-R-1009717-3-5,P-R-1000061-2-4,P-R-117548-2-4,P-R-111682-1-3,P-R-105731-36-38,P-R-104435-13-15,P-R-100294-1-3,P-R-99633-1-3,P-R-98929-2-4,P-R-98250-1-3,P-R-94299-1-3,P-R-93077-1-3,P-R-86118-1-3,P-R-80517-7-9,P-R-78112-4-6,P-R-77140-2-4,P-R-76918-2-4,P-R-76721-1-3,P-R-75440-2-4,P-R-73676-1-3,P-R-72449-7-10,P-R-72030-4-6,P-R-68069-2-4,P-R-66975-1-3,P-R-65567-1-3,P-R-62212-2-4,P-R-60602-3-5,P-R-52633-1-3,P-R-52171-2-4,P-R-52011-2-4,P-R-51921-8-10,P-R-51258-8-10,P-R-50752-2-4,P-R-50681-2-4,P-R-50599-4-6,P-R-50596-4-8,P-R-50553-1-3,P-R-49597-3-5,P-R-49458-2-4,P-R-48530-7-9,P-R-47948-1-4,P-R-46580-3-5,P-R-46484-10-12,P-R-46122-1-3,P-R-45858-2-4,P-R-43966-2-4,P-R-43502-19-21,P-R-41430-1-3,P-R-40751-8-10,P-R-40273-4-6,P-R-39238-5-7,P-R-38682-3-5,P-R-37588-2-4,P-R-34355-8-10,P-R-26266-4-9,P-R-26834-3-8,P-R-24662-16-22,P-R-27479-6-11,P-R-26056-7-15,P-R-27006-7-12,P-R-30338-3-7,P-R-30178-79-81,P-R-30053-8-10,P-R-27458-1-5,P-R-25822-16-19,P-R-25083-6-9,P-R-24690-42-46,P-R-24689-2-5,P-R-24666-2-5,P-R-24663-6-11,P-R-24659-7-10,P-R-23744-7-9,P-R-23739-7-9,P-R-23736-14-17,P-R-23734-7-9,P-R-23730-21-24,P-R-23723-10-12,P-D-32588-1-3,P-D-32534-1-3,P-D-32524-1-3,P-D-32518-1-3,P-D-32512-1-3,P-D-32509-1-3,P-D-32485-1-4,P-D-32484-1-4,P-D-32405-1-3,P-R-1087141-4-7,P-R-49160-12-12,P-R-47601-18-13,P-R-46834-12-14,P-R-46202-18-11,P-R-44018-18-13,P-R-43355-18-12,P-R-35337-16-7,P-R-33916-1-5,P-R-33580-8-9,P-X-117400-1-3,P-R-59175-18-4,P-R-53292-14-10,P-R-49130-18-23,P-R-46913-18-8,P-R-37449-18-15,uxmediumiconluminance:353455,P-R-48549-18-11,P-R-19262-1-12,P-E-44774-2-9,P-R-44869-16-16,P-R-33918-1-11,P-R-1128630-1-7,P-R-1098412-1-5,P-R-1091267-1-53,P-R-81720-1-2,P-R-58406-1-5,P-D-50697-2-4,P-D-29719-1-1,P-D-29718-1-1,P-D-29593-1-6"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile\MsaDevice = "t=GwAWAbuEBAAUbVtUa9wjWgmEIwjX9d7dccnghw8OZgAAEMjCPq885PzIgZP2i/0XdSfgAPMP+6Eu4eIzRUdwRP9mDGF0BxrKM08ilZrOLqdNWgpkB3pyFQ1HPpa7+P9lHY5VroxdlUxmhqkI7VscUvTouzDjqDfIQGdqa5hWbxDI6lE6WLsmvl0x4qRq0IN1fhQ1QQgE2sNfHvoIJClxN4tcLZelhaNAdSnYxTiLM6s778ZBkaQqLTBJGX4Ktn6oEfjOrKWKRxp0LPEhS3PmFyeLQYFwQ2j3DM8Q6dzykd0NYmHM5UO4+dWeD4Umt1mm3h7RVLv+oEfL5Aog8ztYFNAOHNhy8TsvAwN97TMs796tmB0hHgE=&p="	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ETag = "std::wstring\|\"cpdd62qqQSV4n7bCzjifvcctB3E8yJKbMSZU09BeNag=\""	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|7"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.5 = 7064617465436c69656e74446f776e6c6f6164446f457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b436c69656e74446f776e6c6f6164446f457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253747265616d4361625c22203a207b205c224576656e74735c22203a207b205c22446f776e6c6f616453747265616d4361625c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225472616e73706f72745c22203a207b205c225375624e616d657370616365735c22203a207b205c224578706572696d656e74616c5472616e73706f72745c22203a207b205c224576656e74735c22203a207b205c22436162735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c224576656e74466c61675c22203a20323536207d207d207d2c205c225472616e73616374696f6e616c46696c654f7065726174696f6e735c22203a207b205c224576656e74735c22203a207b205c224170706c794368616e6765735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457865637574655472616e73616374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d2c205c224576656e74735c22203a207b205c225472616e73706f72745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f776e6c6f61644361625c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e446961676e6f7374696373222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436f6c6c6563746f725c22203a207b205c224576656e74735c22203a207b205c2253746172745472616365436f6c6c6563746f725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e446f6373222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22446f63756d656e74416374697669746965735c22203a207b205c224576656e74735c22203a207b205c2241637469766974794c6f67456e7472794372656174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e74727953657453746174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536572766963654163746976697479526573756c745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674f6e436f6e74656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e717565756541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d69745175657565496e7365727441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d697451756575654469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f6744697363617264466f72446f63756d656e744368616e67655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67547269676765724173796e635461736b576f726b65725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654c6f61644173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e697446696c65506174685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565417070656e644173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565577269746541637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756552656d6f76654173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655772697465446f63756d656e74496e666f4865616465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756554727944656c657465456d70747946696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e7365727441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e717565756541637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674372656174654c6f675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67536176654e657746696c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654c6f63616c4e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e674e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224170694f70656e41637469766974794c6f675769746853747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674361636865446f63756d656e74496e666f5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e74727946696e616c697a655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6746696c7465724f757443757272656e7455736572416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674c6f616446726f6d53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6753617665546f53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565436865636b5265766f6b65644544505c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565526570616972436f7272757074656446696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674d6f64696679436c6f6e655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c654f70656e4572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c65526561644572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c655265706c6163654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c6557726974654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655472756e6361746551756575655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d6974517565756548656c706572456e737572654469726563746f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d697451756575654d616e61676572437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241706943726561746541637469766974794c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224170694372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637469766974794c6f674173796e635461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22536861726564436f6d6d656e74735c22203a207b205c224576656e74735c22203a207b205c22436f6d6d6974436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744e61746976655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22447261667453746174654d616e61676572456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f737444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465506f7374416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245324550657266547261636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224472616674436172644d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244726166744361726452656e64657265645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d61726b436f6d6d656e744372656174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265736f6c7665546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172745265706c79506f737465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e44726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d6d656e74436f6e746578744368616e676564416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164436f6d6d656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436c6f7365566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6e74657874437265617465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684f70656e566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368566965774368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368426567696e44726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684361706162696c69746965734368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e74734368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e7453656c65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368437265617465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368446f634368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e64436f6d6d656e7453657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e6444726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368466f63757350616e655472696767657265644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e6974436f6d6d656e7453657373696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e697469616c52656e646572436f6d706c657465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e76616c69644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684c6f6164546872656164735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65466f63757353746174654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65546f52656e6465724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853656c656374436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853657448616c6650616e65446973706c61794d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463685468656d654368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636844656c657465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c656172436f6d6d656e7453656c656374696f6e416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f6c6c6162436f726e65725c22203a207b205c224576656e74735c22203a207b205c22436f617574686f725570646174654c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f617574686f72476f546f43757272656e744c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795573657252655265676973746572436f6e6e65637469766974794368616e67654e6f7469667949664e65636573736172795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6443686174427574746f6e497356697369626c654e6f7744617461706f696e745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572436c6f736553696e676c65466c796f75745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64497343686174417661696c61626c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665644173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72734265666f72654173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279496e6974464d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.6 = 436f6175746847616c6c657279436f617574686f72577261707065725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64436f61757468696e6757697468416c6c4775657374734f724d697373696e67456d61696c456469746f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22476f546f4c6f636174696f6e416374696f6e487562416374696f6e4a756d70546f417574686f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465417574686f724c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465456d61696c416e64436861745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6e7461637443617264416374696f6e487562416374696f6e53686f77436f6e74616374436172645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279557365724a756d70546f417574686f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279557365724f70656e53696e676c65466c796f75745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22456d61696c416374696f6e487562416374696f6e53656e64456d61696c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6453657456616c75655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224d736f494d5365727669636573536642506861736531496d70726f76656d656e7473456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617443616c6c6f757455736572496e697455495c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d5365727669636573497357616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d536572766963657353664257616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d536572766963657353664357616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617455494d6f64656c4f6e55494576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617443616c6c6f7574557365724f6e5061727469636970616e744c6973744368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6175746847616c6c65727955736572437265617465416374696f6e4875624c69737446726f6d536e617073686f745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22436f6175746847616c6c65727955736572437265617465466c65784c69737446726f6d536e617073686f745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22436f6c6c61625c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f617574686f725c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f617574686f72446f63756d656e7448656c7065725c22203a207b205c224576656e74735c22203a207b205c22547269676765725265747269657665446f63756d656e74436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265747269657665456469746f72735461626c654d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265747269657665527463557365725c22203a207b205c224576656e74466c61675c22203a20353132207d207d207d207d207d207d207d2c205c2241744d656e74696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22446f63756d656e744163746976697479496e746567726174696f6e5c22203a207b205c224576656e74735c22203a207b205c224164645265636f7665726564416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737341744d656e74696f6e4e6f74696669636174696f6e734c6973745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6d6d656e74734e6f74696669636174696f6e436f6c6c6563746f7252656d6f766564436f6d6d656e74735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f63657373436f6d6d656e74734e6f74696669636174696f6e734c6973745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22536176654c6f67466f725265636f766572795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22437265617465446f63756d656e7441637469766974794c6f674d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c657465436f6d6d656e7441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22446973636172644c6f63616c416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574655265706c7941637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2243726561746541744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c65746541744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654d6f6465726e436f6d6d656e7441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224372656174654d6f6465726e41744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f70656e4c6f6746726f6d5265636f766572795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654d6f6465726e5265706c7941637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225064616c6d446f63756d656e7441637469766974794c6f674d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22456e73757265446f63756d656e744163746976697479436170747572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e737572654c6f67507265526571735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6574726f4f70656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746555736572496e666f466f72417574686f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22437265617465556e69717565417574686f72566563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746555736572496e666f46726f6d417574686f72566563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224973436c6f7564446f63756d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365745361766564507265526571735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655265766973696f6e53657441637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6d6d656e74436f6e74656e744964656e7469666965725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f67436f6d6d656e744174747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536176654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657453617665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e4c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b4372656174696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561737369676e5461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e5461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d706c6574655461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f704261636b73746167655c22203a207b205c224576656e74735c22203a207b205c22536176654173526563656e74436c69636b65645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253617665417344656661756c745365727669636553656c656374696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f70656e526563656e74446f63756d656e747356696577436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e526563656e74446f63756d656e7473566965775769746846656174757265456e61626c6564436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22424743616c634d616e6167657250726f6365737353657456616c75657350726f635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22424743616c6349646c655461736b46457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506c6163657347726f757065724163636f756e74496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657474696e67537461727465644d5255536c61624765744d72754461746554696d6547726f7570547970655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e526563656e744c6f636174696f6e7356696577436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e617669676174696f6e5265616453697465526f6f74427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e617669676174696f6e52656164446f634c6962466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224f666669636553706163655c22203a207b205c225375624e616d657370616365735c22203a207b205c224465736b746f704261636b73746167654e617669676174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c617a794c6f616446696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224c6f616446726f6d46696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253617665496e746f46696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2252656164546869735043526f6f745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22526561644c6f63616c466f6c6465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265616453697465526f6f74427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224765744974656d57656244617655726c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2247657452656d6f74654974656d496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2252656164446f634c6962466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526561644d696772617465644f4443466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22504358506572736f6e6150686f746f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f757453706163655c22203a207b205c224576656e74735c22203a207b205c22557064617465506c616365735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486964655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365744d72754c697374466f72486f6d65506167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c65616e75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564576974684d65506f70756c6174654c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654d52554974656d735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e4469736d6973735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e65774469736d6973735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c224465736b746f704261636b73746167655c22203a207b205c224576656e74735c22203a207b205c224261636b73746167654469736d69737365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f76657279436f6d7061726557697468556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f7665727944656c657465556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f766572794f70656e556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f76657279506f70756c617465556e736176656456657273696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e69744e65774e6176466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6577536572766963654c6973745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c225368617265506f696e7453697465735c22203a207b205c224576656e74735c22203a207b205c2247726f75707353697465735265717565737449636f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e745369746573496e697469616c697a655369746573436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e74536974657350726f63657373526573756c74466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465734964656e74697479436163686552657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734173796e6350726f63657373526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734173796e635c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224372656174654c6f636174696f6e735c22203a207b205c224576656e74735c22203a207b205c2244656661756c744964656e74697479456d7074795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253686172696e674c6567616379436c69656e745c22203a207b205c224576656e74735c22203a207b205c22476574446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486f6d65506167655c22203a207b205c224576656e74735c22203a207b205c22506c6163654368616e6765536c6162436f6e646974696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e53686f77486f6d65506167655c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c225365617263685c22203a207b205c224576656e74735c22203a207b205c225365656e4279557365725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f666669636553746172745c22203a207b205c224576656e74735c22203a207b205c22536574757054656d706c61746550726f706572746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243757272656e745549416374697665506c6163654368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22547269676765725468756d626e61696c416374696f6e52756e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e744e6f74696669636174696f6e735c22203a207b205c224576656e74735c22203a207b205c2252656769737465724f6e49646c65466561747572654761746544697361626c65645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d7275536572766963654170695c22203a207b205c225375624e616d657370616365735c22203a207b205c22446f63756d656e74735c22203a207b205c224576656e74735c22203a207b205c2252656164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257726974655265	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|13"	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000273b68ebf60ea0448ae0d5b372d6934600000000020000000000106600000001000020000000f398e5ce4660d577026ff0b5b72c33d094fad1285302cc23940379a0efd558cc000000000e8000000002000020000000fd1d1f2155759d5943df9b084c83046c5325f56802f77f7b1ed2d722d21e906ef0030000d85512b31d2756dceb3f8ea54d167bcbf120cfa34e3dd925aa2ab7ebaa11773f2156e41902684a0617cee3dba8b1013b4d95387bc52caa71a0765d37c0bbb036199d0861b47d89d44d91b13548a728b401241e217aca5c30fb930ec054c1e2bece526d59aa90a0fbb0020cfd11952068840bd3c937bea7df3aa6e5d9286643f570b885e6a3abc9675b417922833a73c56c1b7ccf3f23cbe3bd3e1440ac4f299c48c0f44dc2440d67663a35d7657706bbcda91b0c3f333a8d2142bde0383a952d7f57e13a29561499b79a74b99e9acf2475317fee444310dec5daa5d4c184e4357a8e8d604338fce15d24d248f8df0140f62634654cb109912525b7d581b07916ef20207088481c38ffa542ec9ab1b1426cd1808047cfc088c5dbc3a6b62f1fbcb50ed71baa33fdb93104000c9256cf11c12b5eab96ef14daab29e4bd22e30441c7f542d5cd05e8dbfc54c42dc45dc3b965d1521c8705c009dcf96a6d3995ba67d1b94e8a5745c3dc74f78cc64527b63e9dce8617ca30bade5e1041e6ed35cddf1fda5e2f09ec0a8f198228d2d5020ee6b0a4a2a1bcf852cc1f56735504740503b5330535ff31b30e17cfca2a0c8634e6604b8401218d9c64c617a6ac98a09912a794c4389fd3a5f865d9a388f20bd08ed89895f02b8a5d1bc7ea6d89b7507c5633b9414c5b95a9129dbb06164cfe057ce6367d029711790cfce0b8a4121bfe020e6edd4eff91ed0cd1658ae1ee512ea1796c2917db7e4aaea53d8019611c57fa14d2413a11a360e2ea233d75a0e44e8c97462f451680b3ff6ecf3531456c45151b1a2c0969d3817524be1bfdbe60d72c078df6816a1c84e12864da5e91010d6c76516862beec1ad22eee1295443ef53d9b57a2b11074ba732d3fd0effada390b9903d323abaab29047db6579716eb37172baeccb22f63f1f7a203778155f86e64dd3434f59e6cc09201ac5404efe65ce20760186fdf09cd5eb2079ed481a6451abff5074ba70375275e81dcde10a0ef72f6e81444cf872f86c38cdce55e05667f031caf4e1da396ef9e45427b8707a7592398b8589d94478a07efbe4183702b960a60bab40e634e00783afa575b58c2a9fd9148e176ec10d1324ed701e524a863fe4315cbcdb8f027ccf9f87b9caf2858bf1e663d353b54543d04e9faf0d03e5d6c4357c7ee9f2a6be73ea69205018b1d2b4568b344dd420f65804722fed93773b534731320174e37992059deec3f419360d68f098d93fea14b5edaa80fa2c861383dd1494e568ff61e6aa1b74b2596e0fc763995641ba8d6c2fca8e367a806f575bfcc49ad56daea48a99d4d535af3b4ce5519070a928f8672b0a0beac9a975c1f6c7cf2b70a2c9ba6873e774ddaf5f7d228e892a9e3863968ad402f2a77413f84e93c151a215dd0986a539eae7877d400000004cfc933e2d4db602f23c2432fdc2a556db226e42f2674eb1c526dc08ab375aa734f3a8f6023e50a524cb4ad88062208374c08120d73a9e48080e5088f7024602	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t\|0"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|5"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|12"	OfficeClickToRun.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15768	dwm.exe
Token: SeChangeNotifyPrivilege	15768	dwm.exe
Token: 33	15768	dwm.exe
Token: SeIncBasePriorityPrivilege	15768	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4464	871fb8a7a0a0ffdf8743075b047fc730N.exe
4876	Unicorn-16364.exe
3580	Unicorn-15102.exe
2320	Unicorn-26800.exe
464	Unicorn-37080.exe
4052	Unicorn-3705.exe
5084	Unicorn-22088.exe
376	Unicorn-18558.exe
3828	Unicorn-7671.exe
748	Unicorn-34213.exe
5108	Unicorn-8226.exe
1652	Unicorn-32176.exe
960	Unicorn-27827.exe
2536	Unicorn-52596.exe
2032	Unicorn-52596.exe
2016	Unicorn-32730.exe
3536	Unicorn-13831.exe
2708	Unicorn-18470.exe
2412	Unicorn-6431.exe
1604	Unicorn-63800.exe
3672	Unicorn-49502.exe
1092	Unicorn-55632.exe
2188	Unicorn-42923.exe
3480	Unicorn-43188.exe
212	Unicorn-60298.exe
1492	Unicorn-49363.exe
4844	Unicorn-18684.exe
4968	Unicorn-43188.exe
2832	Unicorn-64355.exe
4012	Unicorn-24805.exe
4036	Unicorn-62596.exe
3928	Unicorn-13395.exe
2360	Unicorn-42730.exe
1940	Unicorn-64442.exe
2820	Unicorn-25626.exe
3824	Unicorn-65402.exe
2780	Unicorn-55736.exe
5092	Unicorn-26956.exe
4196	Unicorn-3006.exe
2744	Unicorn-39762.exe
2148	Unicorn-30848.exe
2028	Unicorn-2259.exe
3064	Unicorn-2259.exe
2388	Unicorn-30848.exe
3268	Unicorn-10982.exe
3652	Unicorn-10162.exe
2932	Unicorn-34932.exe
728	Unicorn-63520.exe
3696	Unicorn-1802.exe
1348	Unicorn-42138.exe
4176	Unicorn-17641.exe
4536	Unicorn-49222.exe
468	Unicorn-35486.exe
4704	Unicorn-2067.exe
4788	Unicorn-2622.exe
2152	Unicorn-44999.exe
3312	Unicorn-14319.exe
4560	Unicorn-14319.exe
1252	Unicorn-34740.exe
840	Unicorn-58734.exe
3572	Unicorn-35700.exe
1000	Unicorn-44423.exe
2964	Unicorn-54074.exe
4860	Unicorn-27532.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 4876	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	87
PID 4464 wrote to memory of 4876	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	87
PID 4464 wrote to memory of 4876	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	87
PID 4876 wrote to memory of 2320	4876	Unicorn-16364.exe	90
PID 4876 wrote to memory of 2320	4876	Unicorn-16364.exe	90
PID 4876 wrote to memory of 2320	4876	Unicorn-16364.exe	90
PID 4464 wrote to memory of 3580	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	91
PID 4464 wrote to memory of 3580	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	91
PID 4464 wrote to memory of 3580	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	91
PID 3580 wrote to memory of 464	3580	Unicorn-15102.exe	94
PID 3580 wrote to memory of 464	3580	Unicorn-15102.exe	94
PID 3580 wrote to memory of 464	3580	Unicorn-15102.exe	94
PID 4464 wrote to memory of 4052	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	95
PID 4464 wrote to memory of 4052	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	95
PID 4464 wrote to memory of 4052	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	95
PID 2320 wrote to memory of 5084	2320	Unicorn-26800.exe	96
PID 2320 wrote to memory of 5084	2320	Unicorn-26800.exe	96
PID 2320 wrote to memory of 5084	2320	Unicorn-26800.exe	96
PID 4876 wrote to memory of 376	4876	Unicorn-16364.exe	97
PID 4876 wrote to memory of 376	4876	Unicorn-16364.exe	97
PID 4876 wrote to memory of 376	4876	Unicorn-16364.exe	97
PID 464 wrote to memory of 3828	464	Unicorn-37080.exe	99
PID 464 wrote to memory of 3828	464	Unicorn-37080.exe	99
PID 464 wrote to memory of 3828	464	Unicorn-37080.exe	99
PID 3580 wrote to memory of 2016	3580	Unicorn-15102.exe	100
PID 3580 wrote to memory of 2016	3580	Unicorn-15102.exe	100
PID 3580 wrote to memory of 2016	3580	Unicorn-15102.exe	100
PID 4052 wrote to memory of 2032	4052	Unicorn-3705.exe	101
PID 4052 wrote to memory of 2032	4052	Unicorn-3705.exe	101
PID 5084 wrote to memory of 2536	5084	Unicorn-22088.exe	102
PID 4052 wrote to memory of 2032	4052	Unicorn-3705.exe	101
PID 5084 wrote to memory of 2536	5084	Unicorn-22088.exe	102
PID 5084 wrote to memory of 2536	5084	Unicorn-22088.exe	102
PID 376 wrote to memory of 1652	376	Unicorn-18558.exe	103
PID 376 wrote to memory of 1652	376	Unicorn-18558.exe	103
PID 376 wrote to memory of 1652	376	Unicorn-18558.exe	103
PID 4464 wrote to memory of 960	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	104
PID 4464 wrote to memory of 960	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	104
PID 4464 wrote to memory of 960	4464	871fb8a7a0a0ffdf8743075b047fc730N.exe	104
PID 2320 wrote to memory of 5108	2320	Unicorn-26800.exe	105
PID 2320 wrote to memory of 5108	2320	Unicorn-26800.exe	105
PID 2320 wrote to memory of 5108	2320	Unicorn-26800.exe	105
PID 4876 wrote to memory of 748	4876	Unicorn-16364.exe	106
PID 4876 wrote to memory of 748	4876	Unicorn-16364.exe	106
PID 4876 wrote to memory of 748	4876	Unicorn-16364.exe	106
PID 3828 wrote to memory of 3536	3828	Unicorn-7671.exe	109
PID 3828 wrote to memory of 3536	3828	Unicorn-7671.exe	109
PID 3828 wrote to memory of 3536	3828	Unicorn-7671.exe	109
PID 464 wrote to memory of 2708	464	Unicorn-37080.exe	110
PID 464 wrote to memory of 2708	464	Unicorn-37080.exe	110
PID 464 wrote to memory of 2708	464	Unicorn-37080.exe	110
PID 5108 wrote to memory of 2412	5108	Unicorn-8226.exe	111
PID 5108 wrote to memory of 2412	5108	Unicorn-8226.exe	111
PID 5108 wrote to memory of 2412	5108	Unicorn-8226.exe	111
PID 2320 wrote to memory of 3672	2320	Unicorn-26800.exe	112
PID 2320 wrote to memory of 3672	2320	Unicorn-26800.exe	112
PID 2320 wrote to memory of 3672	2320	Unicorn-26800.exe	112
PID 748 wrote to memory of 1092	748	Unicorn-34213.exe	113
PID 748 wrote to memory of 1092	748	Unicorn-34213.exe	113
PID 748 wrote to memory of 1092	748	Unicorn-34213.exe	113
PID 2536 wrote to memory of 1604	2536	Unicorn-52596.exe	114
PID 2536 wrote to memory of 1604	2536	Unicorn-52596.exe	114
PID 2536 wrote to memory of 1604	2536	Unicorn-52596.exe	114
PID 1652 wrote to memory of 3480	1652	Unicorn-32176.exe	116

C:\Users\Admin\AppData\Local\Temp\871fb8a7a0a0ffdf8743075b047fc730N.exe
"C:\Users\Admin\AppData\Local\Temp\871fb8a7a0a0ffdf8743075b047fc730N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        8⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        10⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        11⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
        10⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        10⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        10⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
        9⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        9⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
        9⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        9⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        9⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        9⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
        9⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        8⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
        8⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        9⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
        10⤵
        
        PID:15160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15160 -s 464
        11⤵
        Program crash
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        9⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        9⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7197.exe
        9⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
        8⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        8⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        9⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
        8⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        8⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65226.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        8⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        8⤵
        
        PID:18224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
        7⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        7⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        8⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        9⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        10⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        9⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        9⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        9⤵
        
        PID:18232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        8⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        8⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        8⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
        8⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        8⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-920.exe
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        7⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31128.exe
        7⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        8⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        8⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        8⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7197.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        7⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16094.exe
        7⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46803.exe
        7⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        7⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        6⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        8⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
        9⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        9⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        9⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        9⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        8⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16448.exe
        8⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        9⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
        8⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        8⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        7⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        7⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        7⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
        7⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        6⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        6⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
        6⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        7⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        7⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        6⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        6⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        6⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        6⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        5⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        5⤵
        
        PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        9⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        9⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
        9⤵
        
        PID:18092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        9⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        8⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        8⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        8⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        7⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        6⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        8⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        8⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        8⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11686.exe
        7⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        7⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
        7⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22465.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        8⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        8⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        8⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        7⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        6⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        6⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        6⤵
        
        PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        6⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        8⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        8⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        8⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20317.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17690.exe
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
        7⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        7⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
        7⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        6⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39586.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        6⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29239.exe
        5⤵
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        5⤵
        
        PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
        6⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        8⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47459.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        7⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        7⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        7⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
        6⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        7⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        6⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        6⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        6⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        5⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        5⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
        5⤵
        
        PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        5⤵
        
        PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
      4⤵
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
      4⤵
      PID:12496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
      4⤵
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        9⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        9⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        9⤵
        
        PID:15744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
        8⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        8⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        8⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
        8⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51534.exe
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
        7⤵
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        7⤵
        
        PID:16228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
        7⤵
        
        PID:16944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34717.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        6⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        8⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        8⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        8⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        7⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        7⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        6⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        6⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        6⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        6⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
        5⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        6⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
        5⤵
        
        PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        8⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        8⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        8⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
        8⤵
        
        PID:18100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        7⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        7⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        7⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
        7⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
        7⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        6⤵
        
        PID:13868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17297.exe
        6⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45072.exe
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        6⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        7⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        7⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        7⤵
        
        PID:16808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        6⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
        6⤵
        
        PID:16556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        5⤵
        
        PID:15532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
      4⤵
      PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15974.exe
      4⤵
      PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        8⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        8⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        8⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        7⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
        7⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        7⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63986.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        6⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        6⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51150.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        5⤵
        
        PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        5⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        6⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
        6⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        5⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        5⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1899.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        6⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        5⤵
        
        PID:15912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
      4⤵
      PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
      4⤵
      PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
      4⤵
      PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        7⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        6⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        5⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        5⤵
        
        PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
      4⤵
      PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
      4⤵
      PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
      4⤵
      PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
      4⤵
      PID:13432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        6⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        5⤵
        
        PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
      4⤵
      PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
      4⤵
      PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42612.exe
      4⤵
      PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
    3⤵
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
      4⤵
      PID:12220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
      4⤵
      PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
      4⤵
      PID:16720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
    3⤵
    PID:8100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
    3⤵
    PID:10364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
    3⤵
    PID:14880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
    3⤵
    PID:9552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        7⤵
        Executes dropped EXE
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
        9⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        9⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        9⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        9⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        8⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        8⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        8⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14158.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        8⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        8⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        8⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        7⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        7⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        8⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
        9⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        8⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        8⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        7⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        7⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23732.exe
        7⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
        6⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23152.exe
        6⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56852.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        8⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        8⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        8⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7026.exe
        7⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        7⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8209.exe
        7⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        7⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        6⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        6⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
        8⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
        8⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43067.exe
        8⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        7⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
        7⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        7⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        7⤵
        
        PID:15920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        6⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        5⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        6⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-982.exe
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        5⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        5⤵
        
        PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
        9⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        9⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12418.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        9⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        8⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        7⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        7⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14158.exe
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
        7⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8310.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63471.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        6⤵
        
        PID:15600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3582.exe
        5⤵
        Executes dropped EXE
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        8⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        8⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        7⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37946.exe
        6⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        7⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        6⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        6⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        6⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
        5⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
        5⤵
        
        PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        5⤵
        Executes dropped EXE
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15611.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        7⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        7⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59903.exe
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        7⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        6⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        6⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
        5⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        5⤵
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
        5⤵
        
        PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
      4⤵
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        6⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        7⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        6⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20696.exe
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
        5⤵
        
        PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        5⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
        5⤵
        
        PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
      4⤵
      PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9466.exe
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
      4⤵
      PID:15016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
      4⤵
      PID:13476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        6⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33168.exe
        8⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        8⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        7⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        6⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24649.exe
        6⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
        7⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        7⤵
        
        PID:15844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        7⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        6⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43794.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
        6⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        6⤵
        
        PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        5⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        7⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        7⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        7⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54255.exe
        6⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        6⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
        5⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
        5⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
        5⤵
        
        PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        6⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        5⤵
        
        PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        5⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        5⤵
        
        PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
      4⤵
      PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
      4⤵
      PID:15676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        7⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        7⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        6⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        6⤵
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        6⤵
        
        PID:18240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        5⤵
        
        PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        5⤵
        
        PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
      4⤵
      PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        5⤵
        
        PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59126.exe
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
      4⤵
      PID:16696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        5⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe
        6⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        6⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe
        6⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        5⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36897.exe
        5⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        5⤵
        
        PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
        5⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        5⤵
        
        PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
      4⤵
      PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
      4⤵
      PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
    3⤵
    PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
      4⤵
      PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
      4⤵
      PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
      4⤵
      PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
      4⤵
      PID:5000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
    3⤵
    PID:8032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
    3⤵
    PID:1648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
    3⤵
    PID:15188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
    3⤵
    PID:13452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29558.exe
        8⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        7⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6611.exe
        7⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        7⤵
        
        PID:16452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49726.exe
        6⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        6⤵
        
        PID:14304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        6⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        7⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        6⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        6⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54143.exe
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        5⤵
        
        PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2622.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        7⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        7⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        6⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        5⤵
        
        PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        5⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        6⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        5⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
        5⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        5⤵
        
        PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
      4⤵
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
      4⤵
      PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
      4⤵
      PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
      4⤵
      PID:16792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
      4⤵
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
        7⤵
        
        PID:15968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        7⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        6⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
        6⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        5⤵
        
        PID:16596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        5⤵
        
        PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8101.exe
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
      4⤵
      PID:14872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14872 -s 464
        5⤵
        Program crash
        
        PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
    3⤵
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
      4⤵
      PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        5⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        5⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        5⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38703.exe
        5⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
        5⤵
        
        PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
      4⤵
      PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
      4⤵
      PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
      4⤵
      PID:16300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
      4⤵
      PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
      4⤵
      PID:15892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
      4⤵
      PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
      4⤵
      PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
      4⤵
      PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
      4⤵
      PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
      4⤵
      PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
      4⤵
      PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18047.exe
    3⤵
    PID:11924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
    3⤵
    PID:15648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
    3⤵
    PID:5448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
      4⤵
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        5⤵
        
        PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63271.exe
      4⤵
      PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
      4⤵
      PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39142.exe
      4⤵
      PID:15560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10301.exe
    3⤵
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15035.exe
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        6⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        6⤵
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        5⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe
        5⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        5⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
      4⤵
      PID:5416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
    3⤵
    PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
      4⤵
      PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
      4⤵
      PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
      4⤵
      PID:14440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
      4⤵
      PID:17124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
    3⤵
    PID:7612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
    3⤵
    PID:11664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
    3⤵
    PID:12364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
    3⤵
    PID:1692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
    3⤵
    PID:15912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
    3⤵
    PID:16444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        5⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24839.exe
        6⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20510.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1507.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12697.exe
        5⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        5⤵
        
        PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42798.exe
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
      4⤵
      PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
      4⤵
      PID:1904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
    3⤵
    PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18036.exe
      4⤵
      PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37918.exe
      4⤵
      PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
      4⤵
      PID:16712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
    3⤵
    PID:8076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
    3⤵
    PID:11760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
    3⤵
    PID:6228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
      4⤵
      PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
      4⤵
      PID:10356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
      4⤵
      PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
    3⤵
    PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36596.exe
      4⤵
      PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
      4⤵
      PID:15564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
    3⤵
    PID:10816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
    3⤵
    PID:14472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
    3⤵
    PID:16668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
  2⤵
  PID:6528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
    3⤵
    PID:9112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
    3⤵
    PID:7208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
  2⤵
  PID:8860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
  2⤵
  PID:11404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
  2⤵
  PID:16244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
  2⤵
  PID:1832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
  2⤵
  PID:7740

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:6544

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe

Filesize
468KB

MD5
ce5d4433a870b40774450362c9ac1f1e

SHA1
f9aef1ce6ff2b15dfe1f3ec763cd7dd11220b596

SHA256
d244a2eeaac3702aff16ed0687a95a4c32e6a1b594c1e21b64b060409ce8b11f

SHA512
a4ce3a6ead11ed418358a79573ccc245731197de137378c29d6acfadb4ea7330937fbe7812bd7fd1687404e8efa4b820e6d5d957b962cf498a0508dc8de1eec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe

Filesize
468KB

MD5
06544ba0d011109e4165659a938cb9b2

SHA1
a819d48491080551dfaa8047daceb2bc3d36a9f7

SHA256
39f8eeb3cb2e7949accdeb3ca6424b2a186b9a81b6303c273e0ac62fc3d83994

SHA512
2199e9b0cef3b8af8b36280d6dfb26bce0da4cb2f190b529adee9094a7830bfe07862c6cbad80b97aa9498e05cafce2d294f809c681a4306043c9ca52c6e71fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe

Filesize
468KB

MD5
142b45880e248d18d537f5215bb78e94

SHA1
9334fa34aaba30751d3c8b0d3b60c4c061fb6b9f

SHA256
4b72f726946f49b7e8b8e9088a378306d012d88fab9c7e712a48243f2e03c25e

SHA512
e966b1b189b01ea2dab06ab61f81a42d13fc42cff0dbf3857b10825a1401d2862f5ce0fc3493978e2285702c56f1f561751b5343e6bbe3cd0b52e9407afed8db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe

Filesize
468KB

MD5
a98f46cbdae828071de6dc5ed9bc2e00

SHA1
449d3763f8d56e24c68736b8905afb459ceaf7df

SHA256
271e3c922c7e2ffaac2654bbebeac5facfb33cbb68e47fa2b7fdd8566b40f893

SHA512
343317124e5281f0caffad8556fec2f7d87b522455788da2716a13d864b4d49a7e983c7e852ce3430abd853a1ccb2363efb6c15a486524447d4986b83241ac64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe

Filesize
468KB

MD5
648b8633848ed966e2dc8fba33af4fd6

SHA1
70d694dadb5b34106806b73321b3b1975cc6dd8c

SHA256
5aecac9ef9f0d2bd1ff97cda55bb33c9f48899854767a103beba75e61aea41b4

SHA512
496a05c1eae7a33ad812490679273714f331c0049034d1fe4db3789292d76be1de5c5ac015903caf827465e261fb9749ef635c087c2b9f29368abb4aa70aeca8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe

Filesize
468KB

MD5
fd5779209756d219ccb3c2b1c3cd3038

SHA1
35f71bc1053e287681816b872c81302c2d20732a

SHA256
6297fa50127e278968e71bb31ef57f3b11a78cbf593ea53e7069f1b781d9f2e1

SHA512
4d8ab95bd1843df8fe994df8957650c47db472aa3bc329005a5b675ffb49ff43519acce4a7bd921c719e48d66d4243f5dcd3c3507858deff93eeeb4e00d8d17a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe

Filesize
468KB

MD5
8430f4837ec514194b8a9f8377d11f5a

SHA1
efee67c371a128d4192f5a27375c3f047a9678ed

SHA256
0024128056b71e92da4db4467b5f0720dedf2589f2177e1c2869168af5b11201

SHA512
7cad936eaa38abca1b38af5ee8c9ba2cb0d1c8539cb61c8312e27724fe0cc2e82f5445de83c3e2dde4e1f4a4de5c2391a0a2162837f66eb091176ff9e06082e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe

Filesize
468KB

MD5
b518644ea2ef5da3ddffa6bc58dc3c6d

SHA1
a0a41d281f6e023f47772a8112a8bf0b5a7a8ed7

SHA256
784f11ab31b72e2775b54bdeee5818b73a9885f613f8f63839efa74931506c88

SHA512
6e7c20579cb900319fb3d30a5cd73cc767e9974e363dcd08b945e28c5d03d598597fa95b2a11d224bab74d93937f0f81ffe67d8e953e8bf221163de6f9a1e557

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe

Filesize
468KB

MD5
4b65ddf6ec91a622d09ba1ac48dda77f

SHA1
c462ed4587c68b65aac6ba9e8a54d8876eea3264

SHA256
ec1cef4785425de0c10d3340ec4e9991cfe7dbd140865063517505a468f571bf

SHA512
4ddd2aa417a671ee6ad738c138e3b90302b58e700abce34071d4b012efcff68669ceb35b1a862770c52fd612b1e1ac9d72458b16fd64a13fa1be0494c4d50f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe

Filesize
468KB

MD5
762d987abf07405ac8a86363266e8181

SHA1
101fe5bf27a9fd07bf14be10dc9497366dc90490

SHA256
9452349256df456e89024e434080ecdab9286662c88049b82f01f312d236ffb1

SHA512
8160c2c06a3cc04258e87632c1d7c093c875329cbb40b54392287a9d58d793895198b62511c93ea73a68bedc82c48f816b938c7ec91cc173f407248ec26ca7a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe

Filesize
468KB

MD5
5fde692467367b2fc9b5ed5fbaf45640

SHA1
1ee325184c6715a032b84e36e1c65aa30b335239

SHA256
fe1a741b4e695d278c52ad35377d28650fb4b43b3d96f24d3ca3d4fa98f6b22a

SHA512
8645a7009d4e080e631f227d1e80774e02579c9858f6220de3b0dfed3a30193481d5803cbfbf1e31abbf8780bd4e335529de592652eaba09000dc4d21cc0c7df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe

Filesize
468KB

MD5
468f5553c9996a821f6f10569e807038

SHA1
3844009a4c717079bed8ac6450af955060fbfea4

SHA256
337fa7f5aa05680498df7c27e28fe194dfbb11d495d72bf0e1c79b2d5e2fe1fb

SHA512
6d4342a55524111eff368adafd3af9c333d389e6c73771035ac9139df61c3b677cfa4f12d5ed9c1a3ba8d49ac14c336bf64b638ca8f7de7cd5423e15ad4b207d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe

Filesize
468KB

MD5
5514c82212319ba206dfad91ea5e5316

SHA1
935216b489b52419c8444ede1f47ab5597782c8c

SHA256
e7701330b3e66506f22bb008b7a5cc23876c407be7f7c67e42a223b338f7624b

SHA512
1249fc3a2f709b82bdf677582f9fafb133636f4496234802a52a7c5ee473475bfd894f62e4787cb82a580bd039d06220bd4685c396b28a801f17eeb5e8feb889

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe

Filesize
468KB

MD5
12d856588c5fe25011c3ca193bccec0c

SHA1
703a21c167760549bf816fc068c0399aba9f9478

SHA256
911ae5d6f6eb03415f47fe3fc46d9a799283c7dca38b803c560b88b31173bb3f

SHA512
cdf389f04b8292271650bc21c663435c847d3c6344978469ed7f2d7fec236e53e33fe78b7e42d5f2e563b02dd3401388be9af569354783d3c27345445a6abeb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe

Filesize
468KB

MD5
05e41cbd47afb1c9b778b8c2b8280ef9

SHA1
7f863153cb7ecd421d0bd1cebdda7ebf453c660a

SHA256
0f54a65b5d042ba6098623e52b9aeabb1a53e6e3afdff04a58cd4f7c56cce4d3

SHA512
ac617188c63db786f01d3b816d373aa3d12e508aef9ddd83e224d300755c5c4412cd915a6db72f871075efd6ad91072f90adaefe10d7c9e8d7620b5e64ab76c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe

Filesize
468KB

MD5
014b338750de9ac1552c0f134239a145

SHA1
35dfa35fa894063e958f9c9ed40be58a2aebaece

SHA256
1f99292cbeaa9b29869365a23af68349bc6bfb5294b90c8f7ff658620fd0ce9b

SHA512
372c7654f92d7de8b075e99478884c220800cd7b4c51ca1b784724f224e89b96ed2ac0bfa095452d99aeef51e2fa5e7e987d23d41fce339cff3e619bc0fad637

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe

Filesize
468KB

MD5
a2b98036a0215e1e13e7ba72b1537bce

SHA1
21ea6cfe9f83959d5f0965db814104ce43762d94

SHA256
e30811991fa5c2a5b21e3edfb50eb1b63c89a4d297e928c73b27bd4cd2fd70e6

SHA512
d94e9d3a807f83a56d43d7440c41ce7539b9b8861e349ff1cd56045784da0c63d0e45f5e05683f8b6cec1d79b05302c000e4122daaba42a185aa24e68b27eb69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe

Filesize
468KB

MD5
d0bc17ee879269f86d9b2ba555773423

SHA1
16a4a88b01db59d62f8146660908c4199cb462b5

SHA256
4edd08493502f1778358d67ff9df27fdb1a0981b65c6651a5c72a8e4ab99b8b4

SHA512
c17383a5e955c3f6296756e1a4811e16cf632644ae52cc610293a93b52b252f0f6f988a9964f255ccf4241c9b93a2aa1e1cbae163ddd8a55b5da3f5782189255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe

Filesize
468KB

MD5
48684ca5515ef285390b9d0d32086a16

SHA1
6452854c5e3b594d668b41ee781f095bf7fb432f

SHA256
711475599c1b3cdfdfd41a006af0ebc49f0ebaac464bb3f45698d713ae5fd5ec

SHA512
cc11985cbcf93e24d9189e823942d33efae2dcd0455401ef4e8a074200d34295d3c59fad570588c717eff5e66f06fc0992790d01a59a4f41ca57a024587d8253

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe

Filesize
468KB

MD5
f59f5189d73d0308a99d5d756557469b

SHA1
7113855b41b7dbae00cfeceb2c4cd4a236987cea

SHA256
0b88fcdc54965584e085e0bb84b337a2fc892c9af3de5edbe5464982f1901e94

SHA512
adff07635c02c542e2053dc5de2facb5d074cc94ebb935d529dda9c1b89b6c4f3bc3c235ea4087491b15b2d3e81a2be8f3e55f7b547171046c30470a203f7044

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe

Filesize
468KB

MD5
83134c39f5326ebcbd492460e4fc2614

SHA1
f014cb10df0d52a4f462fabe81c03aaaf3b887f7

SHA256
4d40f69063e754fb3db08d9ac69903c5f0fd348387f133d4ab41a80bf8b44279

SHA512
16ab721163dc5dbc582ef1a6f5e25f1b205028b6861f3d58523749b028cc7c76fc0fe86023c5950ee13bb4b36c6dcb91b6cd80a7ef107ef4a97ebeb4ce36bd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe

Filesize
468KB

MD5
6546a4c3637fac9fd944cd72a7f9cf47

SHA1
3a83a7de199dfb5b0641b7195cdbc68d46958193

SHA256
54bcf6dd8c58452626e789fbb2d1e1dd4709ad0bf94223c1cbfdb20ee803d035

SHA512
abe2719c2b650585c0967b8bd60613a69dbab1a697426cec144f5d944a6291e4e439b2224c1cd7540c9f72a485ea0d230eeaa32fa1219a470e4b2ad35e627d19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe

Filesize
468KB

MD5
00219367eeb569df842d89504f4fcaf3

SHA1
b9114e2a21d511c1e54873d3e86df9b33bd2238f

SHA256
1cea1ebaa96d1b2da7ebc6a37412bc75986b674f89d8f7054cd1cff4d73ab60a

SHA512
d8b34a131fed4169303f21794250b15858204e2f65dbce5c346b5938e51fc032f1ae9a8e0a9bdcc806e38304a645ae44e06aac37ad5a85de922bceac3cd8e193

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe

Filesize
468KB

MD5
66d634e642fad247545f40a87e8c0ff1

SHA1
eae421505d26d5c5ac0abc2f35c13d71167495d6

SHA256
aabba93df116e7c1d75d965527abd9efc5e0d158a1b43fb5bddbe2e67d5166ce

SHA512
60aab905b268b624ee31f752b409dfb1dbc6a84eb21916bd868b0bed3217b680f1f52757bfcfa8d3ab111d1622257ea8087beb87dc28c21abf515e51aa74f85f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe

Filesize
468KB

MD5
3cbb405765eb325bedeb26ad17f3c294

SHA1
47f0d62972f3b265577943cef03eee82e889e02e

SHA256
502d80078c95e8f18839b87413147c06a393f4a8ebd01b9695d1d50062143a34

SHA512
315582aeebffa32e0f85163502c32059fc91fbbdca8906e40ca3f5bad83f149c984394e20e298e1dacf837910f29ee4cf531f4986a58008fd647ccd5bc1ebfc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe

Filesize
468KB

MD5
cc007e254b16bcf66cd3c42d92bd7b54

SHA1
daa163eb23a6b87ed5576491ac73ddbbd712fba2

SHA256
776edb630f34b1f1cf4066a6e8a6c9cde93f6050268b602a4cc48051416a62a8

SHA512
66a34fdaa0b0bc07da609910634584db8bece541cd2fee8162f569ac87f4828a9dfc3b71f815321079cea8641947f2933aace74cdcd77c4ee7b4583c82e5d255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe

Filesize
468KB

MD5
df35df27e0718d9bef7e10ddc504a9e2

SHA1
387a01b059072ddfe2976908ce1eae1dd3beb78f

SHA256
4afcbd336c6bbc3e3c06b52a0c4d5df8ff26b4370a3cad2e5eac17455aa5bf40

SHA512
b7d9e388f6ba0990b624b3e9fcbdeb82037bd3df6a4611963f260210e06ddd981200c20dcb7578158549ceb963a64177cf1b58b174b101874f6c950420907a58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe

Filesize
468KB

MD5
3595417206345c19354e8a8a3a5c452b

SHA1
025b5a229edb53001e4d33a6bfcc1196d13af677

SHA256
a9551284202bba71e5e0539b8de50755e07e936b1986f7152671b4789a3edd15

SHA512
9edb8963469ba759dc2b7776031fa39f695d1c7bc56e16416bd6cb0458ce44ef977b202274cc470c1d85ad3a4bd58b7de99d2ec50df49ca8541e22ce5dca6e23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe

Filesize
468KB

MD5
ed45073802e0b3bc0aa037c37b7b3416

SHA1
2dd834f0276e169fc622c9be88f59f8d770d5023

SHA256
7ecf6f3b4c574f148a7a8debc41eb5e623f6b49e3d3effbd001acee696bbe671

SHA512
6cdfe2868c1aba0d737c3cce7126962793464e01c1dc0e3dd490220fe603fc5a7359d3f7c5f83761ab5f62221c1f553b48bf366f5a7d2bf1cbb0944032a8c499

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63800.exe

Filesize
468KB

MD5
50282657173ab6b3b3349649fb831b6e

SHA1
dd6bd2877a3f3cef9912b51ebf97714ebb245973

SHA256
97e48d3833ef53c8bfe0137a447baccb21509a4aeffcdb0378c07fbfb378bd3c

SHA512
3f53a691aae7fa866b21ddaecdc131666f69ddd4c323200746eceb1bcb3fba996ef7244df3e3c4b3cf6796150893460c9faf4caad49c1dad35dc47837efec4c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe

Filesize
468KB

MD5
a284e8f4576e0b034fb5c9d22ba6eead

SHA1
37a7205e203178eeb4bc6b1a27d6e5582826f2c3

SHA256
bc6a5777ca03186d4c33e630a44ee4a3453b766625c11f2fcfe2a19556df1732

SHA512
562321a82e2956debc1b8ce1630e649b88f7cb945fe1ee055976096d9058a7a86d3fb552c1770eeea30942dc97890ffab50c00b7064bea8d46d0464ee3dca9cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe

Filesize
468KB

MD5
658fce2da80ba8125ec142f1a17e6f5c

SHA1
8f45fecd5ab9c771d241259d3bab4c5ffe502c76

SHA256
127bf7073487d5843cc8a6fa4f8eea59d9b73f8c2d15ccc434fecb0e9219927d

SHA512
8e8134e19d67433ca519c28fa83769854a27d7a9969ee486775fca53bc8e7f2ecb75b7262123a4e59ff90e9240ab62401df82f404cf42d9c62858ff69b7e9815

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe

Filesize
468KB

MD5
054de4faf5ea053e95260473dc5a8893

SHA1
6a00ba2e041ec66e625bdec3a9d6f37f4f52c9f1

SHA256
a382f2f934e15d54de7b9bc881d50d17b51ad56b95529183a1133aee72526d62

SHA512
cc122bf23f3ce26d23c13644ac40bf2bfd94f175a94cc6d670d16cd6537d3b34b7376e0cdf8e10e8c51289309722afe702c9aa1b0187d58ce8f2c65536de8c56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe

Filesize
468KB

MD5
36c9459881141e301a888c92b323f32b

SHA1
a1245f214eb8752ca449af2820fb2e02a5e1602b

SHA256
8496fbeb39fb72aa6bdc80a61f3764c6539ce94f08c471b644611452931c8283

SHA512
d68b1795cb60e4d0acc420dd406ef3a8a5006b49514c4e1940902fdbc984f8333dd6ecf2ea76c357d8f99285713466d63abca0a03327b867165cae458df3f411

Download Submit
memory/212-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/376-49-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/456-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/464-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/468-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/656-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/728-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/748-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/840-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/960-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1000-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1092-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1252-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1348-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1492-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1604-147-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1692-2500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1700-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1784-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1940-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2028-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2032-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2092-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2148-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2188-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2272-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2320-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2360-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2412-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2744-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2792-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2812-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2932-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2964-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3064-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3268-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3312-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3536-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3580-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3652-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3672-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3696-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3824-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3828-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3872-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3928-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4012-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4036-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4052-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4176-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4196-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4364-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4448-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4464-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4472-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4524-436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4536-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4560-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4704-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4788-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4844-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4876-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4916-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4968-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5092-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5108-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5176-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5188-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5228-486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5248-487-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5276-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5296-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5324-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5372-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5556-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5592-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5620-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5636-555-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5648-580-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5656-581-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5676-582-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5708-583-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5780-584-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5824-596-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5864-603-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14576-2976-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15528-2639-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15580-2507-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15856-2894-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads