smokeloader | 23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b

Target

23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b.exe
Size

154KB
MD5

91879bdd73625ac38c31fe5225310e92
SHA1

a007b979483ee6b57b93a11340932a60f5781570
SHA256

23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b
SHA512

22678f18385ed177ed34cac52fc8667c6d6cdc2953b1818a6e530411894aa6947b04408320137af8ebd5b1d6d733f374a1d962608e0e6c234e5a43b89fe9de3c

Score

10^/10

ransomware trojan backdoor smokeloader spyware stealer raccoon persistence discovery botnet zloader

Malware Config

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note

[Raccoon Stealer] - v1.5.13-af-hotfix Release Build compiled on Mon Jul 6 14:33:03 2020 Launched at: 2020.09.08 - 19:06:26 GMT Bot_ID: 18823CA4-5761-4226-8787-CF36135F1C68_Admin Running on a desktop =R=A=C=C=O=O=N= - Cookies: 0 - Passwords: 5 - Files: 0 System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.13 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: LZUKLIOU - Username: Admin - Windows version: NT 10.0 - Product name: Windows 10 Pro - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 4095 MB (712 MB used) - Screen resolution: 1280x720 - Display devices: 0) Microsoft Basic Display Adapter ============

Extracted

Family

smokeloader

Version

2020

http://dkajsdjiqwdwnfj.info/

http://2831ujedkdajsdj.info/

http://928eijdksasnfss.info/

https://dkajsdjiqwdwnfj.info/

https://2831ujedkdajsdj.info/

https://928eijdksasnfss.info/

rc4.i32

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

02.09.2020

https://fsakfkdsajdajskjajs.online/gate.php

https://fdsadjsadsdsa.online/gate.php

https://dlsafoslfskfsafad.online/gate.php

https://dsofkasfsakdsdsa.online/gate.php

https://dkjsjdsjdjasduiasida.online/gate.php

https://fqnvtmqsywublocpheas.ru/gate.php

https://fqnvtmqsywublocpheas.su/gate.php

https://fqnvtmqsywublocpheas.eu/gate.php

https://fqnvtmqsywublocpheas.net/gate.php

https://fqnvtmqsywublodscpheas.com/gate.php

rc4.plain

rsa_pubkey.plain

Signatures

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon

Raccoon log file 1 IoCs

Detects a log file produced by the Raccoon Stealer.

yara_rule
raccoon_log_file

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Executes dropped EXE 1 IoCs

pid	Process
3408	F4C7.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Control Panel\International\Geo\Nation	MicrosoftEdge.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeCP.exe

Deletes itself 1 IoCs

pid	Process
2964	Process not Found

Loads dropped DLL 8 IoCs

pid	Process
3648	23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b.exe
3956	regsvr32.exe
3408	F4C7.exe
3408	F4C7.exe
3408	F4C7.exe
3408	F4C7.exe
3408	F4C7.exe
3408	F4C7.exe

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Windows\CurrentVersion\Run	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Windows\CurrentVersion\Run\Amuzsyof = "regsvr32.exe /s C:\\Users\\Admin\\AppData\\Roaming\\Yqdaxy\\ukizi.dll"	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

JavaScript code in executable 1 IoCs

resource	yara_rule
behavioral2/files/0x000100000001ad52-15.dat	js

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3956 set thread context of 1308	3956	regsvr32.exe	81

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ServiceProfiles\LocalService\winhttp\cachev3.dat	svchost.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
2572	timeout.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Control Panel\Colors	MicrosoftEdge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-3e-6f-2c-c8-c7	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-3e-6f-2c-c8-c7\WpadDecisionReason = "1"	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-3e-6f-2c-c8-c7\WpadDecisionTime = bc819b001386d601	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-3e-6f-2c-c8-c7\WpadDecision = "0"	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-3e-6f-2c-c8-c7\WpadDecisionTime = 7f229b421386d601	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-3e-6f-2c-c8-c7\WpadDecisionTime = 12eca6571386d601	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	svchost.exe

Modifies registry class 163 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\AllComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = f84f865c2260d601	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 932cb8481386d601	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 164b79491386d601	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000a6221168d04e19bd68363d6ed33bcc9a4ef71e23e46057b615508c3583fe02952f7f4e083b598d3e00b7dcdb1ad918323dbe9e96b92bdd142f8f0eacce60ad36c2f843d3a30c8d7eee3cbd21655de9a12afb26acd057329c9707	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersio = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 83ee19491386d601	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{B7517892-EDDB-47DE-A1A2-877790DB15E7} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DontShowMeThisDialogAgain	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar\WebBrowser	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "{C4AA5317-619E-487D-B4DA-48F805A27CE4}"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedWidth = "800"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\TypedUrlsComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming\ChangeUnitGenerationNeeded = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\SplashScreen	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\UUID = "{8204AEE1-2699-4620-BB0D-C5DB86351EEC}"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "5"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000e9579ac7097b6cb02f4ca730c221d3c779c1ea224e8e4237de230fb3686f1d582a69f616e6e68cab602ae3aa8f2b52a256c3c913d028b9d23075c9c4831b67eb8e83a3a4fe37b744ba57d4cf94428f3f609e457fed372c881e677e7e74e57af66347d091258df43ae27600f9da8618cb35f2323f24dc77b1579aa412beeb3d1d895363392808ccb04b2698d5e217e2071d5f8eb66c35762316ae9014214f0173f04803eebec74ff0880613b8dc155c3a36852c14f16377599443fef18a2fad136ec7424995ecf27eacb8e82094a05de0ac035b2cba86f1f3e2f98b7967adb57af06e980ac296f18101db71cabfd85239947becdc44bfd182f7703b7cdee74fb829df698448e52173eb0e86ed76de679fcd8c9a03b62c2ca43049e17111ff5b72bfb8ca9b79f98b27f4f3e28969d044aec8d62c09a7ee686e26229b358d1333b2c69a5b56e5f1c01f4829dd6273cfd03eeef91cf04826dd2d1d9c1cd30545d1884726b1f8efefc72eae4fd61661fb372c1095330301f24572e557685d8cb33d7bbafab7b61d12e66ee807e3405f7436ef5f4ac205a273b769dd96e4aec02d9e8d648da9cb031e	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = f84f865c2260d601	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedHeight = "600"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000dfe39d6c272f71564929cb9ad0a6b1a257ead03ccbebea866483659590e80bc1063586a0acdbbe63b7434e1aa9965b109f75cbd7b549a0607e3a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberCompleted = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\FontSize = "3"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = f84f865c2260d601	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = f84f865c2260d601	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/"	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 2594 IoCs

pid	Process
3648	23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b.exe
3648	23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b.exe
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2964	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
3648	23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b.exe

Suspicious use of AdjustPrivilegeToken 69 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3520	svchost.exe
Token: SeCreatePagefilePrivilege	3520	svchost.exe
Token: SeSecurityPrivilege	1308	msiexec.exe
Token: SeSecurityPrivilege	1308	msiexec.exe
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeTakeOwnershipPrivilege	2964	Process not Found
Token: SeRestorePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeDebugPrivilege	572	MicrosoftEdge.exe
Token: SeDebugPrivilege	572	MicrosoftEdge.exe
Token: SeDebugPrivilege	572	MicrosoftEdge.exe
Token: SeDebugPrivilege	572	MicrosoftEdge.exe
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeDebugPrivilege	572	MicrosoftEdge.exe
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeDebugPrivilege	804	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	804	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	804	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	804	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found
Token: SeShutdownPrivilege	2964	Process not Found
Token: SeCreatePagefilePrivilege	2964	Process not Found

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found
2964	Process not Found

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2964	Process not Found
572	MicrosoftEdge.exe
1048	MicrosoftEdgeCP.exe
1048	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 3260	2964	Process not Found	75
PID 2964 wrote to memory of 3260	2964	Process not Found	75
PID 3260 wrote to memory of 3956	3260	regsvr32.exe	76
PID 3260 wrote to memory of 3956	3260	regsvr32.exe	76
PID 3260 wrote to memory of 3956	3260	regsvr32.exe	76
PID 2964 wrote to memory of 3408	2964	Process not Found	77
PID 2964 wrote to memory of 3408	2964	Process not Found	77
PID 2964 wrote to memory of 3408	2964	Process not Found	77
PID 3408 wrote to memory of 3644	3408	F4C7.exe	78
PID 3408 wrote to memory of 3644	3408	F4C7.exe	78
PID 3408 wrote to memory of 3644	3408	F4C7.exe	78
PID 3644 wrote to memory of 2572	3644	cmd.exe	80
PID 3644 wrote to memory of 2572	3644	cmd.exe	80
PID 3644 wrote to memory of 2572	3644	cmd.exe	80
PID 3956 wrote to memory of 1308	3956	regsvr32.exe	81
PID 3956 wrote to memory of 1308	3956	regsvr32.exe	81
PID 3956 wrote to memory of 1308	3956	regsvr32.exe	81
PID 3956 wrote to memory of 1308	3956	regsvr32.exe	81
PID 3956 wrote to memory of 1308	3956	regsvr32.exe	81

C:\Users\Admin\AppData\Local\Temp\23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b.exe
"C:\Users\Admin\AppData\Local\Temp\23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b.exe"
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -s WinHttpAutoProxySvc
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3520

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\F38D.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\F38D.dll
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:3956
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe
    3⤵
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    PID:1308

C:\Users\Admin\AppData\Local\Temp\F4C7.exe
C:\Users\Admin\AppData\Local\Temp\F4C7.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\F4C7.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3644
- - C:\Windows\SysWOW64\timeout.exe
    timeout /T 10 /NOBREAK
    3⤵
    - Delays execution with timeout.exe
    PID:2572

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Checks computer location settings
- Drops file in Windows directory
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:572

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3860

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Checks computer location settings
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1308-22-0x0000000000E00000-0x0000000000E2C000-memory.dmp

Filesize
176KB

Download
memory/2964-3-0x0000000000A50000-0x0000000000A66000-memory.dmp

Filesize
88KB

Download
memory/3408-11-0x0000000006086000-0x0000000006087000-memory.dmp

Filesize
4KB

Download
memory/3408-12-0x0000000007A20000-0x0000000007A21000-memory.dmp

Filesize
4KB

Download
memory/3648-0-0x0000000000B81000-0x0000000000B82000-memory.dmp

Filesize
4KB

Download
memory/3648-1-0x0000000000E60000-0x0000000000E61000-memory.dmp

Filesize
4KB

Download