magniber | 266f930572d3006c36ba7e97b4ffed107827decd7738a58c218e1ae5450fbe95

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2022 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

266f930572d3006c36ba7e97b4ffed107827decd7738a58c218e1ae5450fbe95.jse
Size

176KB
MD5

ad184cf93d38d51111a7ef305992eb5f
SHA1

37b05248dbd96c8a94082471069f24a7b1036313
SHA256

266f930572d3006c36ba7e97b4ffed107827decd7738a58c218e1ae5450fbe95
SHA512

a37d0984d65b0eaef4169a22e5802ac8f24b9508b717f46b2911ad583f5a4b2e4f59bd31c317976f14995ba69a7855318ef7d5e0ba866d3b8fc1db352a14c56e
SSDEEP

3072:x4xkakIeI6QKzm+bga+V9cw+yOTE4o5V0eD11TbXx1113B1WR9KflL11H6IFNC4v:GfelQKzbMYJQ4o5VxhakLDNyjt8

Score

10^/10

magniber evasion persistence ransomware

Malware Config

Signatures

Detect magniber ransomware 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3880-134-0x000001D4CA060000-0x000001D4CB060000-memory.dmp	family_magniber
behavioral2/memory/2256-135-0x00000250DB140000-0x00000250DB14B000-memory.dmp	family_magniber
behavioral2/memory/3880-147-0x000001D4CA060000-0x000001D4CB060000-memory.dmp	family_magniber

Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
ransomware magniber

Process spawned unexpected child process 4 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

bcdedit.exebcdedit.exewbadmin.exewbadmin.exe

description	pid	pid_target	process
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3992	1288	bcdedit.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3568	1288	bcdedit.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3248	1288	wbadmin.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3232	1288	wbadmin.exe

Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
ransomware evasion

Inhibit System Recovery
T1490

Processes:

bcdedit.exebcdedit.exe

pid process

3992 bcdedit.exe
3568 bcdedit.exe
Deletes System State backups 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
ransomware

Command-Line Interface
T1059

File Deletion
T1107

Inhibit System Recovery
T1490

Processes:

wbadmin.exe

pid process

3248 wbadmin.exe
Deletes backup catalog 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
ransomware

Command-Line Interface
T1059

File Deletion
T1107

Inhibit System Recovery
T1490

Processes:

wbadmin.exe

pid process

3232 wbadmin.exe

pid	process
3992	bcdedit.exe
3568	bcdedit.exe

pid	process
3248	wbadmin.exe

pid	process
3232	wbadmin.exe

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Modifies extensions of user files 8 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

sihost.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\FormatSet.tiff	sihost.exe
File renamed	C:\Users\Admin\Pictures\FormatSet.tiff => C:\Users\Admin\Pictures\FormatSet.tiff.lfqxdcb	sihost.exe
File opened for modification	C:\Users\Admin\Pictures\ReadMerge.tiff	sihost.exe
File renamed	C:\Users\Admin\Pictures\ReadMerge.tiff => C:\Users\Admin\Pictures\ReadMerge.tiff.lfqxdcb	sihost.exe
File renamed	C:\Users\Admin\Pictures\RedoGet.png => C:\Users\Admin\Pictures\RedoGet.png.lfqxdcb	sihost.exe
File renamed	C:\Users\Admin\Pictures\BlockSet.crw => C:\Users\Admin\Pictures\BlockSet.crw.lfqxdcb	sihost.exe
File renamed	C:\Users\Admin\Pictures\UseUnlock.raw => C:\Users\Admin\Pictures\UseUnlock.raw.lfqxdcb	sihost.exe
File renamed	C:\Users\Admin\Pictures\WaitGrant.raw => C:\Users\Admin\Pictures\WaitGrant.raw.lfqxdcb	sihost.exe

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

explorer.exe

description ioc process

File opened (read-only) \??\D: explorer.exe
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

4564 3208 WerFault.exe DllHost.exe
3024 3004 WerFault.exe Explorer.EXE
1144 3004 WerFault.exe Explorer.EXE

description	ioc	process
File opened (read-only)	\??\D:	explorer.exe

pid	pid_target	process	target process
4564	3208	WerFault.exe	DllHost.exe
3024	3004	WerFault.exe	Explorer.EXE
1144	3004	WerFault.exe	Explorer.EXE

Checks SCSI registry key(s) 3 TTPs 62 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

explorer.exevds.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	explorer.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

SearchApp.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchApp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchApp.exe

Modifies registry class 64 IoCs

Processes:

RuntimeBroker.exeexplorer.exeExplorer.EXESearchApp.exeRuntimeBroker.exeRuntimeBroker.exesihost.exesvchost.exesvchost.exetaskhostw.exeRuntimeBroker.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\ca9225ce-19f8-4a5b- = "8324"	RuntimeBroker.exe
Key deleted	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\9c062cb1-7733-4e14-	RuntimeBroker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001001600000014000000494c200616002400280010001000ffffffff2110ffffffffffffffff424d3600000000000000360000002800000010000000400200000100200000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf30303030000000000000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef30303030000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8fffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff30303030000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbfffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040dfdfdfdf0000000020202020ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040cfcfcfcf0000000020202020ffffffffffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff40404040000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbf000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8f00000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef303030300000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf303030300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000ffffffff00000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf30303030000000000000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef30303030000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8fffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff30303030000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbfffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040dfdfdfdf0000000020202020ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040cfcfcfcf0000000020202020ffffffffffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff40404040000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbf000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8f00000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef303030300000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf3030303000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040404040a0a0a0a0f0f0f0f0ffffffff9f9f9f9f0000000090909090ffffffffffffffffffffffff9090909000000000000000000000000010101010b0b0b0b0f0f0f0f0b8b8b8b8f3f3f3f32f2f2f2f0303030390909090f0f0f0f07070707030303030a6a6a6a6f9f9f9f9909090900000000010101010d0d0d0d0b0b0b0b01f1f1f1ff0f0f0f0404040400000000000000000ffffffff707070700000000060606060ffffffffa6a6a6a6ffffffff00000000b0b0b0b0b0b0b0b00000000060606060d0d0d0d0000000000000000000000000ffffffff3030303060606060ffffffff6060606040404040ffffffff40404040f0f0f0f01010101000000000a0a0a0a070707070000000000000000000000000ffffffff9c9c9c9cffffffff606060600000000070707070ffffffffb8b8b8b8fffffffffffffffffffffffffffffffffffffffffffffffffbfbfbfb0f0f0f0f90909090f9f9f9f9a6a6a6a64040404070707070f0f0f0f090909090e0e0e0e0303030300000000000000000ffffffff101010100000000000000000000000000000000090909090ffffffffffffffffffffffff9090909000000000ffffffff000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000009f9f9f9fffffffff000000000000000000000000ffffffff000000000000000000000000000000000000000000000000efefefef000000000000000000000000ffffffffe0e0e0e0303030300000000000000000ffffffff101010100000000000000000000000000000000010101010ffffffff000000000000000030303030e0e0e0e0b8b8b8b8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffb8b8b8b840404040f0f0f0f01010101000000000a0a0a0a0707070700000000000000000000000000000000070707070a0a0a0a00000000010101010f0f0f0f04040404000000000b0b0b0b0b0b0b0b00000000060606060d0d0d0d000000000000000000000000000000000d0d0d0d06060606000000000b0b0b0b0b0b0b0b0000000000000000010101010d0d0d0d0b0b0b0b01f1f1f1ff0f0f0f040404040000000000000000040404040f0f0f0f01f1f1f1fb0b0b0b0d0d0d0d01010101000000000000000000000000010101010b0b0b0b0f0f0f0f0b8b8b8b8f3f3f3f33030303030303030f3f3f3f3b8b8b8b8f0f0f0f0b0b0b0b01010101000000000000000000000000000000000000000000000000040404040a0a0a0a0f0f0f0f0fffffffffffffffff0f0f0f0a0a0a0a040404040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf30303030000000000000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef30303030000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8fffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff30303030000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbfffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040dfdfdfdf0000000020202020ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040cfcfcfcf0000000020202020ffffffffffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff40404040000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbf000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8f00000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef303030300000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf303030300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000ffffffff00000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf30303030000000000000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef30303030000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8fffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff30303030000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbfffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040dfdfdfdf0000000020202020ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040cfcfcfcf0000000020202020ffffffffffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff40404040000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbf000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8f00000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef303030300000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf303030300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000ffffffff00000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf30303030000000000000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef30303030000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8fffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff30303030000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbfffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040dfdfdfdf0000000020202020ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040cfcfcfcf0000000020202020ffffffffffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff40404040000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbf000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8f00000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef303030300000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf303030300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000ffffffff00000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf30303030000000000000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef30303030000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8fffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff30303030000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbfffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040dfdfdfdf0000000020202020ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040cfcfcfcf0000000020202020ffffffffffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff40404040000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbf000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8f00000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef303030300000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf303030300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000ffffffff00000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf30303030000000000000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef30303030000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8fffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff30303030000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbfffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040dfdfdfdf0000000020202020ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040cfcfcfcf0000000020202020ffffffffffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff40404040000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbf000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8f00000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef303030300000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf303030300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000ffffffff00000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060606060a0a0a0a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060606060ffffffff60606060000000000000000030303030868686869999999999999999999999999999999999999999999999999999999999999999babababaffffffff60606060303030300a0a0a0a3c3c3c3c9e9e9e9e9999999999999999999999999999999999999999999999999999999999999999babababaffffffff606060603a3a3a3a999999996b6b6b6b464646467d7d7d7d8c8c8c8ca6a6a6a69999999999999999999999999999999999999999babababaffffffff606060603a3a3a3aa6a6a6a69b9b9b9b7d7d7d7d6666666666666666666666666c6c6c6c8c8c8c8c9b9b9b9b9b9b9b9b99999999babababaffffffff60606060404040409f9f9f9f8e8e8e8e808080808080808066666666666666666666666666666666666666666666666684848484b7b7b7b7ffffffff606060603030303097979797808080808080808080808080787878785a5a5a5a66666666666666666666666666666666666666669c9c9c9cffffffff606060602626262687878787808080808080808080808080808080802828282820202020666666666666666666666666666666669c9c9c9cffffffff606060601d1d1d1d4d4d4d4d535353536a6a6a6a6b6b6b6b40404040101010100000000000000000202020205a5a5a5a69696969a0a0a0a0ffffffff606060601d1d1d1d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d3a3a3a3a00000000000000000000000000000000000000000000000063636363ffffffff606060601d1d1d1d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d484848480e0e0e0e000000000000000000000000000000000000000060606060ffffffff606060600a0a0a0a4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d444444440e0e0e0e000000000000000000000000000000000000000000000000a0a0a0a06060606000000000000000000000000013131313131313130e0e0e0e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000056565678888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf4d4d4d6c33333348888888bf6f6f6f9b2b2b2b3c888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf6a6a6a953737374d888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf808080b4888888bf888888bf808080b30909090c6c6c6c97888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf787878a8111111186f6f6f9c888888bf888888bf5e5e5e831010101711111118888888bf888888bf888888bf888888bf888888bf888888bf888888bf888888bf4d4d4d6c000000000909090c4d4d4d6c888888bf888888bf888888bf101010176363638b888888bf888888bf888888bf828282b65c5c5c81696969934545456000000000000000000000000011111118888888bf888888bf888888bf6f6f6f9b0808080b4242425d4f4f4f6e4c4c4c6b111111182222222f1515151e000000000000000000000000000000000000000067676790888888bf888888bf888888bf838383b96a6a6a956666668f6666668f777777a7888888bf3c3c3c5400000000000000000000000000000000000000000909090c565656786767679056565678808080b4888888bf888888bf888888bf888888bf808080b40909090c0000000000000000000000000000000000000000000000000000000000000000000000001a1a1a24787878a8888888bf888888bf676767901a1a1a240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf30303030000000000000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef30303030000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8fffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff30303030000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbfffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040dfdfdfdf0000000020202020ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040cfcfcfcf0000000020202020ffffffffffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff40404040000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbf000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8f00000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef303030300000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf303030300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000ffffffff00000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf30303030000000000000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef30303030000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8fffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff30303030000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbfffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040dfdfdfdf0000000020202020ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040cfcfcfcf0000000020202020ffffffffffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff40404040000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbf000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8f00000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef303030300000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf303030300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000ffffffff00000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf30303030000000000000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef30303030000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8fffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff30303030000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbfffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040dfdfdfdf0000000020202020ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000010101010ffffffff0000000000000000ffffffff0000000000000000ffffffffffffffff00000000000000000000000000000000ffffffff000000000000000070707070afafafaf0000000040404040cfcfcfcf0000000020202020ffffffffffffffffffffffffffffffff6060606000000000ffffffff0000000000000000ffffffff40404040000000009f9f9f9f8f8f8f8f0000000050505050bfbfbfbf000000000000000060606060ffffffff60606060ffffffff0000000000000000000000000000000060606060efefefef10101010000000008f8f8f8f8f8f8f8f00000000000000000000000060606060ffffffffffffffff00000000000000000000000000000000ffffffff505050500000000010101010efefefef303030300000000000000000000000000000000060606060ffffffff0000000000000000000000000000000000000000000000000000000080808080bfbfbfbf0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfdfdfdf303030300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000ffffffff00000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400200000100010000000000000900000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000f3f90000e3c80000c3c400000b2400007b2400007b3600007b3600007b2400000b240000c3c40000e3c80000f3f90000fff90000ffff0000ffff0000d80f0000df7f0000df7f0000c0000000dffe0000dffe0000dffe000007fe000077fe000057fe000007fe000077fe000000000000ffff0000ffff0000ffff0000fff90000f3f90000e3c80000c3c400000b2400007b2400007b3600007b3600007b2400000b240000c3c40000e3c80000f3f90000fff90000ffff0000f0410000c00000008190000093800000138400000000000033c1000077fe000077ee000033cc00000000000013c8000093c9000081810000c0030000f00f0000ffff0000fff90000f3f90000e3c80000c3c400000b2400007b2400007b3600007b3600007b2400000b240000c3c40000e3c80000f3f90000fff90000ffff0000ffff0000d80f0000df7f0000df7f0000c0000000dffe0000dffe0000dffe000007fe000077fe000057fe000007fe000077fe000000000000ffff0000ffff0000ffff0000fff90000f3f90000e3c80000c3c400000b2400007b2400007b3600007b3600007b2400000b240000c3c40000e3c80000f3f90000fff90000ffff0000ffff0000d80f0000df7f0000df7f0000c0000000dffe0000dffe0000dffe000007fe000077fe000057fe000007fe000077fe000000000000ffff0000ffff0000ffff0000fff90000f3f90000e3c80000c3c400000b2400007b2400007b3600007b3600007b2400000b240000c3c40000e3c80000f3f90000fff90000ffff0000ffff0000d80f0000df7f0000df7f0000c0000000dffe0000dffe0000dffe000007fe000077fe000057fe000007fe000077fe000000000000ffff0000ffff0000ffff0000fff90000f3f90000e3c80000c3c400000b2400007b2400007b3600007b3600007b2400000b240000c3c40000e3c80000f3f90000fff90000ffff0000ffff0000d80f0000df7f0000df7f0000c0000000dffe0000dffe0000dffe000007fe000077fe000057fe000007fe000077fe000000000000ffff0000ffff0000ffff0000fff90000f3f90000e3c80000c3c400000b2400007b2400007b3600007b3600007b2400000b240000c3c40000e3c80000f3f90000fff90000ffff0000ffff0000d80f0000df7f0000df7f0000c0000000dffe0000dffe0000dffe000007fe000077fe000057fe000007fe000077fe000000000000ffff0000ffff0000ffff0000fff90000fff100008000000000000000000000000000000000000000000000000001000080070000e0070000c00f0000ce3f0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000f0000000000000000000000000000000000100000003000080070000c0070000c0070000fc0f0000ffff0000ffff0000ffff0000fff90000f3f90000e3c80000c3c400000b2400007b2400007b3600007b3600007b2400000b240000c3c40000e3c80000f3f90000fff90000ffff0000ffff0000d80f0000df7f0000df7f0000c0000000dffe0000dffe0000dffe000007fe000077fe000057fe000007fe000077fe000000000000ffff0000ffff0000ffff0000fff90000f3f90000e3c80000c3c400000b2400007b2400007b3600007b3600007b2400000b240000c3c40000e3c80000f3f90000fff90000ffff0000ffff0000d80f0000df7f0000df7f0000c0000000dffe0000dffe0000dffe000007fe000077fe000057fe000007fe000077fe000000000000ffff0000ffff0000ffff0000fff90000f3f90000e3c80000c3c400000b2400007b2400007b3600007b3600007b2400000b240000c3c40000e3c80000f3f90000fff90000ffff0000ffff0000d80f0000df7f0000df7f0000c0000000dffe0000dffe0000dffe000007fe000077fe000057fe000007fe000077fe000000000000ffff0000ffff00000000000000000000000000000000000000000000000001000000080000001600000007000000c40000000100000000000000010000000000000001000000000000000100000000000000010000000000000001000000000000000100000000000000010000000000000001000000000000000100000000000000010000000000000001000000000000000100000000000000010000000000000001000000000000000100000000000000010000000000000001000000000000000100000000000000010000000000000001000000000000000100000000000000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\7b0a6774-fab5-49a5- = "\\\\?\\Volume{2339E045-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\e4b6cf7835c0c61248be30e9e9baacb20c910d31f24fa2476cc35ab2c9acbf4c"	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\ca9225ce-19f8-4a5b- = "\\\\?\\Volume{2339E045-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\b676c9116b9d2b1bc57089f522ce3b52b9a6c056406b202e6787b5016e9c1ee7"	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\909a4fc2-de72-475f- = "\\\\?\\Volume{2339E045-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\dfbe0b31df900721ed7b58882c314858ff21e44a4e5da0675456c3f57795b462"	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\45d330ee-8d6e-4c9d- = "\\\\?\\Volume{2339E045-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\b676c9116b9d2b1bc57089f522ce3b52b9a6c056406b202e6787b5016e9c1ee7"	RuntimeBroker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\13c16834-be2d-43ed- = 0114020000000000c0000000000000464c0000000114020000000000c00000000000004683000000200000000a6bb18dfcc8d801fa6edb8efcc8d801fa6edb8efcc8d8015fa207000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad013200000000002f55ac612000386632363739643965383030393433363632343434346262323835643765346265323539643137343664346334653730376331333831323566633337643165640000b20009000400efbe2f55ac612f55ac612e0000000000000000000000000000000000000000000000000040074b00380066003200360037003900640039006500380030003000390034003300360036003200340034003400340062006200320038003500640037006500340062006500320035003900640031003700340036006400340063003400650037003000370063003100330038003100320035006600630033003700640031006500640000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000004909efab1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c38663236373964396538303039343336363234343434626232383564376534626532353964313734366434633465373037633133383132356663333764316564000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a0580000000000000069796d756779686c000000000000000080c72b02b50e1340bd556b93270e57f26b9b980aea29ed11a0ee62142853ba2580c72b02b50e1340bd556b93270e57f26b9b980aea29ed11a0ee62142853ba25ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d003900320039003600360032003400320030002d0031003000350034003200330038003200380039002d0032003900360031003100390034003600300033002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d00000068000000004800000045e03923000000000000d01200000000000000000000000000000000	RuntimeBroker.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\45d330ee-8d6e-4c9d-	RuntimeBroker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\a128d35d-61fd-4d20- = 7ea1578efcc8d801	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\9eaef72a-8346-4126-	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\9eaef72a-8346-4126- = "8324"	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "140"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\AppX0enk2acdsmv8ydhntbtea6yjp27223q6\Shell\open\command\DelegateExecute	RuntimeBroker.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\ms-settings\CurVer\ = "AppX0enk2acdsmv8ydhntbtea6yjp27223q6"	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\45d330ee-8d6e-4c9d- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "173"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\AppX0enk2acdsmv8ydhntbtea6yjp27223q6\Shell\open\command\ = "wscript.exe /B /E:VBScript.Encode ../../Users/Public/gibydaxp.now"	sihost.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "2212"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "7432"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "865"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\ms-settings\CurVer\ = "AppX0enk2acdsmv8ydhntbtea6yjp27223q6"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\ms-settings\CurVer	RuntimeBroker.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "2894"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\0803a17b-449e-4582-	RuntimeBroker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\3a409d86-dbee-4bd0- = 0114020000000000c0000000000000464c0000000114020000000000c000000000000046830000002000000061b9378dfcc8d80161b9378dfcc8d80161b9378dfcc8d801000000000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad013200000000002f55ac612000393839653530653835656431623237613766613635333234343831386130336666383565643439646133663835383433396664373831303162663131303966300000b20009000400efbe2f55ac612f55ac612e000000000000000000000000000000000000000000000000009fd05b00390038003900650035003000650038003500650064003100620032003700610037006600610036003500330032003400340038003100380061003000330066006600380035006500640034003900640061003300660038003500380034003300390066006400370038003100300031006200660031003100300039006600300000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000004909efab1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c39383965353065383565643162323761376661363533323434383138613033666638356564343964613366383538343339666437383130316266313130396630000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a0580000000000000069796d756779686c000000000000000080c72b02b50e1340bd556b93270e57f2639b980aea29ed11a0ee62142853ba2580c72b02b50e1340bd556b93270e57f2639b980aea29ed11a0ee62142853ba25ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d003900320039003600360032003400320030002d0031003000350034003200330038003200380039002d0032003900360031003100390034003600300033002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d00000068000000004800000045e03923000000000000d01200000000000000000000000000000000	RuntimeBroker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\bd44e4d4-5aed-4cb7- = 0114020000000000c0000000000000464c0000000114020000000000c0000000000000468300000020000000c082488dfcc8d801c082488dfcc8d801c082488dfcc8d801000000000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad013200000000002f55ac612000386632363739643965383030393433363632343434346262323835643765346265323539643137343664346334653730376331333831323566633337643165640000b20009000400efbe2f55ac612f55ac612e0000000000000000000000000000000000000000000000000040074b00380066003200360037003900640039006500380030003000390034003300360036003200340034003400340062006200320038003500640037006500340062006500320035003900640031003700340036006400340063003400650037003000370063003100330038003100320035006600630033003700640031006500640000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000004909efab1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c38663236373964396538303039343336363234343434626232383564376534626532353964313734366434633465373037633133383132356663333764316564000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a0580000000000000069796d756779686c000000000000000080c72b02b50e1340bd556b93270e57f2649b980aea29ed11a0ee62142853ba2580c72b02b50e1340bd556b93270e57f2649b980aea29ed11a0ee62142853ba25ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d003900320039003600360032003400320030002d0031003000350034003200330038003200380039002d0032003900360031003100390034003600300033002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d00000068000000004800000045e03923000000000000d01200000000000000000000000000000000	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\9c062cb1-7733-4e14- = "8324"	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\909a4fc2-de72-475f- = "8324"	RuntimeBroker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\bd44e4d4-5aed-4cb7- = dd9a578dfcc8d801	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "865"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\7b0a6774-fab5-49a5-	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\AppX0enk2acdsmv8ydhntbtea6yjp27223q6\Shell\open\command\DelegateExecute	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp	RuntimeBroker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\45d330ee-8d6e-4c9d- = 0114020000000000c0000000000000464c0000000114020000000000c000000000000046830000002000000039c6278dfcc8d80139c6278dfcc8d80139c6278dfcc8d801000000000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad013200000000002f55ac612000623637366339313136623964326231626335373038396635323263653362353262396136633035363430366232303265363738376235303136653963316565370000b20009000400efbe2f55ac612f55ac612e00000000000000000000000000000000000000000000000000c7c36b00620036003700360063003900310031003600620039006400320062003100620063003500370030003800390066003500320032006300650033006200350032006200390061003600630030003500360034003000360062003200300032006500360037003800370062003500300031003600650039006300310065006500370000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000004909efab1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c62363736633931313662396432623162633537303839663532326365336235326239613663303536343036623230326536373837623530313665396331656537000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a0580000000000000069796d756779686c000000000000000080c72b02b50e1340bd556b93270e57f2629b980aea29ed11a0ee62142853ba2580c72b02b50e1340bd556b93270e57f2629b980aea29ed11a0ee62142853ba25ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d003900320039003600360032003400320030002d0031003000350034003200330038003200380039002d0032003900360031003100390034003600300033002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d00000068000000004800000045e03923000000000000d01200000000000000000000000000000000	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\26b2bada-317d-4396- = "0"	RuntimeBroker.exe
Key deleted	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\45d330ee-8d6e-4c9d-	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\WasEverActivated = "1"	sihost.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\ms-settings\CurVer	sihost.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\ca9225ce-19f8-4a5b-	RuntimeBroker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\26b2bada-317d-4396- = 0114020000000000c0000000000000464c0000000114020000000000c000000000000046830000002000000090dd048efcc8d801a2541a8efcc8d801a2541a8efcc8d801578f07000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad013200000000002f55ac612000393839653530653835656431623237613766613635333234343831386130336666383565643439646133663835383433396664373831303162663131303966300000b20009000400efbe2f55ac612f55ac612e000000000000000000000000000000000000000000000000009fd05b00390038003900650035003000650038003500650064003100620032003700610037006600610036003500330032003400340038003100380061003000330066006600380035006500640034003900640061003300660038003500380034003300390066006400370038003100300031006200660031003100300039006600300000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000004909efab1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c39383965353065383565643162323761376661363533323434383138613033666638356564343964613366383538343339666437383130316266313130396630000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a0580000000000000069796d756779686c000000000000000080c72b02b50e1340bd556b93270e57f26a9b980aea29ed11a0ee62142853ba2580c72b02b50e1340bd556b93270e57f26a9b980aea29ed11a0ee62142853ba25ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d003900320039003600360032003400320030002d0031003000350034003200330038003200380039002d0032003900360031003100390034003600300033002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d00000068000000004800000045e03923000000000000d01200000000000000000000000000000000	RuntimeBroker.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\ms-settings	taskhostw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\909a4fc2-de72-475f- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy"	RuntimeBroker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\9eaef72a-8346-4126- = e1139e8efcc8d801	RuntimeBroker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "140"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "7432"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\7b0a6774-fab5-49a5- = 5078258dfcc8d801	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\26b2bada-317d-4396- = "8324"	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "2884"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "4713"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "865"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\ms-settings\CurVer	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\ms-settings\CurVer\ = "AppX0enk2acdsmv8ydhntbtea6yjp27223q6"	RuntimeBroker.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

WScript.exe

pid process

3880 WScript.exe
3880 WScript.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Explorer.EXE

pid process

3004 Explorer.EXE

pid	process
3880	WScript.exe
3880	WScript.exe

pid	process
3004	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Explorer.EXERuntimeBroker.exebackgroundTaskHost.exevssvc.exewbengine.exeexplorer.exe

description	pid	process
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3360	RuntimeBroker.exe
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3360	RuntimeBroker.exe
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3360	RuntimeBroker.exe
Token: SeDebugPrivilege	4620	backgroundTaskHost.exe
Token: SeDebugPrivilege	4620	backgroundTaskHost.exe
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3360	RuntimeBroker.exe
Token: SeShutdownPrivilege	3360	RuntimeBroker.exe
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3360	RuntimeBroker.exe
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeBackupPrivilege	3260	vssvc.exe
Token: SeRestorePrivilege	3260	vssvc.exe
Token: SeAuditPrivilege	3260	vssvc.exe
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeBackupPrivilege	3752	wbengine.exe
Token: SeRestorePrivilege	3752	wbengine.exe
Token: SeSecurityPrivilege	3752	wbengine.exe
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	2572	explorer.exe
Token: SeCreatePagefilePrivilege	2572	explorer.exe
Token: SeShutdownPrivilege	2572	explorer.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

explorer.exe

pid	process
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

explorer.exe

pid	process
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe
2572	explorer.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

StartMenuExperienceHost.exeexplorer.exeSearchApp.exe

pid process

3880 StartMenuExperienceHost.exe
2572 explorer.exe
4176 SearchApp.exe
2572 explorer.exe

pid	process
3880	StartMenuExperienceHost.exe
2572	explorer.exe
4176	SearchApp.exe
2572	explorer.exe

Suspicious use of WriteProcessMemory 34 IoCs

Processes:

WScript.execmd.exefodhelper.execmd.exefodhelper.execmd.exefodhelper.execmd.exefodhelper.execmd.exefodhelper.exe

description	pid	process	target process
PID 3880 wrote to memory of 2256	3880	WScript.exe	sihost.exe
PID 3880 wrote to memory of 2268	3880	WScript.exe	svchost.exe
PID 3880 wrote to memory of 2376	3880	WScript.exe	taskhostw.exe
PID 3880 wrote to memory of 3004	3880	WScript.exe	Explorer.EXE
PID 3880 wrote to memory of 684	3880	WScript.exe	svchost.exe
PID 3880 wrote to memory of 3208	3880	WScript.exe	DllHost.exe
PID 3880 wrote to memory of 3300	3880	WScript.exe	StartMenuExperienceHost.exe
PID 3880 wrote to memory of 3360	3880	WScript.exe	RuntimeBroker.exe
PID 3880 wrote to memory of 3456	3880	WScript.exe	SearchApp.exe
PID 3880 wrote to memory of 3692	3880	WScript.exe	RuntimeBroker.exe
PID 3880 wrote to memory of 4960	3880	WScript.exe	RuntimeBroker.exe
PID 3880 wrote to memory of 2392	3880	WScript.exe	backgroundTaskHost.exe
PID 3880 wrote to memory of 4620	3880	WScript.exe	backgroundTaskHost.exe
PID 3880 wrote to memory of 1096	3880	WScript.exe	RuntimeBroker.exe
PID 3332 wrote to memory of 2084	3332	cmd.exe	fodhelper.exe
PID 3332 wrote to memory of 2084	3332	cmd.exe	fodhelper.exe
PID 2084 wrote to memory of 4968	2084	fodhelper.exe	wscript.exe
PID 2084 wrote to memory of 4968	2084	fodhelper.exe	wscript.exe
PID 2424 wrote to memory of 3140	2424	cmd.exe	fodhelper.exe
PID 2424 wrote to memory of 3140	2424	cmd.exe	fodhelper.exe
PID 3140 wrote to memory of 3892	3140	fodhelper.exe	wscript.exe
PID 3140 wrote to memory of 3892	3140	fodhelper.exe	wscript.exe
PID 2188 wrote to memory of 1772	2188	cmd.exe	fodhelper.exe
PID 2188 wrote to memory of 1772	2188	cmd.exe	fodhelper.exe
PID 1772 wrote to memory of 3648	1772	fodhelper.exe	wscript.exe
PID 1772 wrote to memory of 3648	1772	fodhelper.exe	wscript.exe
PID 3484 wrote to memory of 3828	3484	cmd.exe	fodhelper.exe
PID 3484 wrote to memory of 3828	3484	cmd.exe	fodhelper.exe
PID 3828 wrote to memory of 3904	3828	fodhelper.exe	wscript.exe
PID 3828 wrote to memory of 3904	3828	fodhelper.exe	wscript.exe
PID 4300 wrote to memory of 4772	4300	cmd.exe	fodhelper.exe
PID 4300 wrote to memory of 4772	4300	cmd.exe	fodhelper.exe
PID 4772 wrote to memory of 4676	4772	fodhelper.exe	wscript.exe
PID 4772 wrote to memory of 4676	4772	fodhelper.exe	wscript.exe

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Modifies extensions of user files
- Modifies registry class
PID:2256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
- Modifies registry class
PID:2268

C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
1⤵
- Modifies registry class
PID:2376
- C:\Windows\System32\cmd.exe
  /c fodhelper.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3484
- - C:\Windows\System32\fodhelper.exe
    fodhelper.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3828
  - - C:\Windows\system32\wscript.exe
      "wscript.exe" /B /E:VBScript.Encode ../../Users/Public/ehfufygcrb.now
      4⤵
      PID:3904

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3004
- C:\Windows\System32\WScript.exe
  C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\Temp\266f930572d3006c36ba7e97b4ffed107827decd7738a58c218e1ae5450fbe95.jse"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3880
- C:\Windows\System32\cmd.exe
  /c fodhelper.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2424
- - C:\Windows\System32\fodhelper.exe
    fodhelper.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3140
  - - C:\Windows\system32\wscript.exe
      "wscript.exe" /B /E:VBScript.Encode ../../Users/Public/uvycobolpoj.now
      4⤵
      PID:3892
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3004 -s 3328
  2⤵
  - Program crash
  PID:3024
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3004 -s 5376
  2⤵
  - Program crash
  PID:1144

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:3208
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3208 -s 148
  2⤵
  - Program crash
  PID:4564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Modifies registry class
PID:684

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3300

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3360

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3456

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
- Modifies registry class
PID:1096
- C:\Windows\System32\cmd.exe
  /c fodhelper.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3332
- - C:\Windows\System32\fodhelper.exe
    fodhelper.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2084
  - - C:\Windows\system32\wscript.exe
      "wscript.exe" /B /E:VBScript.Encode ../../Users/Public/uvycobolpoj.now
      4⤵
      PID:4968

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4620

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
1⤵
PID:2392

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
- Modifies registry class
PID:4960
- C:\Windows\System32\cmd.exe
  /c fodhelper.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4300
- - C:\Windows\System32\fodhelper.exe
    fodhelper.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4772
  - - C:\Windows\system32\wscript.exe
      "wscript.exe" /B /E:VBScript.Encode ../../Users/Public/dmiooruqdq.now
      4⤵
      PID:4676

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
- Modifies registry class
PID:3692
- C:\Windows\System32\cmd.exe
  /c fodhelper.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Windows\System32\fodhelper.exe
    fodhelper.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1772
  - - C:\Windows\system32\wscript.exe
      "wscript.exe" /B /E:VBScript.Encode ../../Users/Public/ehfufygcrb.now
      4⤵
      PID:3648

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 448 -p 3208 -ip 3208
1⤵
PID:1988

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3260

C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
1⤵
- Process spawned unexpected child process
- Modifies boot configuration data using bcdedit
PID:3992

C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
1⤵
- Process spawned unexpected child process
- Modifies boot configuration data using bcdedit
PID:3568

C:\Windows\system32\wbadmin.exe
wbadmin delete systemstatebackup -quiet
1⤵
- Process spawned unexpected child process
- Deletes System State backups
PID:3248

C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
1⤵
- Process spawned unexpected child process
- Deletes backup catalog
PID:3232

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3752

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:3868

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 540 -p 3004 -ip 3004
1⤵
PID:1380

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 3004 -ip 3004
1⤵
PID:4076

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3880

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4176

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

File Deletion

T1107

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\USERS\ADMIN\DESKTOP\CHECKPOINTTEST.PNG.LFQXDCB

Filesize
269KB

MD5
8466a3ed3a9f8b186e6a1d41b62f567a

SHA1
044b76a18868630819c143293370be64cf47bed2

SHA256
26d2aeaec96b888f31ef8392b19e433f688c2da190defd06093bcadde66c2596

SHA512
5687994927d2d16086851de3940c23f7ce0b205a385b5420d44d510133dfe206ff203f8ce18dc6052a47b34ce91c03be627f02e37eb7f74c361d32f9beacec07

Download Submit
C:\USERS\ADMIN\DESKTOP\COMPLETESPLIT.CRW.LFQXDCB

Filesize
492KB

MD5
8c04dafe9888690397ff720d4816c5d7

SHA1
c44ed6465acec1e941cd2429f77335e28a9b157b

SHA256
9cdde516f456e19cbfef8e36c4f8e62fc4a29ed8162386c7d55a14d77a8601f1

SHA512
510bed26d104cb03254c420d51cd8907c11e60394c2c965106565f9f85bb5b8af8204354d0c92d2a118b5c653c7559e48a17e333a04796dfc3158f22a6a5e02b

Download Submit
C:\USERS\ADMIN\DESKTOP\ENTERWRITE.MPEG.LFQXDCB

Filesize
455KB

MD5
88fa06fe28a4a1b4acbd9541d63b4014

SHA1
a19687fa8e567a2ff23be9e41b626e42f2454501

SHA256
f8fb7757c370ba1d2300075f1da9da2798fc9a916aab32a8b7690b56c8858a4e

SHA512
80d2f1d6c7bffea283ece600709049cad01e9270d14b831b9e3a42efcba2dddf6cd307aa79e75383413b78db0d38f5db754a13d87f8b889727ce6bf8f99ffa9d

Download Submit
C:\USERS\ADMIN\DESKTOP\LOCKGRANT.RTF.LFQXDCB

Filesize
306KB

MD5
a2ac37e8313b89099610af3e658738e3

SHA1
aeab4be771efaedff6755ab851987fbb16a866dc

SHA256
b6ff707f8bf6bcb3753640f759368ffe3191d73d2b5cbb4913f5277c039e1690

SHA512
245181555473d099fc7cfe71081a6074efd8414c163255aacd6d06959f1d6d83dbe236dd6ff7bfa75853588edf578cf82dab06f09a21176e06a40ecf682727a7

Download Submit
C:\USERS\ADMIN\DESKTOP\README.HTML

Filesize
18KB

MD5
4f093dd84f1e7a6180fd6cb3c22af2dc

SHA1
1353566bf1067f5193290b76b4c92bcd0a24d007

SHA256
fa55bbb874b9ca82f02742893b1877673ed57b5e22aae2d020d12e85296f00b9

SHA512
191b22ba7f5fe651c6d75d4be4a154ce1064b915675a3bc153f5948535a061e224c289a18aaa3b6e3c495388fb8e8ea26aad138d451559f63be3a347da3551fb

Download Submit
C:\USERS\ADMIN\DESKTOP\REPAIRWATCH.XLTM.LFQXDCB

Filesize
548KB

MD5
ae8f6360847cd6cd9284d41c1c691394

SHA1
613a6f23f7836e8807a1a4ddd599f4084168e5a4

SHA256
ef628006664c4b9d53b8a95498590beffc1cc9614adc6faa32c21ecb02fbd903

SHA512
8db92d67268c3921abb366bc6049c532c70a5e0eb41576dbb0329633e4ffcfac3b6d66692faba6a2b163656328583b53d88dd348c3181e5520372190ce78ca65

Download Submit
C:\USERS\ADMIN\DESKTOP\SUSPENDDISCONNECT.POTX.LFQXDCB

Filesize
362KB

MD5
dc5652e788d003b24f7e8d86f6cbfe4c

SHA1
7ef855a56b94f7d4c30da22aa23aa0050a5aee41

SHA256
58ac5bb998f3988192c2aa30c594bd8c2bd8515287e3dda079db7d7b16ef26f4

SHA512
37ec3588a4c6fd6ad64ba1341079c98160064181149cfdec7f75d2bd1ba36fd40bcba711d2a4d84a4dcaa0c4763e28345d9215c58423086aeb91986c7c6202e2

Download Submit
C:\USERS\ADMIN\DESKTOP\UNDOHIDE.VSTX.LFQXDCB

Filesize
195KB

MD5
5857593f67d28ea751fdbb03eafbfe6b

SHA1
e65fa6388a67d0d4e75467f97469f4f3f149c9a3

SHA256
e72bc48d96f7f9472540223b56934a26c5b562abb57adc5f82f167f5accbfc1e

SHA512
26de8b0ed9c3bffac11cffcf66104220302513ac156fcb6e5f9fac75bb8093254811ddbed589bd2ea2a00c8c43aedb2f21fa1ec9e0c6f6da3eaaa673896109dc

Download Submit
C:\USERS\ADMIN\DESKTOP\UNDOUPDATE.DOCX.LFQXDCB

Filesize
381KB

MD5
8acf1f12e294ad3497acef33a8060f6c

SHA1
7d268b29236c8b5260b32197fc9e970631413d1f

SHA256
257f2a45ecd53a6e1dd234b0af817d60d91228223909dc203402627c7bcedebb

SHA512
0028f74d29be8571cdb9d30c7c1fd8b6f33d19f3e2a5eef3fb6be0f6ed01ad9355116dba6862fd6023f6b1e91f487924c589f32515cf5484a89e902b3087226d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338388\142342d41ce347c0906ec0b34678cc85_1

Filesize
3KB

MD5
e23ba7e98051cbeaec2791cded337431

SHA1
188c3de3114e1eed2bfd329e4f38124b1af1a02f

SHA256
4c73a8058640191c5521ce64d1ecfb40baa8f00ce5749bb6dc3956798d5caac5

SHA512
80a919179278fdf3766815b6ecdf18978cb5df7a242e1e555430ff5461acf92579ac477c8fa33bdcf395643c6a78decf58c5064e43ff6afd580dfd5a4578c1e7

Download Submit
C:\Users\Public\uvycobolpoj.now

Filesize
880B

MD5
b190ff090537a6cd507870077a4a6160

SHA1
7d23d91564a6dcb298b03b122d0f4e329a4f29f4

SHA256
422626de7cbc0fb2c7c36fd85ae325b873270d027666fe47d9588cd81489c053

SHA512
a151b50cb3bc593b605c01e38d3c438dba472e3635f2ebf3646d1febe8deb2c74c997457cd3af51a7f528311f4c28f752b5ed7bac1b087b389d1368ebcf9978b

Download Submit
memory/1772-220-0x0000000000000000-mapping.dmp

Download
memory/2084-176-0x0000000000000000-mapping.dmp

Download
memory/2256-135-0x00000250DB140000-0x00000250DB14B000-memory.dmp

Filesize
44KB

Download
memory/3004-168-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-175-0x0000000007C20000-0x0000000007C30000-memory.dmp

Filesize
64KB

Download
memory/3004-162-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-163-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-164-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-165-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-166-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-167-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-160-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-169-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-170-0x0000000007C20000-0x0000000007C30000-memory.dmp

Filesize
64KB

Download
memory/3004-171-0x0000000007C20000-0x0000000007C30000-memory.dmp

Filesize
64KB

Download
memory/3004-172-0x0000000007C20000-0x0000000007C30000-memory.dmp

Filesize
64KB

Download
memory/3004-173-0x0000000007C20000-0x0000000007C30000-memory.dmp

Filesize
64KB

Download
memory/3004-174-0x0000000007C20000-0x0000000007C30000-memory.dmp

Filesize
64KB

Download
memory/3004-161-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-159-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-153-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-154-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-155-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-158-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-157-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3004-156-0x0000000007C00000-0x0000000007C10000-memory.dmp

Filesize
64KB

Download
memory/3140-178-0x0000000000000000-mapping.dmp

Download
memory/3648-221-0x0000000000000000-mapping.dmp

Download
memory/3828-222-0x0000000000000000-mapping.dmp

Download
memory/3880-132-0x00007FFE93F90000-0x00007FFE94A51000-memory.dmp

Filesize
10.8MB

Download
memory/3880-151-0x00007FFE93F90000-0x00007FFE94A51000-memory.dmp

Filesize
10.8MB

Download
memory/3880-147-0x000001D4CA060000-0x000001D4CB060000-memory.dmp

Filesize
16.0MB

Download
memory/3880-146-0x00007FFE93F90000-0x00007FFE94A51000-memory.dmp

Filesize
10.8MB

Download
memory/3880-134-0x000001D4CA060000-0x000001D4CB060000-memory.dmp

Filesize
16.0MB

Download
memory/3892-179-0x0000000000000000-mapping.dmp

Download
memory/3904-223-0x0000000000000000-mapping.dmp

Download
memory/4176-213-0x0000020B94D54000-0x0000020B94D58000-memory.dmp

Filesize
16KB

Download
memory/4176-207-0x0000020B92E20000-0x0000020B92E28000-memory.dmp

Filesize
32KB

Download
memory/4176-211-0x0000020B94D54000-0x0000020B94D58000-memory.dmp

Filesize
16KB

Download
memory/4176-210-0x0000020B94D54000-0x0000020B94D58000-memory.dmp

Filesize
16KB

Download
memory/4176-218-0x0000020B94D58000-0x0000020B94D5B000-memory.dmp

Filesize
12KB

Download
memory/4176-217-0x0000020B94D58000-0x0000020B94D5B000-memory.dmp

Filesize
12KB

Download
memory/4176-216-0x0000020B94D58000-0x0000020B94D5B000-memory.dmp

Filesize
12KB

Download
memory/4176-203-0x0000020B94D5B000-0x0000020B94D5E000-memory.dmp

Filesize
12KB

Download
memory/4176-212-0x0000020B94D54000-0x0000020B94D58000-memory.dmp

Filesize
16KB

Download
memory/4176-205-0x0000020B94D5B000-0x0000020B94D5E000-memory.dmp

Filesize
12KB

Download
memory/4176-208-0x0000020BA5C30000-0x0000020BA5D30000-memory.dmp

Filesize
1024KB

Download
memory/4176-209-0x0000020B94D54000-0x0000020B94D58000-memory.dmp

Filesize
16KB

Download
memory/4176-202-0x0000020B94D5B000-0x0000020B94D5E000-memory.dmp

Filesize
12KB

Download
memory/4176-197-0x0000020B93B60000-0x0000020B93B80000-memory.dmp

Filesize
128KB

Download
memory/4176-204-0x0000020B94D5B000-0x0000020B94D5E000-memory.dmp

Filesize
12KB

Download
memory/4676-225-0x0000000000000000-mapping.dmp

Download
memory/4772-224-0x0000000000000000-mapping.dmp

Download
memory/4968-177-0x0000000000000000-mapping.dmp

Download