Malware Analysis Report

2025-01-02 15:03

Sample ID 201025-az9vhsl5lj
Target 828dcdae96bf3729e803d09bdcb637d5
SHA256 33f51bc65501f737c3411ddc0645a26b0777c912bf6b66a62e8cf7b433d04e9b
Tags
ransomware cerber persistence spyware evasion trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

33f51bc65501f737c3411ddc0645a26b0777c912bf6b66a62e8cf7b433d04e9b

Threat Level: Known bad

The file 828dcdae96bf3729e803d09bdcb637d5 was found to be: Known bad.

Malicious Activity Summary

ransomware cerber persistence spyware evasion trojan

Cerber

Deletes shadow copies

Modifies extensions of user files

Checks computer location settings

Reads user/profile data of web browsers

Deletes itself

Checks whether UAC is enabled

JavaScript code in executable

Sets desktop wallpaper using registry

Modifies service

Drops file in Windows directory

Drops file in Program Files directory

Suspicious use of FindShellTrayWindow

Runs ping.exe

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

Modifies Control Panel

Suspicious behavior: MapViewOfSection

Kills process with taskkill

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2020-10-25 20:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2020-10-25 20:06

Reported

2020-10-25 22:06

Platform

win7

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe"

Signatures

Cerber

ransomware cerber

Deletes shadow copies

ransomware

Modifies extensions of user files

ransomware
Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\RevokeUse.tiff C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A

Reads user/profile data of web browsers

spyware

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A

JavaScript code in executable

Description Indicator Process Target
N/A N/A N/A N/A

Modifies service

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5} C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer C:\Windows\system32\vssvc.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpB47.bmp" C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# HELP DECRYPT #.txt C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# HELP DECRYPT #.url C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# HELP DECRYPT #.html C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0dba3801aabd601 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b530accd206940bf4cc3274d3cd52500000000020000000000106600000001000020000000111fa0670c8a7b379808fcb3a7f55a339e42537ff1588e1b03f4b81c3f6b2aa3000000000e8000000002000020000000646d4548a14dfd07f0f2972207839eaaab4114a135c26f8cee94ae8bfc335c0220000000aa6bb08c18d31dd4e7676621005538fa00b716512e1b0b760a43ffdf028aedfb400000004c03e814600f58257657242ce4544ee3b561f2a72028f41681b49b26ef793a38a34ca007517fab3a1f393ee1aa6590fee37e4982dd11912b71194b512b832889 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA879BD1-170D-11EB-B0B6-F6459340E2F6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA4E7AD1-170D-11EB-B0B6-F6459340E2F6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b530accd206940bf4cc3274d3cd5250000000002000000000010660000000100002000000084d0a51ef0851bdb2966ae3deaeaf3bf37193317e0f1a4244a21a1bcff1eb02e000000000e8000000002000020000000cb1110e5a13150741582845c28584dbdb17f5225dd1c0e57d15becc637f24833900000004e7a630da82c04306961a980573c0832e8719e65db2481892d9c89f598486fc17e5742dd7da504f8f2bf42fb5c69f0aa982b3bf721834961d61f1223c328a3b59e7431195fcbb5c5fa638759c76b3f0fc40a6a67bc34e48605cb9f0811da1bf7ce4891047c1c6c69a800740242b617dda3332856e9cb35daa1f786f545a900b0b4b66834c8b04545edf474759d5d548440000000651d4507372816f042bdc329a007805280fbd29b24261af71af70f4237bd00b64e79a78d56066ca548953014cbc00d684953efbdea2126e930755bb9e55b7496 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1896 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 1896 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 1896 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 1896 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 1652 wrote to memory of 1612 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 1652 wrote to memory of 1612 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 1652 wrote to memory of 1612 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 1896 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1896 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1896 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1896 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1896 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\NOTEPAD.EXE
PID 1896 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\NOTEPAD.EXE
PID 1896 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\NOTEPAD.EXE
PID 1896 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\NOTEPAD.EXE
PID 676 wrote to memory of 1976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 676 wrote to memory of 1976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 676 wrote to memory of 1976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 676 wrote to memory of 1976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 380 wrote to memory of 1312 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 380 wrote to memory of 1312 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 380 wrote to memory of 1312 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 380 wrote to memory of 1312 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1896 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 1896 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 1896 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 1896 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 996 wrote to memory of 1556 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 996 wrote to memory of 1556 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 996 wrote to memory of 1556 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 996 wrote to memory of 872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 996 wrote to memory of 872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 996 wrote to memory of 872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe

"C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x58c

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\# HELP DECRYPT #.html

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# HELP DECRYPT #.txt

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:676 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:380 CREDAT:275457 /prefetch:2

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "828dcdae96bf3729e803d09bdcb637d5.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 8.8.8.8:53 go.microsoft.com udp
N/A 8.8.8.8:53 6liso4fbnupevqsn.onion.to udp
N/A 185.100.85.150:80 6liso4fbnupevqsn.onion.to tcp
N/A 185.100.85.150:80 6liso4fbnupevqsn.onion.to tcp
N/A 185.100.85.150:80 6liso4fbnupevqsn.onion.to tcp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 api.blockcypher.com udp
N/A 104.20.20.251:80 api.blockcypher.com tcp
N/A 104.20.20.251:80 api.blockcypher.com tcp
N/A 8.8.8.8:53 chain.so udp
N/A 104.24.104.254:443 chain.so tcp
N/A 104.24.104.254:443 chain.so tcp
N/A 8.8.8.8:53 sochain.com udp
N/A 172.67.69.167:443 sochain.com tcp
N/A 172.67.69.167:443 sochain.com tcp
N/A 8.8.8.8:53 crl.verisign.com udp
N/A 72.21.91.29:80 crl.verisign.com tcp

Files

memory/1652-0-0x0000000000000000-mapping.dmp

memory/1612-1-0x0000000000000000-mapping.dmp

memory/548-2-0x000007FEF72A0000-0x000007FEF751A000-memory.dmp

memory/676-4-0x0000000000000000-mapping.dmp

memory/1880-5-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# HELP DECRYPT #.txt

MD5 f75488d73b9c32a41ba7b904ec71e359
SHA1 16959ba629b4a5038f36ad161636a662b1cf0ce5
SHA256 131c0dc49487940d02c731c4adbb81e1413609000d276cdd2dc28ee2fb782933
SHA512 9122173aa6909776ba3a8dd60726995b0f6084c96fd4f8dd5860d875a197246abab73acf9b3affe867c8bee1ec1a43b9080e831fa3d7dde7c70b4d91d5a2d8c9

memory/1976-7-0x0000000000000000-mapping.dmp

memory/1312-8-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# HELP DECRYPT #.html

MD5 12359011e7e6fbe6a95f60d608b25007
SHA1 93a74f1ce782440535362fc49751c72ae480d467
SHA256 22ca10f5b78108b8a6977f4c4373325a4b95459c5a31a87a9e0425cfbd8d9367
SHA512 98c7bb9940e995145a41c37f8f83b916eeff174d2f843df71bfc4c9a00bee46facdd446e4519e38ee8a4cc1c152a67910be03213b0792541feebb67bfabd439d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BA4E7AD1-170D-11EB-B0B6-F6459340E2F6}.dat

MD5 9bf8aaabfd5ef4ecaa10f6638d64f091
SHA1 5a7d1ef1902e975aaf17fd7be08bffba1c5c9705
SHA256 e1f20b7b1b46ab9801c58a8ee6a540f84c98fafcc7a020b75b9b4adc3291ed06
SHA512 36d069f05415629837be5456241b800b8ed7b1a04014db9f316faa5fcb6c59edd880b1b587300ce6a9c5662bbe44b152a4b7308096984cbb0b1d5335114ba4c8

C:\Users\Admin\Desktop\# HELP DECRYPT #.url

MD5 7a18bfe7958ad5b1b45eb76ae6e019fe
SHA1 6929e760ffa8ae834442c00b65bb31ce233a0deb
SHA256 14c765656de82e37f13398c78e8277285b539b875a6860d137ec386149fecf28
SHA512 0178f0a7fb64d1523f65d96ce4f87c697e7b1eb20c87048fae3fd5c702f76209e5876efca919972c9e6dccd67f3dcfda207bd471190ea882d3af59147ffdb985

memory/996-15-0x0000000000000000-mapping.dmp

memory/1556-16-0x0000000000000000-mapping.dmp

memory/872-17-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2020-10-25 20:06

Reported

2020-10-25 22:06

Platform

win10

Max time kernel

150s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe"

Signatures

Cerber

ransomware cerber

Deletes shadow copies

ransomware

Modifies extensions of user files

ransomware
Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\EnterSync.tiff C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A

Reads user/profile data of web browsers

spyware

JavaScript code in executable

Description Indicator Process Target
N/A N/A N/A N/A

Modifies service

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5} C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer C:\Windows\system32\vssvc.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp521.bmp" C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000\Control Panel\Colors C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{23A133A2-161B-4D7F-BA2F-C7E9C4D7DDA0} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 21025f831aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 283e5a831aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "{0AE1F262-1B59-44A7-98C7-6BE652E01085}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "5" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\UUID = "{4589FB23-6216-4A53-AD3E-CB10E8560788}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1b3b63991aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = a07f51ce8fc1d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3457867f1aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000eb8e6fa3035e8f64a50c77018cac5ac11bc98fd7677f400690386e8d147995489273be4508505720ab5681c0b726e06d31f305eea6fc79cfca7e C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000005208063ecc4d40f944297712af92d1ebb262b59fa0ce6077e1f6c9bc273afc535a3c0cb2b7d117dfaa3db22b9f032ec567698c676d24da109b85 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DontShowMeThisDialogAgain C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 292966831aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersi = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\TypedUrlsComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 4739dc3b31a9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8eb9e8911aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000190ec1307918eddfdf3447a4b22a8e9da966e96abe5eb7f28e725ef958432682faadf76c76da5bcc3010e003ff3ab8fda656470b402f912080218b4fb3d53cb3de1596c06e41ea95eafb1eef841732a050df1a3c7d34ef60ee316bb46445d33913e706a0956cdfe21298c56acae1699165a13e99948e85ab074337dfaeb1620cb9c11ccc987d7484fb851031d2b8c3724d3c6547dc5d866a46f53502513bc045204542f02e931f99d8643d52ecbc91c60650b31c61c2090764e8bc24fa011a0dbe1166d205ce4d027cd4c1bd840dbd075c7dfc562adb15c452bcf28b7725ba60c0c60210b24d0b29b174220fafcbed9044630fdfb4c92feda7115737cec5d39f5905a06eb83232119be6c24086164c579da11f25c6ac8550e0877a6b210309eeef6cf3b7e99cf6c024c9401d990e7671b8d9ec8137a5530e96be4649bdfd4e64169dcb2875ab4bef98bc8e2163d4206fdeaaec2ed8d24cb26d57577d15d5850cb7365b725f7f5210de61286f7186f885c0b459cdb15420a235f056f69ca908ba8ad81444ad3732a35857a6cc6f45b9828f97897d124c72da266e63da2ec9e0ec5313984a9391 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 0100000020e0ba63627ede18a26f464af537c625e00a90dd160e07cb7f9014a94d65c42ce9d29bd409c6105fba38b0a9bcfc647c435ca65d4b3a961f75ac230fd032911fc40a0792b13ef848a46efed1863dc35e0efa1f42538c928bbd20 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6810dd7e1aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = e019cc911aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = e03fefe34cabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 4739dc3b31a9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c4e1d0911aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 15210f7f1aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\FontSize = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 4739dc3b31a9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "7pmrycp" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 55844f7f1aabd601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming\ChangeUnitGenerationNeeded = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar\WebBrowser C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = 4739dc3b31a9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3840 wrote to memory of 200 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 3840 wrote to memory of 200 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 200 wrote to memory of 3628 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 200 wrote to memory of 3628 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 3840 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\NOTEPAD.EXE
PID 3840 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\NOTEPAD.EXE
PID 3840 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 3840 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe C:\Windows\system32\cmd.exe
PID 1556 wrote to memory of 976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1556 wrote to memory of 976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1556 wrote to memory of 4244 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1556 wrote to memory of 4244 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 2024 wrote to memory of 4060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4124 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2024 wrote to memory of 4124 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe

"C:\Users\Admin\AppData\Local\Temp\828dcdae96bf3729e803d09bdcb637d5.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3b0

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# HELP DECRYPT #.txt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\taskkill.exe

taskkill /f /im "828dcdae96bf3729e803d09bdcb637d5.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 8.8.8.8:53 6liso4fbnupevqsn.onion.to udp
N/A 185.100.85.150:80 6liso4fbnupevqsn.onion.to tcp
N/A 185.100.85.150:80 6liso4fbnupevqsn.onion.to tcp
N/A 185.100.85.150:80 6liso4fbnupevqsn.onion.to tcp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 api.blockcypher.com udp
N/A 172.67.2.88:80 api.blockcypher.com tcp
N/A 172.67.2.88:80 api.blockcypher.com tcp
N/A 8.8.8.8:53 chain.so udp
N/A 104.24.104.254:443 chain.so tcp
N/A 104.24.104.254:443 chain.so tcp
N/A 8.8.8.8:53 6liso4fbnupevqsn.onion.to udp
N/A 8.238.23.254:80 ctldl.windowsupdate.com tcp
N/A 8.238.23.254:80 ctldl.windowsupdate.com tcp
N/A 93.184.220.29:80 ocsp.digicert.com tcp
N/A 8.8.8.8:53 iecvlist.microsoft.com udp
N/A 72.21.81.200:443 iecvlist.microsoft.com tcp
N/A 8.238.23.254:80 ctldl.windowsupdate.com tcp

Files

memory/200-0-0x0000000000000000-mapping.dmp

memory/3628-1-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# HELP DECRYPT #.html

MD5 6910f71b0d6b3670eec1065d9d9e6787
SHA1 0b74c428207c8179f4b5f3104be9548509b8580b
SHA256 916dba1575a1dad0b0c2e2d1e240185f5f704383c93ab86fed936f5c47c9549d
SHA512 c9b663e170c15f2ac071904b114b6d4c40a84ebb8ba254c2d6d26ac5082ac74a71429b1a61e7f9acfd5e396bdd560b381299585b1519334e5958589410726bc1

memory/1464-8-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# HELP DECRYPT #.txt

MD5 3a715036e1b3d40e65e61981729be55f
SHA1 e2c9ec53a4f8d78c5dcddbd60ff2f43541ef6a34
SHA256 667b655970d15f768837587afefac611b98ae9bf8aa6fb4b3b47f86e2a14e4bc
SHA512 88118d10b57438f30882c27d783884735f27983820acfa4e96a03b9540255cecef6aa6e046662fddb8e267d079679809f1b23314d7d01027615f332422bf69d8

memory/1556-14-0x0000000000000000-mapping.dmp

memory/976-15-0x0000000000000000-mapping.dmp

memory/4244-16-0x0000000000000000-mapping.dmp